Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
shiroiuma 6 hours ago

The company should have known better than to trust their IT infrastructure to Microslop. This is their own fault.

Xylakant 6 hours ago | parent | next [-]

My 95% bet is that the attacker just gained access to an account with suitable privileges and then went on to use existing automation. The fact that it’s intune is largely irrelevant - I’m not aware of any safeguards that any provider would implemen.

So the options here are MDM or no MDM and that’s a hard choice. No MDM means that you have to trust all people to get things as basic as FDE or a sane password policy right. No option to wipe or lock lost devices. No option to unlock devices where people forgot their password. Using an MDM means having a privileged attack vector into all machines.

neo_doom 3 hours ago | parent [-]

No MDM just isn’t an option for most enterprises but ideally the keys to the kingdom are properly secured.

mulmen 2 hours ago | parent [-]

How does that look exactly? Someone has to be able to use MDM to manage devices or there’s no point in having it. This scenario is firmly in rubber hose/crescent wrench cryptanalysis territory. Can updates have delays with approval gates built in? Does MDM need a break glass capability?

heraldgeezer 4 hours ago | parent | prev [-]

What alternative to Intune and, hell, the entire Office 365 suite that it is in, do you have?

Gsuite + Slack I guess. lmao. As if that is better.

Looking forward to your reply.

pjc50 an hour ago | parent | next [-]

All the Linux kernel development work is organized around a mailing list, and some private IRC chats for the core people. It's the technology of the nineties but it works for them.

A lot of corporate stuff seems to be much worse than even a random vibe coded web app. I have to book holiday through something called "HR Connect", watching pages load laboriously and redirect every login through several very long URLs. Slowly.

heraldgeezer an hour ago | parent [-]

Yes, the Linux kernel people can be trusted to manage their own machines. Random corp employees cannot. Also corp machines are corp property, not the employees own. If you have 1000 or 10,000 machines you need to manage them. Full stop.

Yes, many corporate websites are bad. Like ERP or HR systems. None of that has to do with device management, RMMs/MDMs or Intune.

JonChesterfield 3 hours ago | parent | prev [-]

Well, all the machines in the current outfit are Linux as far as I know. Services are self hosted. Seems to be fine, teams et al run adequately in a browser for talking to people on other stacks.

Previous place had a corporate controlled windows laptop that made a very poor thin client for accessing dev machines. One before that had a somewhat centrally managed macbook that made a very poor thin client for accessing dev machines.

You don't have to soul bond to Microsoft to get things done.

Ekaros 3 hours ago | parent | next [-]

I don't see how Linux would prevent anything if company wants similar controls on their machines. Like tracking update status, forcing updates when needed, potentially wiping entire device when stolen and so on. Fault really is not the OS but the control corporate wants over their devices. And it does make some sense.

pjc50 an hour ago | parent [-]

Indeed. You'd expect a corporate IT system to be able to ssh as root into all their devices. And the cloud is even worse: if you get hold of the right IAM role, you can simply delete everything! That does usually get locked behind proper 2FA, but it's not impossible to phish even experienced admins once in a while.

heraldgeezer an hour ago | parent | prev [-]

That is all well and good but how do you:

- Ensure the Linux machines are up-to-date and users are not just indefinitely postponing OS updates?

- Same as above but with programs/software

- How do you ensure correct settings configuration in terms of security? Say default browser, extensions, program access etc?

- Re-image or reinstall the OS when there are issues or PC handover to another employee? Manually with a USB stick?

This kind of control exists and is needed for Linux and MacOS too. RMM is not a Windows only thing...

The critics here see Intune but what if they used another RMM and they compromised another cloud RMM account? Same issue.