'i wont accept a pdf attachment from you because youre a redteamer and you might try to hack me' isnt the galaxy brain defensive secuity posture that you think it is

@Viss Better send it as a .docm then.

@Viss "i deleted your email because you're the security guy and might phish me"

#facepalmconcussion

@Viss

I'd just attach each page as an 1100x850 monochrome .GIF named with the page numbers instead.

If they complain, put the images in a .ZIP and attach that instead.

@h2onolan this energy right here

@cR0w xlsb

@VictimOfSimony meh. i just said 'look if you dont trust me theres no reason to bother'

@Viss Fax it :P

@schrotthaufen ive learned to take the 'look if you dont trust me to send you a pdf, theres no reason to bother' approach.

@Viss Oh. It happens that often, huh?

@schrotthaufen its been a while since the last time someone said some shit like that, but its so incredibly tiresome. its literally saying "i dont trust you to send me an email attachment because im afraid you might hack me"

which is the problem.
this completely random, unprovoked distrust for no explainable reason.

why continue anything with that person ever again? its always going to be an uphill battle and its always going to mean having to jump through hoops to prove honesty forever.

@schrotthaufen its gaslighting and i hate it.

@Viss Sounds tiring.

@Viss @VictimOfSimony That's how I deal with it.

We're SysAdmins (among other things). They sort of Have to trust me (us).

But here's the thing: I've noticed that those people think Very Highly of themselves (they're important enough to bother to hack ... lol, no).

And also, I have time, motivation, or interest in hacking them (lol, no).

@elfin @VictimOfSimony this guy works at google and is on one of their security teams, so its extra tiresome

@Viss @schrotthaufen We experienced that a lot but I always thought about it as a desperate attempt to signal competence (pbbly as a result of BS phishing simulations) rather distrust. But yeah, that's also a reasonable way to look at it.

@Viss @schrotthaufen PDFs have become such a known vector that it’s a bit of a boogeyman to a layperson, and there just doesn’t seem to be a push by companies that should have an interest in making them inherently secure, or even normalizing basic security. Then you tack on a new boogeyman that is insider threats, not that it’s anything really new, but at least a hot topic in recent news cycles, and you get this. A silly little situation where a person knows just enough to be afraid. The tools to deal with it aren’t automatic, readily apparent or even included. And the tools that are included, readily apparent or automatic fall short of being effective.