Dragonish7767@sh.itjust.workstoPiracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.com•Love devs' attitude towards piracy, TruePianos v1.9.8 (audio VSTi plugin)English
42·
11 months agoWell op said “colleague” rather than friend, which I point out only because that is presumably why they made the connection to work.They’re referring to using pirated software at work, which could introduce ransomware without you knowing it. Ransomware can remain dormant for extended periods of time, giving it a better chance to evade security controls and spread to other machines.
Haha okay infosec engineer here… I think this blurb is hard to read maybe a little because you wrote it high and maybe a little because you’re overestimating what the average person knows about security.
Your first paragraph there makes sense but it would’ve definitely benefited from a little additional explanation. I don’t think it was super clear you were referring to an insider threat scenario. People probably could’ve got that by breaking it down a little more, but naturally they jumped to the next part hoping for more context.
But you jumped into a hypothetical alternative means to introduce ransomware to a device. And it’s not necessarily that people don’t know plugging in strange thumb drives is bad, as you suggested in another comment. It’s the jargon (maybe not really jargon but thats the best word that came to mind) you used. You talked about a lot of things a bad actor would do, but the average Joe does not know why you’d be doing most of those things. And even if they do it’s still not going to make much sense if they didn’t grasp what you were saying in the first paragraph.
But ultimately yes, what you said does make sense if you have some Security knowledge (at least a bit more than just basic awareness training) and break down what you’re first paragraph is trying to say.