> This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.
Your corporate vault, with all of your database keys, was stored and accessed from someone's personal computer?
> We assisted the DevOps Engineer with hardening the security of their home network and personal resources.
And even after this incident, you let them keep using a personal computer???
This really just reflects incredibly poorly on LastPass's internal security team. I was under considerably more robust endpoint protection policies as a random intern at a legacy Fortune 500.
It's unfortunate - I was going to send this around because it's an excellent thing to think about, but then there's that bit that comes out of nowhere and if I send that to someone they'll think certain things about me.
That bit is very relevant to the concept of the colour of the bits (in this particular case, computer images) the author is explaining, and is only a single sentence of a quite long blog post. Why are you bothered by it so much that you 're afraid to even send the post to someone else?
I can vote with an out-of-state driver's license in Pennsylvania, it just means that I have to provide a signature to them instead of it getting auto-populated from my driver's license. I'm pretty sure this should be the case in any state.
Obsidian stores all your files as Markdown as well, and has plugins to automatically back up your vault using Git on a set interval. I'm pretty sure across my various cloud sync and disk backup setups my Obsidian vault is fully recoverable from five different independent data sources, only one of which (Obsidian Sync) has any dependency on Obsidian itself.
AWS claims to be on track to power 100% of their datacenters with renewables by 2025[1]. GCP is carbon neutral right now (probably with renewable power credits or carbon credits) and is on track for similarly 100% renewable by 2030[2]. Microsoft, including Azure, plans 100% renewable energy by 2025[3].
A lot of these comments could read very differently depending on the age and living situation of the commenter. I'm a college student who likes to travel and usually doesn't have access to a personal vehicle (or I'm in cities where using a car is more annoying than not). I could probably keep up a perfectly fulfilling social life only using my laptop and its chat services, although I would definitely find it annoying. If I was forced to live without a smartphone, I'd be much more worried about the non-social things, mostly to do with transportation. I use my phone to pay public transit fare, unlock e-bikes or e-scooters, request rideshare services, display airline boarding passes, generally find my way in unfamiliar places, and so on. If I spent 99% of my time in the same city and mostly drove a personal car around, I wouldn't need those things as much.
Reminds me of the perennial reports from the American Society of Civil Engineers talking about how the US's infrastructure is degraded and everyone had better hire a lot of civil engineers to fix it.
Not a marine biologist, but this seems like it would explain their entire findings. Yachts tend to hang out more around the tropics and less around murky waters in, say, the North Atlantic. Clear water, such as you'd find in the Bahamas, is clear precisely because of lower plankton populations[1]. By collecting data off of pleasure boats, they're corrupting the data right off the bat!
Small-parcel courier services (read: USPS, UPS, FedEx) are far, far more expensive than the freight shipping that moves most things around. It costs about $1/kg to ship things all the way from China to the US by ocean container (much more expensive than it used to be because supply chain issues).
Your corporate vault, with all of your database keys, was stored and accessed from someone's personal computer?
> We assisted the DevOps Engineer with hardening the security of their home network and personal resources.
And even after this incident, you let them keep using a personal computer???
This really just reflects incredibly poorly on LastPass's internal security team. I was under considerably more robust endpoint protection policies as a random intern at a legacy Fortune 500.
Edit: I'm quoting from a separate linked blog post here: https://support.lastpass.com/help/incident-2-additional-deta...