I'm fascinated that this was part of their remediation. I'd consider "don't trus... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		akerl_ on Feb 28, 2023 \| parent \| context \| favorite \| on: LastPass says DevOps engineer’s hacked computer le... I'm fascinated that this was part of their remediation. I'd consider "don't trust the employee's local network" to be a pretty basic principle of modern corporate information security. What happens when an employee logs in from hotel wifi? You basically have to treat the network between the user and your environment as hostile, and design for that problem.

userbinator on Feb 28, 2023 [–]

And as an employee, "don't trust the company's local network" with your own devices either.

akerl_ on Feb 28, 2023 | [–]

For my personal devices, I trust my company's local network essentially the same as any other network my mobile devices connect to.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact