Hacker News new | ask | show | jobs
by flir 5 days ago
My org (or rather, the org they pay to run their IT) blocked browser plugins with a security justification.

I find this incredibly amusing, and at a different point in my life I'd already be gone.

When you outsource IT, there are many, many misaligned incentives.
3 comments
remus 5 days ago
> I find this incredibly amusing, and at a different point in my life I'd already be gone.

How so? Bad actors buying existing extensions with large user bases then publishing a new version which does bad stuff is a pretty common pattern. It certainy seems like a reasonable concern for a corp IT department.

link
michaelt 5 days ago
99% of security experts I know use ad blockers.

When there are unpatched browser vulnerabilities, attackers will use ad networks to inject attack code into reputable-but-ad-laden websites. And even when there aren't unpatched vulnerabilities out there, many ad networks will happily accept scam ads, ads that trick people into downloading malware, fake download buttons and suchlike.

link
radley 5 days ago
> 99% of security experts I know use ad blockers.

But if they all use Chrome, wouldn't those be really weak ad blockers?

link
xnx 4 days ago
This is a common myth. I've used uBlock Origin Lite for months (a year?) and still see zero ads.

I'm extremely intolerant to ads, so I would leave Chrome if ad blocking stopped working.

link
michaelmrose 2 days ago
Adblocking is an arms race. Google is handicapping adblocking progressively the fact that it doesn't take one day to achieve absolutely doesn't make it a myth. Adblocking is technically worse and the more locked down our environments are the easier it will be to kill or drastically reduce it.

If everyone had the same attitude this would probably already be the case.

link
froggit 4 days ago
> 99% of security experts I know use ad blockers.

100% of security experts I know find ads annoying and know ad blockers reduce how many they see.

link
nazgul17 5 days ago
Not GP, but I think the point was that no extensions => no ad blockers => major malware vehicle unlockable, short of disabling JS
link
flir 4 days ago
Bingo.

I figure they had a switch they could toggle and they thought no further about the tradeoffs. Because their primary concern is their own liability, not what's best for the org their contract is with.

link
radley 5 days ago
> My org (or rather, the org they pay to run their IT) blocked browser plugins with a security justification.

Same here, but only on Chrome. Firefox works fine.

link
LtWorf 4 days ago
Have they blocked vscode? I think any organisation that lets people use vscode, might just as well people do whatever they want.
link
flir 4 days ago
Nope :)
link