I don't see how this is as big a deal as people make it out to be. The person in charge of this account probably has nothing to do with anything that remotely matters. You wouldn't worry about your 401k if the asset manager's twitter account posted some gibberish.
I do some work for gov website that is more or less a PR blog.
Although you can't do anything to the systems that this agency deals with via the back end to this website, the scope of abuses that someone could engage in if they had these credentials is quite broad, ranging from "Agency XYZ endorses PQR" to "Agency XYZ will begin action against LMN".
Or, if you can't see the implications of that ability, consider that there's an entire cult of folks in the US that has some pretty questionable beliefs based on the mere assertion of "clearance" by an anon poster on a chan board... imagine how damaging it would be if those assertions could be "demonstrated" via an agency account?
I think most people underestimate cybersecurity claiming they don’t have much to “steal”.
I think these same people failed to learn the lessons of the 9/11 commission or have horse blinders on so they only apply those learnings to air travel or military contexts.
Think you aren’t worth anyone’s time to hack? Assume hacks are 100% automated — they aren’t targeting you, but if you are vulnerable they won’t do anything to avoid you.
Think you aren’t the biggest target? Assume it costs no more to hack the marginal device / server / Twitter account than it costs to send a single email. Assume the person running this hack is being paid a low wage in the poorest country - your coffee money is a decent day’s wages for them.
Think you have no assets to lose? Assume they can force you deep in debt to the extent that some greedy financial company will offer them a large loan in your name.
Agree.
The account is almost certainly manned by an employee that works in public relations and not making any operational decisions within the agency.
Furthermore, OPM still has all federal employees on “maximum telework”.
With most daycare centers inside the beltway closed or restricted due to COVID-19, maybe we should find a little humanity in this situation. That a public servant is trying to do their job in extraordinarily out-of-the ordinary circumstances, and that this parent’s small child pounded out a few characters on their phone while they were dealing with any of a million things that involves trying to work from home and be a good parent. Something, I think, many people around the world can relate to right now. This government For the People, is absolutely made up By the People; and have real issues, just like everyone does these days.
Also, regardless of what some one-term Presidents have done in the past, Twitter should not be taken so seriously.
Nothing would happen. Hawaii sent out an alert to every single cellphone in the state that an ICBM was imminently approaching Honolulu a few years back, and no one outside of Hawaii remembers that anymore today.
Please don't discount the people in Hawaii that experienced this event.
We lived on O'ahu when it happened and the topic still comes up occasionally. At the time, it was quite traumatic for myself, my wife, and our kids. I spoke to a large number of people who were still in a state of shock in the following week. At least one person died of a heart attack.
Errant tweets or text messages like this from positions of authority have the potential to have very real and major effects on people's lives. Don't downplay the power they hold.
It's a requirement for life to evaluate sources of information. If you hold rigid beliefs like "all information from official sources is infallible" then you're bound to be wrong sometimes. I'd say the problem was partly Hawaiians not being very good at evaluating information.
On the morning of January 13th, 2018 I was looking at my phone. When at 8:08am, every cell phone in the entire state simultaneously emitted an emergency alert tone and displayed this exact message:
BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.
I turned on the radio and FM stations were playing the Emergency Broadcast System's well known emergency tone followed by a computerized voice playing the same message as above on repeat.
When faced with this information, time is of absolute essence. The price of taking your time to doubt things and evaluating the veracity of the information means you're not acting to potentially prevent the immient death of yourself and your family.
In this scenario, you cannot expect people to do anything but take things at face value and seek immediate shelter.
I live in Japan, and long ago disabled emergency alerts for earthquakes on my phone... because they trigger whenever somebody closes a door a little too forcefully.
The core rule for any alerting system is to trigger if and only if those-to-be-alerted must take some sort of action. In this case, I was tired, pardon the pun, of being blasted out of a deep slumber at 3am for an earthquake that was so weak I could not feel it.
