Recent searches
Search options
Administered by:
Wow, after today I think I need to write a paper about security theater and how universities built on a hodgepodge of SaaS create a bunch of bullshit labor without being remotely secure or usable
@jonny Personally, I hate #SecurityTheater so much that I maliciously comply by subverting it or most of the time refuse to do this kind of bs and rather quit than follow dedignifying bs.
@kkarhan you and me both. this all started with me trying not to use Outlook
@jonny I literally rather pay €10 p.a. for the #Owl #AddOn on @mozilla #Thunderbird and bill that to said org rather than having to deal with shit like #Outlook.
Also I demand that basic standards like #IMAP & #SMTP as well as #CalDAV & #CardDAV be offered instead of bs like #MAPI which is a shitty protocol that should be illegal alongside #OOXML & #XPS...
@kkarhan @mozilla literally my initial ticket was like "ok owl lets me log in and read email until you invalidate my session and make it silently fail for lack of 2FA, so here are the links to the Microsoft docs describing how to turn on IMAP and SMTP for a single account and can you please do that."
The "random assortment of SaaS" model of infrastructure makes so much more labor than it saves I swear, it just makes most of it invisible or turns it into jobs that just accommodate the boundary conditions of the jagged fuckapelago of SaaS
@kkarhan@mstdn.social@jonny yeah.
I mean that shit is just arsenine and it's completely possible to provide you with #IMAP + #SMTP with a few clicks within #Exchange - regardless if #SelfHosted, #Managed by some #ServiceProvider or directly from #Microsoft.
@kkarhan
but it's a MeDiCaL sChOoL and so security is only possible if you lock down every possible action and create an extremely brittle outer perimeter, inside which it is possible for anyone to view the entire prod employee database from a link sent to you in an email from IT in response to your ticket about how their ticket submission page exposes a full list of all employees including full names and email addresses and a real-time ticker of who is active and logged in at any given moment.
@kkarhan
I cannot believe that sentence is an accurate description of what happened today. It is a literally unbelievable sentence.
@jonny I'd disclose this to them as a random security finding and threaten to go public if they refuse to fix it within 90 days and/or respond within 7 days...
Plus telling them that their security sucks and they rather provide you with that IMAP + SMTP instead of inventing excuses before you'll be forced to circumvent that 2FA.
But that's just what I'd say - don't take this as #LifeAdvice.
@kkarhan too late on the public part, but I have reported it lmao. I refrained from holding the database hostage in order to not use Outlook, but I mean I will be talking to them about the ways their security policies don't actually make the system more secure and part of that is not incentivizing people to punch holes without reporting them
https://neuromatch.social/@jonny/109793164354584203
@jonny yeah, bs get's my blood boiling - espechally when it insults my intellect.
Cuz if people don't trust me as linux-sysadmin to do my job well and to exercise proper #ITsec, #InfoSec, #OpSec & #ComSec then they should just be upfront about it so I can go and find an employer that doesn't cowardly hide their distrust and instead rewards initiative and my security-first practised IT skills with leeway to the most legally possible extent.
@jonny
After all I not only comply with every reasonable demand and norm, but exceed them.
Demanding from me to use shitty govware that can't comply with BDSG & GDPR no matter the configuration is a "can't do & won't do" for me!
@jonny You know I do my job so well I can't even provide anyone with passwords or codes to access anything at my fmr. employers even if held at gunpoint and willing to do so [which I'm not but for the sake of argument assume it]...
Cuz I do full disk encryption and use a proper password manager.
@kkarhan see you sound like someone who actually knows what they're doing. I am just like I barely know what I'm doing but i know what sucks and it's this.