Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/dalias/statuses/116211644160865281">Rich Felker (dalias@hachyderm.io)'s status on Thursday, 12-Mar-2026 02:09:28 JST</a><a href="https://hachyderm.io/@dalias" title="dalias@hachyderm.io"><img src="https://gnusocial.jp/avatar/40873-48-20221207231635.webp" width="48" height="48" alt="Rich Felker" style="position: absolute; left: 0; top: 0;">Rich Felker</a><div><a href="https://hachyderm.io/@dalias/116211627209898537" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/294665" title="dusk@todon.eu">Dusk to Don :raccoon:</a></li></ul></div></section><article><p><a href="https://todon.eu/@dusk">@dusk</a> <a href="https://infosec.exchange/@briankrebs">@briankrebs</a> As for company-owned devices, provision them centrally but don't leave backdoor access. Use encryption at rest to protect against theft rather than relying on ability to wipe after-the-fact (which won't work anyway if the thief is competent and wants the data). Expect devices to be returned upon leaving the company or for service/overhaul, or if you want to do it remotely, set it up so the user has to initiate the listening process to give you control rather than having an ambient backdoor.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/6227926#notice-12274839">In conversation</a><time datetime="2026-03-12T02:09:28+09:00" title="Thursday, 12-Mar-2026 02:09:28 JST">about 13 days ago</time> <span>from <span><a href="https://hachyderm.io/@dalias/116211644160865281" rel="external" title="Sent from hachyderm.io via ActivityPub">hachyderm.io</a></span></span><a href="https://hachyderm.io/@dalias/116211644160865281">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 12-Mar-2026 02:09:28 JSTRich Felker
in reply to
- BrianKrebs
- Dusk to Don :raccoon:
@dusk @briankrebs As for company-owned devices, provision them centrally but don't leave backdoor access. Use encryption at rest to protect against theft rather than relying on ability to wipe after-the-fact (which won't work anyway if the thief is competent and wants the data). Expect devices to be returned upon leaving the company or for service/overhaul, or if you want to do it remotely, set it up so the user has to initiate the listening process to give you control rather than having an ambient backdoor.
In conversationabout 13 days ago from hachyderm.iopermalink

Public

Embed Notice

HTML Code

Corresponding Notice