This article makes so many unfounded assumptions in order to make a point.
> Presumably they are going to immediately make themselves admin, or wire all your bitcoin to their account.
Attackers running scams like a sophisticated BEC will lay dormant for long stretches of time to gather information before acting. Sure, they can export the emails and set up auto-forward rules to maintain visibility when the session expires, but they've now made a lot more noise to detect on. I've seen threat actors view mailboxes once a day for months before they launch this scam.
> Also, it would be better to protect against this by securing the logs or using hard drive encryption.
Of course it would, but often it's not. It's that simple. It's crazy to think the person responsible for writing a secure app is also the one making decisions on endpoint encryption.
> some applications are used strictly within an company from company devices
Some are, lots are not. This reads like someone who has worked in enterprise environments with well funded security teams, not a small business with one IT guy running the show.
> But even then, the attacker could install a browser extension that sends your credentials to them the next time you log in.
This contradicts the rest of the article. Why is a company securing logs, encrypting disks, locking down where users can access apps, but then allowing anyone to install browser extensions?
I agree that short sessions are not the quick fix that some devs make them out to be, but the author is ruling out a perfectly acceptable control based on an imaginary end user setup.
Again, completely untrue. Automatic unfair dismissal does not have a minimum tenure to be applicable. Here [1] is a handy list of protections that do not require two years. You've also conveniently ignored all the other benefits in that list that are not available in the US.
You've already been corrected by someone else on the unemployment benefits so I'll not waste time repeating that.
The UK has a lot of problems, but downplaying workers rights in comparison to the states is a strange hill to die on.
Can you elaborate more on how the UK's workers rights are "literally worse than the US"? I would say things like statutory sick pay, mandatory holiday allowance, protection from unfair dismissal and the right to uninterrupted breaks are all pretty progressive compared to the States.
This article is from 2019, but it was my recent experiences with autocorrect which led me to finding this. My phone will occasionally have a few days of complete autocorrect meltdown (words completely out of context, random capitalisation, Spanish?) before normal service resumes.
> Presumably they are going to immediately make themselves admin, or wire all your bitcoin to their account.
Attackers running scams like a sophisticated BEC will lay dormant for long stretches of time to gather information before acting. Sure, they can export the emails and set up auto-forward rules to maintain visibility when the session expires, but they've now made a lot more noise to detect on. I've seen threat actors view mailboxes once a day for months before they launch this scam.
> Also, it would be better to protect against this by securing the logs or using hard drive encryption.
Of course it would, but often it's not. It's that simple. It's crazy to think the person responsible for writing a secure app is also the one making decisions on endpoint encryption.
> some applications are used strictly within an company from company devices
Some are, lots are not. This reads like someone who has worked in enterprise environments with well funded security teams, not a small business with one IT guy running the show.
> But even then, the attacker could install a browser extension that sends your credentials to them the next time you log in.
This contradicts the rest of the article. Why is a company securing logs, encrypting disks, locking down where users can access apps, but then allowing anyone to install browser extensions?
I agree that short sessions are not the quick fix that some devs make them out to be, but the author is ruling out a perfectly acceptable control based on an imaginary end user setup.