The only action I needed to take was to try and fall asleep again, which isn't terribly easy after your phone has jacked itself to maximum volume with urgent news of impending doom.
After the fourth time in something like two weeks, that alarm was disabled. It was useless.
Kudos to the designer for the earthquake alarm sound, though. That bit does its job brilliantly -- it instantly grabs your attention without deafening you, and you know exactly what is going on.
This Twitter incident is a complete joke in comparison. While you should certainly be judicious if you're in any sort of significant communications role, I really don't care what's on USSTRATCOM's Twitter. I didn't even know they had a Twitter nor would I consider the information there more than a frequently updated newsletter. Give the employee a break, it's really not that big of a deal.
No one here is hyperbole. Clearly you and me remember it. That being said, it's not like it was some 9/11 type event where everyone remembers where they were (unless you were in Hawaii I'm sure). In 10 years it's out of the public sphere. Like that plane that crashed into the ocean (which I'm willing to bet if you asked Gen Z about they would wonder if you were talking about Lost on Netflix rather than MH370), or all the other similarly-oddball incidents from the 70s, 80s, and 90s that we no longer ever mention in public discourse today.
> The response may have reflected newspaper publishers' fears that radio, to which they had lost some of the advertising revenue that was scarce enough during the Great Depression, would render them obsolete. In "The War of the Worlds", they saw an opportunity to cast aspersions on the newer medium: "The nation as a whole continues to face the danger of incomplete, misunderstood news over a medium which has yet to prove that it is competent to perform the news job," wrote Editor & Publisher, the newspaper industry's trade journal.[2][55]
> William Randolph Hearst's papers called on broadcasters to police themselves, lest the government step in, as Iowa Senator Clyde L. Herring proposed a bill that would have required all programming to be reviewed by the FCC prior to broadcast (he never actually introduced it).
And we all know Hearst would have no incentive to gin up something to make radio look bad and newspapers look better.
> Few contemporary accounts exist outside newspaper coverage of the mass panic and hysteria supposedly induced by the broadcast. Justin Levine, a producer at KFI in Los Angeles, wrote in a 2000 history of the FCC's response to hoax broadcasts that "the anecdotal nature of such reporting makes it difficult to objectively assess the true extent and intensity of the panic.[56] Bartholomew sees this as yet more evidence that the panic was predominantly a creation of the newspaper industry.[57]
As Reagan almost broadcast, "My fellow Americans, I'm pleased to tell you today that I've signed legislation that will outlaw Russia forever. We begin bombing in five minutes."
Reagan didn't almost broadcast that, he said it as a joke during a sound check. It was a joke in poor taste, but it only ended up public because someone recorded the sound check and leaked it.
Seriously, they could fake being sick by holding the thermometer against a lightbulb when their mom isn’t looking and after being left home alone for the day dial into that modem connected to the WOPR to play that global thermonuclear war game.
Probably because it is the "official" twitter account; and thus people will assume the tweets to be official messages. An agency responsible for nuclear weapons tweeting some gibberish is certainly scary for some.
I was 50/49.9/.1 the correction would be Canada being okay with Ontario being nuked, or the target changing to Quebec and Canada still being okay with it.
Quebec is the Texas of Canada, if I recall correctly.
There was a third, though unlikely option of the target switching to Alberta, but it turning out to be okay, because it just happened to coincide with a sudden invasion of hyper-intelligent rats, and the human population had already evac'd.
That being said, thank you. You genuinely brightened my day.
Haha, well I'm not sure how Canada feels about Ontario. I'm sure there a few places they wouldn't mind. However, they would probably still say sorry regardless.
For most companies and organizations, this is absolutely understandable. WFH is challenging, and balancing childcare even more so.
In this case, though, it begs the question - why does US Strategic Command even have a Twitter account? Are they going to post fun and engaging tweets about the nuclear football? Twitter seems like something this agency should not be doing.
Personally, I think my brain gets tired of having to filter non-stop PR. Actual engagement would be fantastic though so as much as that exists I’d claim provides a good potential.
It’s fine to have one, but I dislike how corp/gov accounts inevitably become about their new CEO (don’t care) or Bob from accounting celebrating 30y on the job (don’t care).
Canada’s border agency account likes to tweet pics of them “expediting” vaccine clearances while border holdups are their fault in the first place.
Like, thanks for circumventing your slow process, but let’s not celebrate your on-tarmac releases as an unusual practice.
Meanwhile when they reduce their hours of operation (useful), they bury it on their website because people might (rightfully) complain too directly.
The Canadian government has a culture, which is related to Canadian culture, and both of them have a lot of influence over what is considered acceptable to post on their twitter account. Therefore, a tweet on an account publicly associated with them reveals information about the culture of Canada.
Apparently this is still maintained, as it is described as compatible with Windows 2000, XP, Vista, 7, 8, and 10 (excepting "Metro/Modern" mode). Written by this charming coder: http://chrisniswander.com/.
[edited for grammar -- and should note that, of course Linux and ilk OS do offer a "cat" command]
... who left their computers unlocked?! Shouldn’t someone be raked over the coals for leaving a computer unlocked at an agency like that, even if it was just their marketing department?
On the other hand, if the child had been a little bit older and thought it would be funny to tweet, "we have launched a nuclear strike on North Korea," or something, I'd imagine that we might be looking at this differently.
I don't blame the social media person, but I am pretty surprised that the US Strategic Command allows their Twitter account to be operated from an insecure location.
There is a significant difference in decision making by a parent in regards to what they leave out for their children to touch based on the child's age.
The things you can leave out at age 1 are different than age 2, or 5, or 10, or 15.
Also, significant American politics are not being run from twitter anymore.
This is a genuine question, I'm really curious. What if the kid typed something that implies "US is firing nukes to {insert random non-Western country}". What is the probability of something like that escalating?
Escalating in a 'national security relevant' way? Basically none, I would think.
Bear in mind we're talking about the same Twitter that only last year lost control of an administrator account resulting in a Bitcoin scam tweeted from one former U.S. President and one future one.
Before 2016, probably nothing would have happened. After 2016 when the Commander in Chief only communicated by tweet, then people probably look at tweets in a slightly different mindset
>Isn't the automatic reaction of a Windows desktop/laptop user to lock their workstation
Having attempted to encourage this as a habit for my users for about a year, and not a single one doing it, I've had to come up with other solutions that takes it out of their hands. (It's not business-critical for us, however we try to encourage good security habits all around).
So no, I don't think it is an automatic reaction for the majority of people. Although, this is government - so I would have expected a bit more rigor. Perhaps working in a home environment contributed to relaxing of security habits.
Side note: Windows + L was a bit easier to remember than Ctrl+Alt+Del -> Enter -> Enter for the users who made good faith efforts at making it a habit
So what you do is take a screenshot of whatever's open on their computer, close it, then set the screenshot as their desktop wallpaper. Also hide their icons for good measure. This should start a cycle of escalation and retaliation that eventually gets the whole office locking their PCs.
In the past, for me, this has caused needless friction and fostered an adversarial relationship between IT/security staff and everyone else.
We weighed our options and decided that it was a battle we would rather not waste our effort and risk staff animosity with. When a more serious security incident occurs, or when we decide to implement something else that may require staff effort, we believe that our staff will be more willing to work with us towards a solution.
Sometimes with security policy, a little give (proportional to risk analysis) can go a long way with non-technical staff. I'd rather work with staff to come up with processes that work for both the security staff and all other staff members than become so rigid in my security policy that I may inadvertently alienate the security staff - which has many risks itself.
It can be done in a bit less adversarial and nicer way than making them deal with an annoyance of "troubleshooting" their desktop. Which, I found, makes things much easier and more frictionless.
In my old office, we had this team "tradition" that was supposed to encourage people to lock their desktops. If they left their office for whatever reason and left their desktop unlocked, anyone from the team jumps up to the machine. Then they send an email to the rest of the team on behalf of the person who left their desktop unlocked, saying that they are bringing cookies to share with the team tomorrow.
It worked out well for quite a few years, with people being more mindful about locking their machines. And their "punishment" for not doing so was just sharing cookies with the rest of the team the day after and hearing a couple of jokes about the situation. Overall, very positive experience, no one got upset about anything, because their machines themselves weren't screwed with, their work productivity wasn't lost due to it, and everyone shared a moment and baked goods.
That is so true. I struggled to develop the habit and then ended up on a team that did this (mainly send silly emails from the victim’s account). It’s over a decade later and I still hit the lock combo every time I get up.
I miss the good old days of Vista where there was a straight keyboard command to change monitor orientation. It was something like win+shift+arrow so everyone would prank each other with it until it was removed.
I remember that. Part of the Intel Graphics driver kit. W10 is pretty good about including basic drivers so that is probably when it stopped working for you. The shortcut still works for anyone who's gone through the hassle of installing Intel's drivers.
At my high school, it was to create a folder with an… incriminating name. Then, screenshot the desktop, delete the folder, and then set the background to the screenshot.
When the …mark… sits down, inevitably with several… "witnesses" behind them, who then point out in "astonishment" the folder on their desktop, they try (in vain) to highlight it to delete it.
(Not appropriate for the workplace, of course.)
Also, scotch tape is not transparent to optical mice? and blocks the sensor. Had that one pulled on me once, took a while to figure it out.
I did the same cca. 2001 to a fellow female coworker. She had a big Excel document that day and was under pressure to finish it from her boss (well, our boss). She went to toilet and that's all it took me to set it, then maximize back her Excel document. She unaware worked for next hour and then when she finished she called the boss, which was across the room on his desktop, to verify it. The fun part came when I asked for something from her desktop and she had to minimize Excel. She went red in the face and the entire office burst in laughter for next 5 minutes, the boss included. After that day she learned WIN+L.
I installed this app on my roommate's laptop in college one time when he left it unlocked and would run it every time he left it unlocked after that: https://www.macupdate.com/app/mac/26793/ipanic
It took several months for him to catch on; for a while I had him convinced that his hardware must have an issue where the laptop being left idle for too long caused it to mess up somehow.
Windows had "Dynamic lock" for a while now, which would automatically lock PC when a Bluetooth device goes out of range (e.g. typically smartphone or smartwatch).
>I guess this means setting the timer really low, so that it auto locks after a very short time?
The IT department at my former employer tried this out company-wide and it almost led to them getting attacked physically. When every simple distraction leads to you getting locked out of the desktop (phonecall, boss or coworker having a question) it builds frustration quickly. Pair this with frequently changing (company-mandated) complex passwords and permanent lockut after a few mistypes and you have a recipe for disaster: Even some of my technologically less-inclined co-workers researched how to bypass Windows security with hacking tools.
I think the problem there is the password policies more than the screen-locking policy. The locking policy is just shining a spotlight on the password policy issues.
I used to work at a nuclear energy services consultancy. I heard a story about how an energy think-tank had particular rooms with power-saving motion occupancy sensors for the lights. The problem was sitting still at a computer would result in the lights suddenly going off. An engineer solved this problem with a drinking bird toy with a warm bowl of water right at the level of the sensor.
People don't like having to type in their password each time they come back to the computer. Especially if their password is required to be fairly long and complex, which can become tedious to have to type in constantly during the day.
If you want users to adopt secure practices then you have to lower the amount of friction. Adding a fingerprint reader or some other kind of biometrick unlocking capability would probably help.
A better example: I think on macOS the system can be setup to automatically lock and unlock by wearing an Apple Watch.
The users aren't the ones that have to be trained, it's the flawed security practices that need to be fixed.
Look into Windows Hello for Business. It's very nice in the enterprise for all of this. Native facial recognition or fingerprint, and various other factors can be added.
How so? In my experience you are prompted to use it, and you can click and use standard credentials if desired.
I deployed WHfB at our $LARGE_ENTERPRISE and opted against using BT RSSI as a trusted signal because it's just too unpredictable. Probably because the Windows space is much more varied, but an RSSI that'd work for one device at ~8' away would fail to lock another when two cube rows away. Meaning, we knew users would start to depend on it, but it wouldn't work as they thought.
Thus, still policies of locking machines, it's now just easier to unlock. (And arguably more secure because now less password typing means far fewer chances for keyloggers to get network-usable credentials.)
I enabled Hello on my VM Windows 10 Enterprise and then was unable to connect via Remote Desktop from my Mac - so it didn't have single sign-on but it wouldn't fall back to anything I could use. So I disabled it and now it's happy.
I do that "in the office" but at home I usually leave my PC unlocked if I'm stepping away and trust my family not to mess around with my computer. It'll lock in a few minutes by itself anyways. While I probably would be more careful with younger children around I could easily see this happening for someone working from home.
Also - in the office if you leave your computer unlocked you may find that you have emailed the team and promised to bring everybody doughnuts tomorrow.
Back in the good 'ol days of the 1990s, if you left your computer unlocked you were liable to return to your desk and find somebody replaced your desktop wallpaper with something... pornographic and/or you sent an email to your boss (with the entire office on CC) professing your undying love for him.
Here's the thing: sometimes the lock screen on Windows 10 doesn't work and you can get back to the desktop simply by swiping up even when you think you should have to re-enter your password or PIN.
Note that I have face ID disabled because I got really fed up of my computer unlocking itself just because I'd gone back to my desk to pick up something I'd forgotten when I locked it and walked away. This always seemed incredibly insecure to me, not to mention very annoying.
I've never been able to recreate it, but I have been dumped back at the desktop without entering my password on one occasion. The machine didn't appear to be responding at the lock screen, so I hit enter a couple of times then tried Ctrl-Alt-Del. The screen went blue (the same blue as the screen that normally shows Lock/Switch User/Task Manager after pressing Ctrl-Alt-Del at desktop), then after 3-4 seconds just put me back at the desktop.
FWIW, this was a somewhat buggy install of Windows 10 (Settings->Devices->Add a Bluetooth device would crash reliably), so I don't particularly expect this to be widespread/reproducible.
I don't remember ever experiencing it with other machines but the reality is that since 2015 I've only actually used Windows 10 with three other computers:
1. A Dell desktop machine with no touchscreen or camera back in 2016,
2. My Macbook Pro, in 2016/17, where I used Windows 10 as a Parallels VM,
3. An Intel powered Surface laptop that I used at work from 2017 - 2019.
I don't remember any issues with the desktop machine. With the Mac I used the OSX screen lock so it was a complete non-issue (of course Windows would still lock itself but I wasn't careful about locking it manually).
The Surface was so wrought with glitches and problems that the lock screen not working properly would have been the absolute least of them. It was one of the worst and least reliable computers I've ever had to tolerate, bested in this regard only by my ZX Spectrum 48K+ back in 1986/87, and the Spectrum +2A that followed it in 1988/89. An awful, overpriced, underspecced paperweight of a computer. Avoid.
Having used Windows 10 basically since it came out, on many different devices, I've never experienced this, and I lock my PC every time I step away (or at least I did when I was working in an office). I also can't find anyone discussing it, though admittedly the search terms for this are difficult (mostly all I can find is people complaining their screen doesn't auto-lock after timeout).
Can you provide anything else on this, rather than just casually claiming one of the most popular OSes has a massive security bug?
Not really, only to say that it's happened to me several times, and isn't something I've been able to reproduce.
It happens infrequently enough that the first handful of times I thought I must have just forgotten to lock the machine. Eventually I realised that wasn't so and I wasn't just imagining it because, of course, by this time I'd become ultra-paranoid about locking the thing.
I'm running a ~2 year old Dell XPS equipped with a touchscreen. It's a decent machine for my needs but nothing special or exotic, and certainly I can't see any reason why this would be an issue.
I don't know what else to tell you other than I wish I was making it up.
No, not at all. I've had it happen after leaving the machine much longer than that. The thing is it happens quite infrequently, and isn't behaviour I can reproduce on demand, so I've not been able to reliably isolate the set of conditions that cause the problem.
As I said in another comment, the first few times I thought I must simply have forgotten to lock the machine. But of course then I became paranoid about locking the machine and so when it continued to happen from time to time I realised something really wasn't quite right.
Like I say though, it's just not behaviour I can reproduce on demand - super annoying.
It's most likely some quirk of my machine configuration, or possibly a driver issue (though I tend to like to keep things up to date), but I have a super-unadventurous Dell XPS so it doesn't make a whole lot of sense.
Most computers I've seen on government networks use a smart card to sign in (I'm sure it depends on which government network).
Pull the smart card out, and the device locks. Most people do a good job of taking the card with them, from what I've seen. Although it can be a pain in the ass when you have to resize windows or enter the card pin ~3 times to get logged back in.
At work, yes, always, because it's company policy and I can be officially reprimanded for leaving the computer unlocked and people actively look for this violation. At home, never, ever. This person was working from home.
Though, I admit, if I'm working late and I'm the only one left in the building then I don't lock the computer.
I'd imagine many computer uses don't know how to lock their computers if they weren't taught by IT - many "obvious" things to a tech savvy person are unknown by your average office worker (you can't imagine how many people I've taught to use CTRL+F)
Is there a power setting that makes it not suspend when it's idle? I'm not sure about MacOS, but on my Linux desktop there's a toggle in the power settings to make turn that behavior off, so I can lock my screen without having to worry about suddenly losing the ability to ssh into it.
I've done that - but even coming from just "display sleep" seems to cause it to go "HOLY SHIT I HAVE A DISPLAY! AND ANOTHER ONE! AND ANOTHER ONE! OH MY GOSH THERE'S A FOURTH?!? AND A FIFTH!?!?"
And then it calms down and all is well unless the cable decides not to connect at full speed, and I get to cycle it.
Lots of comments here about locking workstations, etc.
I think the answer to this sort of stuff is if you have a high-profile and important twitter account shouldn't the content actually be running through a CMS that has some sort of gated publishing system? It just takes one other person to double-check a post to makes sure that gibberish/crazy/genuinely bad stuff doesn't get published, right?
So then one actual human has the credentials for the actual twitter account in question. That's possible??
It'd be nice if government agencies moved to self-hosting their own official social media systems by way of interoperable web standards (ActivityPub for example).
Twitter is a walled garden service and is hostile to both their users and to people in the developer ecosystem. It does not even pretend to interoperate.
While this doesn't address the number one issue (the kid on the keyboard) it does provide a certain amount of accountability and transparency into how a public sector agency pushes their communications out into the world / digital commons.
they would implement the system such that two toddlers no less than 15 feet apart would need to type the identical gibberish characters into two terminals simultaneously in order for the tweet to be published.
Agree. The dependency on private services is not appropriate for officials or agencies communicating with the public. This is especially problematic when you consider that the public's responses will be subject to content moderation and censorship based on Twitter's whims.
Now then.. a cat would have sat/lied down on the warm keyboard (assuming laptop) and the keypresses would have exceeded the allowed maximum number of characters, and thus the tweet wouldn't have been possible.
That is honestly quite funny. I just can't imagine being that delusional in real life. What a Q believer's day-to-day life must look like is a wonder to me.
I think the most notable part of this claim is why wasn't this message deleted right away, and why were they drawing attention to it by saying "please disregard"? It's a purposeful streisand effect tactic
But how is access to twitter account in any way connected with oversight duties?
Most likely there is somebody hired to post to the twitter account from time to time, who has absolutely no oversight responsibilities or access to anything more substantial, they work from home and they forgot to lock their computer.
How is that a story for BBC? Nothing really more interesting happening?
Why does every US Government agency needs a Twatter account ? There is a whole agency with in these agencies called Public Relations that have been in existence since WWII. They have websites that cost million of $$ to build and maintain.
The imbeciles who man the US Military playing with their twatter accounts.
I could only arrive at one conclusion: Too much tax payer money wasted on hiring extra imbeciles to run these government twatter accounts.
TL;DR: Parent forgot to lock computer child typed gibberish.
But then it's just a twitter account, sure from the US nuclear-agency, but so what. Social media accounts get hacked all the time so this is IMHO not really that serious...
...if the computer isn't also used for more "high-security" applications, in which case I'm worried because of non appropriate screen locking setups might imply non appropriate security in other parts of the setup, too.
The responsible agency is rightfully embarrassed by this oversight, and has now taken stringent measures to ensure something like this never happens again
- Henceforth, all tweets can only ever be sent from a remote-desktop server that has to be hosted in a security-clearance-5 site
- In order to access the remote-desktop, 2 government employees, who both have 10+ years of government experience, will need to jointly log into the server together. The 2 users will need to alternate keypresses and mouse-clicks, in order to prevent either one from abusing their power
- Both employees will need to be using a computer that comes equipped with a built-in webcam, that has been security cleared by the NSA. This webcam should be running NSA custom-built software that continuously monitors the faces of both employees, and locks the computer if it detects anything suspicious or anomalous
- To prevent the possibility of misuse or bias, all tweets will need to be pre-cleared by the CIA's department of information warfare
In other news, why does it cost the government so much money, and take so long, to get anything done!? Stay tuned for more.
Reminds me of Reed Hastings quote about what he learned running his software company before Netflix: if your company insists on always adding policies to fix yesterday’s issues, tomorrow you will only have employees who enjoy to following and creating policies (quote not verbatim).
Also, I took your comment to be satire, but it’s hard to tell that from truth these days.
Non-Parenthood and celebacy are now a requirements for any governmental position. Never will this proud nation be scarred by something this embarrassing again.
The room where the tweeting designated computer is located is painted with anti wifi paint. No communication devices are allowed in the room and is protected by armed guards disguised as plants.
Submitting the tweet requires turning two keys at the same time, the keys are reissued every 24 hours.
The password to unlock the computer is written with invisible ink in a microfilm contained inside a spy coin in a fake book which can only be found in a public library in Alaska corresponding to the volume #25 of the 1951 Encyclopedia Britannica, an encyclopedia that only had 24 volumes originally.
The password is punched into cards in reverse order. Then, these punched cards are used as an stencil that can be scanned with a fake Android barcode app that returns thingiverse url which can be used to 3d print a key that will unlock the chest where the actual password is contained.
The second key is obtained by calling the phone number found in the tag of a XXXL Harambe t-shirt from a specific vendor on Amazon.
The phone number will emit a fake busy tone for 5 minutes and then an operator will pick up and answer in the Klingon language.
> In other news, why does it cost the government so much money, and take so long, to get anything done!? Stay tuned for more.
Don't be ridiculous. Every organization has protocols in place. It might seem inherently wasteful, but they actually save money by preventing costly mistakes.
Since a long time ago it's clear that social media (and bank) accounts need multi signature and 2FA support to allow advanced workflows. Of course it can only be achieved securely with an open standard that allows any combination of these deployed on all platforms (I'm OK with making it payed-only enterprise feature as long as the US military and presindent and maybe Elon Musk has enough money to pay for the feature).
How does any of that solve the “child types jibberish on an unlocked laptop”?
A better feature would be for laptop cameras to auto logout the user when they step away and let them log back in without authentication within 15 min. I think that better solves the unattended laptop problem than anything else. You can kind of get there with BLE keys but face authentication would work much better for presence detection (maybe do both BLE + face).
