Hacker News new | comments | show | ask | jobs | submit login

I'm having a tough time understanding what compelled SEC employees to bring a laptop to such a convention.

"We dodged a bullet this time."

More like the SEC employees tried to fire at us, but missed.

This isn't about policy. This is about common sense. Why wasn't the data encrypted? Why were the employees allowed to leave the company buildings with the information? Why didn't they have the common sense to leave them at home before attending said conference?

And, that being said... You would assume that those attending a hacking convention would normally be smart enough to know the risks (and especially not to bring an official work laptop). Alas, it's funny and worrisome to see that Wall Street is being run by people incompetent with technology.

Indeed, common advice to people attending Black Hat conventions is to take a semi-disposable computer. You install an OS before you go. You reformat when you get back.

That's perhaps paranoid, but a bit of paranoia isn't harmful in such a situation.

And maybe create a honeypot in a VM just in case

Have some important looking documents in an open SMB share for example (or put a password for those past security 101)

Have a WiFi AP 'free' (or maybe with a simple password) see who tries to use it, log connections, maybe even try to MITM some popular sites (this may be illegal)

Have you ever worked for government?

It would probably take 3 weeks for an SEC guy to have his laptop reimaged. A request for another laptop to attend the 2012 conference would probably be fulfilled in time for the 2015 conference.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact