Socsa@sh.itjust.works
on 29 Apr 13:45
nextcollapse
Honestly I can see this being the worlk of someone who had to deal with one of those stupid fucking online interview code tests which require crazy screen monitoring permissions. What a better way to kill off that trend entirely than to make the very practice an active cyber-security risk?
Accelerationism is a very difficult thing to defend, though mostly because the evil shits of the world will keep pushing once most people wake up to how shitty everything is. Helping them to make things shitty is quite directly only helping shitheads further their goals.
HackerJoe@sh.itjust.works
on 30 Apr 18:48
nextcollapse
Shit like that would run in a VM. At 640x480 in 16 colors with the max font size and cursor trails.
sugar_in_your_tea@sh.itjust.works
on 01 May 15:29
collapse
My company has a strict policy against take home coding challenges. If we want to see you code, we’ll do the challenge live, open book (just tell us what you’re looking up).
Bad candidates cheat on those tests, and good candidates don’t have the patience, so they’re worthless. If you’re applying for a job and they have a take home coding challenge, your time is probably better spent elsewhere.
circuscritic@lemmy.ca
on 29 Apr 14:48
nextcollapse
They don’t say who was targeted, but I bet this is a backdoor way to infiltrate specific projects. So if they have a list of 163 projects they see a benefit in gaining some sort of access to, they then compile a target list from the relevant developers/contributors to all of those projects, and go from there.
This isn’t the type of campaign that can be spammed to anyone and everyone both due to logistics and to minimize exposure of the tools being used.
A lot of tech people are getting laid off and looking for jobs. This makes them susceptible to social engineering efforts like this.
In the last two weeks I’ve been getting multiple unsolicited text messages saying they have reviewed my resume and have a job that would be perfect. Of course, there’s a link to follow.
If I sent someone a message like that, if they DID click on it, that would be an automatic disqualification on grounds of infosec dumbassery.
Be careful out there.
sugar_in_your_tea@sh.itjust.works
on 01 May 15:22
collapse
Huh, that’s an interesting way to potentially vet candidates for a sec job: throw a phishing link into a recruiting email (convincing email, sketchy link). If their email matches an application, reject the candidate. Include info about an actual position in the email, and if they report it, give them an interview.
threaded - newest
Honestly I can see this being the worlk of someone who had to deal with one of those stupid fucking online interview code tests which require crazy screen monitoring permissions. What a better way to kill off that trend entirely than to make the very practice an active cyber-security risk?
Accelerationism is a very difficult thing to defend, though mostly because the evil shits of the world will keep pushing once most people wake up to how shitty everything is. Helping them to make things shitty is quite directly only helping shitheads further their goals.
Shit like that would run in a VM. At 640x480 in 16 colors with the max font size and cursor trails.
My company has a strict policy against take home coding challenges. If we want to see you code, we’ll do the challenge live, open book (just tell us what you’re looking up).
Bad candidates cheat on those tests, and good candidates don’t have the patience, so they’re worthless. If you’re applying for a job and they have a take home coding challenge, your time is probably better spent elsewhere.
They don’t say who was targeted, but I bet this is a backdoor way to infiltrate specific projects. So if they have a list of 163 projects they see a benefit in gaining some sort of access to, they then compile a target list from the relevant developers/contributors to all of those projects, and go from there.
This isn’t the type of campaign that can be spammed to anyone and everyone both due to logistics and to minimize exposure of the tools being used.
.
Job finding is getting abstract to this point. Imagine to having an interview only to get a RAT.
A lot of tech people are getting laid off and looking for jobs. This makes them susceptible to social engineering efforts like this.
In the last two weeks I’ve been getting multiple unsolicited text messages saying they have reviewed my resume and have a job that would be perfect. Of course, there’s a link to follow.
If I sent someone a message like that, if they DID click on it, that would be an automatic disqualification on grounds of infosec dumbassery.
Be careful out there.
Huh, that’s an interesting way to potentially vet candidates for a sec job: throw a phishing link into a recruiting email (convincing email, sketchy link). If their email matches an application, reject the candidate. Include info about an actual position in the email, and if they report it, give them an interview.