They used to just hit http://localhost/:<various ports>/cc.png which connected to your Creative Cloud app directly, but then Chrome started blocking Local Network Access, so they had to do this hosts file hack instead.
Ok but adobe what if you didn’t portscan me either, please.
deleted by creator
If those data feeds were mostly generated from gmail inboxes, then they’d naturally never see messages already caught by google, skewing the data. This reads like marketing.
Depending on your field, your business may already have a cybersecurity department. There’s an endless parade of thankless grunt work to be done like patching (often after hours), following up with users whose machines didn’t patch for whatever reason, and so on. (With your manager’s permission) you may be able to reach out to them and volunteer to help with some of those tasks, as a way to dip a toe into that world and start learning.
Spent some time looking for ideas on how to do a security training (compliance requirement) that didn’t suck. Cribbing from some reddit posts, I think I’m going to give everyone a notecard with something like “Is Bob Bobson a client here”, have them pair up, and do a little phone conversation roleplay where one person is a visher trying to trick the other into revealing the piece of information, while the other person gets practice saying “No.” Seemed like a good way to let the staff dip a toe into thinking like an attacker.
Yeah to be clear, I do not recommend my method and I don’t think it’s a good allocation of mental resources. I’m just stubborn :P
FWIW, I use Diceware for password generation; it’s good at making memorable yet still random passphrases.
The prospect of putting all my passwords in one big juicy target has always made me nervous. I go to great lengths to just memorize everything, but damn if it doesn’t take a toll.
Please tell me you have backups of that flash drive
“Matrix” is a pretty difficult-to-search name. What is it? Federated IRC?
Pretty normal for us over here
Had to invoke our Data Transmission policy’s AI clause for the first time
Well, no one else comments in these threads, might as well.
Every email client I can think of off the top of my head blocks images by default. And I don’t see how that relates to your criticism of the whole idea of anti-phishing training
Clicking the link hypothetically confirms to the spammer that yours is a valid and monitored email address, and that you’re a sucker suitable for more targeted phishing.
Of course, it seems like every random user will also happily type their password into any text box that asks for it, too.
One time I failed a phishing test because I did a message trace and confirmed that it originated from our own internal servers.
Nuthin, furloughed.
Inventory management. Can’t secure what you can’t see etc
There are probably legitimate uses out there for gen AI, but all the money people have such a hard-on for the unethical uses that now it’s impossible for me to hear about AI without an automatic “ugggghhhhh” reaction.
A friend’s MSP got wiped off the map by this, we think. Not just exploited in the wild but, apparently, easy enough that random vandal kiddies are playing with it