Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?

Krudler@lemmy.world to Ask Lemmy@lemmy.world – 394 points –

One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the "unnecessary" USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

244

You are viewing a single comment
View all commentsShow the parent comment

It's reasonably easy to make a hardware mouse wiggler with an Arduino Micro (and I don't mean something that physically moves a mouse, rather something that looks like a USB mouse to the computer and periodically sends mouse movement messages).

If you're desperate enough, look it up as it's quite simple so there should be step by step instructions out there.

Absolutely love my Uno keyboard for this https://keyhive.xyz/shop/uno-single-key-keyboard

Got like 6 commands on a single key and one of them is to press shift every 30seconds so my computer doesn’t lock. Lifesaver.

Yeah, it's surprisingly simple to get these microcontrollers to become essentially programmable keyboard/mouse emulators, by which point if you're familiar with the stuff to program them (Arduino being the simplest and most widespread framework) it really just becomes a coding task and you can get it to do crazy stuff.

I suggested an Arduino Micro board because it bypasses the whole hardware side of the problem, but something like what you mention is even simpler.

I used a Sidewinder keyboard for years with programmable macros.

Yeah, I had my password as a macro.

Dick move on my part as the macro, I'm fairly sure, is stored in plaintext on the PC. But the convenience was great. I don't do that any more.

Can also just buy one from Amazon if you’re lazy or not technically inclined.

Well, my off the cuff suggestion was what seems simple to me in this domain ;)

That said I get what you mean and agree.