Conversation

Notices

1. Embed this notice
   Quixoticgeek (quixoticgeek@social.v.st)'s status on Tuesday, 07-Jan-2025 17:05:11 JST Quixoticgeek

   Given the way so many companies act with the emails they send out, how can we think anything negative about anyone who falls for a phishing scam ?!?!

   I may have just had yet another false positive on an email, but I'd rather hundreds of false positives than a single false negative.

   Esp when that email is about SSO integration with our AD.

   • Rich Felker repeated this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 07-Jan-2025 17:05:57 JST Rich Felker

     in reply to

     @quixoticgeek Forward them all to security department's address to report phishing and embarrass the dumbasses who sent them.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 07-Jan-2025 17:26:40 JST Rich Felker

     in reply to

     • Trammell Hudson

     @th @quixoticgeek Uhg I so utterly despise this antipattern of "you have a confidential message and because we don't trust that you trust your email, we insist you open a link we control, where we can spy on when you read it, retroactively change the contents and claim to have evidence you read something different fron what you read, and delete it out fron under you any time we want".

     Not to mention the phishing aspect.

     There needs to be regulation to make this practice outright illegal.

     Even just strongly worded guidelines against it from trusted security institutions would be a start tho.

   • Embed this notice
     Trammell Hudson (th@social.v.st)'s status on Tuesday, 07-Jan-2025 17:26:42 JST Trammell Hudson

     in reply to

     @quixoticgeek I ran a poll about this one and most responses were certain it was phishing, but somehow it was real and BoA is really that clueless.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 07-Jan-2025 17:37:06 JST Rich Felker

     in reply to

     • Trammell Hudson

     @th @quixoticgeek If there's a legal confidentiality requirement, give the user the option at the time of enrollment for online document delivery to affirm that they deem their email confidential delivery and waive any right to challenge that later, and if they don't, have the email always offer opt-in to that later, and the alternative delivery service always offer a saveable PDF and clear instructions to save it.

     If not, always email the full contents.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 07-Jan-2025 23:25:25 JST Rich Felker

     in reply to

     • Jean-Baptiste "JBQ" Quéru

     @jbqueru Not talking about a consultant hired by these clowns but governmental & private orgs that make industry recommendations.

   • Embed this notice
     Jean-Baptiste "JBQ" Quéru (jbqueru@fosstodon.org)'s status on Tuesday, 07-Jan-2025 23:25:26 JST Jean-Baptiste "JBQ" Quéru

     in reply to

     • Rich Felker

     @dalias No security consulant will ever be able to charge as much for saying "your system is secure enough as it is" as for saying "your system needs a lot of security improvements." Especially since they'll be able to reject liability in case they make recommendations that end up not being implemented, no matter whether those are practical or cost-effective.