My laptop got a sticker! WTF?!
What even is a pentest?!
First up: I'm sorry for startling you. I promise the sticker will come off without damaging your laptop!
The word "pentest" refers to something security people do: they test the (IT) security of a company by acting like attackers. They try to find weak points in a company which can be exploited for very bad purposes.
That explained what most likely happened to your laptop:
- You were hard at work, on your laptop.
- You got distracted: a phone call, grabbing coffee or lunch.
- You walked away without locking your screen or closing your laptop.
At this point a vigilant colleague noticed your abandoned laptop and decided to help you.
What's the big deal?
Leaving laptops (or workstations) unlocked is a common problem. You will find them anywhere! At the office, in restaurants, in co-working spaces and even the lavatory!
Abandoning your workstation, unlocked, is a very large risk. You are creating an opening for:
- Data being stolen.
- Vandalism.
- Identity theft.
- Malware infections.
When you leave your workstation unlocked, anybody can use your credentials and privileges. If it's a personal laptop, that will affect you and your family. If it's your employer's laptop, you're putting your whole company at risk!
Normally what happens, is that a passer-by either abuses the situation or they try to help protect you.
- They might close your laptop and put a note on it,
- They might open notepad.exe and leave a message,
- They could change your desktop background to something silly,
- They could load a prank site like UpdateFaker.com,
- Or they could make you promise to buy cakes, or invite all your colleagues to a BBQ party.
Or they could ruin your life by abusing the laptop you left lying around!
I would like to get stickers
For now, I don't have any stickers available for ordering: I only have a small, first batch which I'm sharing with friends and co-workers.
But rest assured that I am looking for a vendor to source larger batches from. Hopefully with a web shop!
Who, what and why?!
As Monique Hofman described it when I first announced the Pentest Fairy stickers on LinkedIn, I'm part of the Screen Lock Police.
It's part of my job as security specialist to be vigilant of risks to our IT environment and I need a quick and safe way to alert colleagues about their mistakes.
I'm not a fan of the methods described above.
- Just closing the laptop doesn't send a message.
- Messing with backgrounds or prank sites is highly offensive to many and often goes way off track.
- Impersonating colleagues by sending emails is dumb at best, unethical at worst.
I wanted a solution that is non-destructive, that is ethically okay and it should be friendly.
While in a lecture about security awareness, my colleague Daniëlle Wagemakers and me came up with the idea of having some big warning sticker you could wrap around the laptop.
The Pentest Fairy was cooked up by me, Tess Sluijter-Stek. My daughter Flara created her own rendition of my character design, which turned out awesome!
I came up with the Pentest Fairy as the friendly persona to put on these warning stickers. I don't want my stickers to be an annoyance, I want them to be a friendly reminder.