alt Hacker News>they'd throw USB sticks in the parking lot of the company they were pentesting and somebody would always put the thing into a workstation to see what as on it and get p0wned.
One of my favorite quotes is from an unnamed architect of the plan in a 2012 article about Stuxnet/the cyber attacks on Iran's nuclear program:
"It turns out there is always an idiot around who doesn't think much about the thumb drive in their hand."
I don't think we should be calling the users idiots when we failed to make our systems secure by design. If a simple act like plugging in a thumb drive by a well-meaning user undermines the security of an entire operation, then why do we allow such a thing to happen?
Relevant: https://www.schneier.com/blog/archives/2016/10/security_desi...