> the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee
The interesting part of this story is how the employee's LastPass got popped. My guess is their local workstation was compromised, and their LastPass was either not logged out in a browser plugin, or they didn't have 2 factor auth required for each login and a keylogger got the password. In either case, it's a good reminder to be paranoid about your password manager, make sure it's got a logout timer, and use 2 factor auth.
I also don't let my cloud password managers touch a mobile device. It's fairly inconvenient, so I hesitate to recommend this to others. But I don't trust mobile devices very much. Anyone have thoughts on this?
I've been developing fulltime on Linux since 2014. I can't speak for the default distros/DEs, since I've been using i3 and sway the entire time. But it's been a fantastic development environment for me.
I recently watched one of my colleagues run a build on their macbook. Not a complicated build. A go binary compile and a docker image build. But it really struck me how slow it was. What takes 15 seconds on my underpowered linux workstation took 60+ seconds on their $2000 macbook. That's unacceptable to me.
The interesting part of this story is how the employee's LastPass got popped. My guess is their local workstation was compromised, and their LastPass was either not logged out in a browser plugin, or they didn't have 2 factor auth required for each login and a keylogger got the password. In either case, it's a good reminder to be paranoid about your password manager, make sure it's got a logout timer, and use 2 factor auth.
I also don't let my cloud password managers touch a mobile device. It's fairly inconvenient, so I hesitate to recommend this to others. But I don't trust mobile devices very much. Anyone have thoughts on this?