What are You Working on Wednesday
from shellsharks@infosec.pub to cybersecurity@infosec.pub on 20 Sep 2023 12:48

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.


threaded - newest

NonDollarCurrency@monero.town on 20 Sep 2023 12:54 next collapse

Weak active directory password auditing. Going to be great fun for service desk once the forced password change occurs.

psudojo@infosec.pub on 20 Sep 2023 13:03 next collapse

Future proofing an A1278 MacBook with Nix, Stow, & ClamAv, pray for me

shellsharks@infosec.pub on 25 Sep 2023 10:37 collapse

Rather than Google it, can you ELI5 what you’re using Stow for? =)

psudojo@infosec.pub on 26 Sep 2023 19:09 collapse

I’m using stow to organize my dot files

floofloof@lemmy.ca on 20 Sep 2023 13:24 next collapse

Upgrading an authentication system to hash passwords with Argon2.

alex_02@infosec.pub on 20 Sep 2023 14:58 next collapse

Going to finish current project and maybe fix somethings in other code. I have several things going on today as well, but should be interesting.

Wisens@discuss.tchncs.de on 20 Sep 2023 16:17 collapse

I’m writing QA tests to test an improved user experience with one of our security tools.

I’ve worked on security teams that live by security first and user experience a distant second or third priority. We as security still have to keep in mind that if business processes break, or if the user experience is too poor, then leadership and users will do everything they can to circumvent or get exceptions for the control.

What do you folks think about balancing user experience with security?

0xD@infosec.pub on 25 Sep 2023 07:03 next collapse

If you add any specific measure I could comment on that, but generally I think that user experience must be taken into account up to a point. You won’t disable 2FA so they don’t have to get their phone, but you implement it with SSO so logging in once is sufficient.

Power users such as admins on the other hand should be able to understand and use higher security measures such as 2FA for every administrative login.

shellsharks@infosec.pub on 25 Sep 2023 10:38 collapse

If your UX is bad in favor of better security, your users will tend to find ways to circumvent your security haha. So good thing to keep in mind.