Security Issues: Windows TCO and Honeypots
-
Windows TCO
-
The Register UK ☛ No one's happy with latest US cyber incident reporting plan
Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident.
The rules were unveiled in a draft update to the Federal Acquisition Regulation (FAR) that refreshes security reporting standards for government contractors in line with President Biden's 2021 executive order on the topic.
-
India Times ☛ Crypto: [Cryptocurrency] ransom attack payments hit record $1 billion in 2023: report
Scammers targeting institutions such as hospitals, schools and government offices for ransom pocketed $1.1 billion last year, compared with $567 million in 2022.
-
[Repeat] The Register UK ☛ Raspberry Pi Pico cracks BitLocker in under a minute [Ed: BitLocker has back doors [1, 2]]
A Lenovo laptop was used in the video, posted by user stacksmashing, although other hardware will also be vulnerable. The technique also relies on having a Trusted Platform Module (TPM) separate from the CPU. In many cases, the two will be combined, in which case the technique shown cannot be used.
-
-
Integrity/Availability/Authenticity
-
Jamie Zawinski ☛ Harassing botnets with zipbombs
The idea is this: instead of just blocking IP addresses that hit honeypot URLs, feed them a compressed document that massively expands on their end, making them run out of memory and crash.
This is extremely hypothetical. Maybe they won't actually crash. We can dare to dream, though.
-