Summary
Elon Musk’s DOGE received approval to use PuTTY, a file-transfer software, at the Labor Department, raising alarm among employees over data security.
DOGE has sought access to various federal databases, prompting lawsuits from labor unions and privacy advocates.
A federal judge issued a restraining order against DOGE’s access to Treasury data, though not Labor’s. Critics fear AI analysis and unauthorized data sharing.
The case is now before U.S. District Judge John Bates, who expressed concerns but denied an immediate injunction.
To be clear, PuTTY is a common tool for accessing networked computers. There’s nothing wrong with the tool itself. The problem here is the access being granted (via the tool) to sensitive data that should not be accessible by these people.
I guarantee I’ll get even more pushback from Windows admins when I tell them to install Putty.
And, yes, ssh is in windows shell but many of the windows sysadmins I work with still refuse to use it. Some will even VNC to a Linux server to use the terminal there.
And, yes, ssh is in windows shell but many of the windows sysadmins I work with still refuse to use it. Some will even VNC to a Linux server to use the terminal there.
I’m currently looking for work because my “very much not Amazon” company just decided to pretend it’s Amazon, and things like this give me hope.
That’s madness. Simple, unwieldy madness.
Now imagine I have to take over for them because they don’t know their ls from their cp and it’s all laggy.
Talking to the customers so the engineers don’t have to is an important job.
What am I even reading? An ignorant clickbait article about an extremely popular and widely used ssh client? It’s not like they couldn’t just do scp or sftp via any tool set, even built into modern OS’s.
I guess the takeaway from this is that these supposed super clever hackers are using Windows. Instead of any of the operating systems that come with an SSH client built in.
Windows 11 has OpenSSH baked in.
That makes it even worse.
Yep, I use ssh directly in PowerShell at work regularly.
I wonder what version of Windows the systems are running.
CP/M
Even with windows, putty is a bit weird now. Windows comes with ssh/scp now …
I still use it mostly out of inertia; im just used to it at this point. I dont like it, but at this point its like an old ugly pair of jeans that are broken in
Windows actually does have a decentish ssh program built in these days… it’s not great but like… it works. And while I used to use PuTTY myself, I’ve just switched over to using git bash - so it amuses me that they’re using ancient tooling even though the oldest is like 25?
As a thirty eight year old I feel confident in saying that these clowns need to get with the times.
Also, don’t forget that Musk is a huge fucking idiot. He recently claimed the US government doesn’t use SQL which is laughably ignorant.
Maybe the LLMs they prompted didn’t know about the built-in SSH support, hence still recommends PuTTY? 🤔
Or perhaps grok considers Windows 11 to be woke.
I would guess they are looking to use it with pagent to support login with PIVs which is likely required by the servers they want to access. It’s a pretty standard login setup in federal IT honestly.
Do you really need pagent for that versus just ssh-agent?
Pagent can handle auth with openssh also. There’s no need to actually use putty itself. You can do PIV/CAC auth on windows without pagent too. Or even better, don’t use windows at all.
And that security is by app not by network rules.
Actually it’s good news that they still had to requisition the software, that indicates they don’t just get to run local admin and install whatever, they’re still bound by a domain.
I’m alarmed, too, just cuz that means they’re genuinely accessing remote systems.
But I thought they were already doing that.
So I guess I’m just as alarmed as before.
Imagine this conversation in the IT department at a large bank:
IT Manager: It’s what?!
Security Engineer: Gone. It’s all gone. Every red cent this bank held in every account has been transferred by malicious actors to anonymous Swiss accounts.
IT Manager: How could we have let this happen?
Security Engineer: The hackers got approval to install PuTTY. There was nothing we could do.
