Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Maybe a dumb question: who exactly is locking your desktop supposed to protect against? Do some offices have untrusted people running around with access to workstations?

I can see the necessity of locking when you go home, so the maintenance staff does not have access, but presumably this happened during the day.



Rouge employees happen. Or an attacker may be posing as cleaning staff (in my company we have cleaning during business hours, and every few days we all leave our room while the cleaning lady vacuums).

But primarily, it's not about distrust towards your cow-orkers - it's because not locking your workstation leaves you (and the company) vulnerable to external attackers that made their way to the office via acting confident. Social engineering is extremely effective and quite easy to perform, if you can keep your cool.


Cleaners seem like a huge way in. They often come at night and have unrestricted access. What's stopping them from keylogging or worse? How tight of security can the cleaning crew even run? It's not like you're paying a ton extra to vet folks, and it can't be that desirable a job.


Indeed. Add to that the fact that many cleaning companies employs their crews as "contractors", pay them almost nothing and treat them like human trash (ditto for security personel in relatively safe areas), and you have a perfect attack vector - it won't be hard to find someone who will plug that little stick behind a computer in exchange for some cash and you being nice to them.


> who exactly is locking your desktop supposed to protect against? Do some offices have untrusted people running around with access to workstations?

Yes, exactly this. Why is that surprising? Why bother with user accounts with audit trails; why not just use user:GUEST pass:GUESS for everything?

There's a bunch of places where you want to make sure that trusted employees are not gaining access to things they shouldn't. EG health care providers.


I would suggest that if you can trivially access confidential data from an unlocked workstation then you probably have bigger problems.


By "unlocked workstation" here I mean "unlocked, and logged in".


heh, as a pen tester, please leave your computer unlocked 24/7. It makes it so much easier to take over your entire network after I've gotten into your office by cloning a RFID badge, or heck, just tailing someone through the door.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: