When the GP said don't use that computer for handling PII, I thought of PII on the machine itself (e.g. local files). That might have been a misunderstanding, and my response mixed up two ideas in an unclear way:
1. The terminal with a vulnerability is likely to be the attack vector for compromising that computer in the first place, because the terminal receives output from basically everything in your fleet, and all the data you interact with, if your work is command line heavy. The more data you handle through that one machine and terminal (including PII, which can be a source of unsanitised data), the more likely the compromise is to find a way.
2. Handling PII that resides on other machines is also compromised by the terminal problem on the local machine.
When the GP said don't use that computer for handling PII, I thought of PII on the machine itself (e.g. local files). That might have been a misunderstanding, and my response mixed up two ideas in an unclear way:
1. The terminal with a vulnerability is likely to be the attack vector for compromising that computer in the first place, because the terminal receives output from basically everything in your fleet, and all the data you interact with, if your work is command line heavy. The more data you handle through that one machine and terminal (including PII, which can be a source of unsanitised data), the more likely the compromise is to find a way.
2. Handling PII that resides on other machines is also compromised by the terminal problem on the local machine.