alt Hacker NewsWhat I mean is: If a corporate internal website regularly connects to unauthenticated local ports and leaks sensitive data out, that's fully on them.
If they are trying to fingerprint the "private compartment" of a BYOB device, that seems roughly as bad as a non-corporate side doing the same.
Replies
bravesoul2 • last Tuesday at 8:22 PM
You can easily click a link e.g. to a blog post on Chrome inside your profile.
E.g. a Jira ticket links to a post on how to do something concurrency related in Python.
I get your point thought that maybe this is no worse than if they visit the site on the personal side.
However I wouldn't trust out lack of imagination on how to exploit this to be happy about the security gap!
100% agree, and fingerprinting BYOB devices would be problematic in a lot of ways.
I'm generally against BYOD programs. They're convenient but usually come from a place of allowing employees access to things without the willingness to take on the cost (both in corp devices and inconvenience of a second phone/tablet/whatever) to run them with a high level of assurance.
Much better in my opinion to use something like PagerDuty or text/push notifications to prompt folks to check a corp device if they have alerts/new emails/whatever.