Follow

BeyondTrust (🤬) 

“We don’t trust people with UAC dialogs so we’re going to use an app that auto-escalates without UAC dialogs, increases our attack surface of number of super-user services running on the machine, but we can ‘audit’ it better for meanings of better in that we can pay HPCs instead of learning UAC auditing correctly.”

How are IT people this fucking stupid? Why does no one listen to the frustrated software developer whose security training says this is fucking dumb?

BeyondTrust (🤬) 

What most frightens me is that they configured it to auto-escalate Visual Studio. Whatever moron gave them that advice doesn’t understand Visual Studio and flunked their security training.

It gives me anxiety attacks that I can’t open a Visual Studio window without the Admin warning box. I’m increasingly less sure I can build software safely with BeyondTrust installed and configured this way.

It’s proof they fucked up the attack surface real fucking bad.

Sign in to participate in the conversation
Smeap.com

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!