Security and Windows TCO Leftovers

posted by Roy Schestowitz on Sep 07, 2024

• Integrity/Availability/Authenticity

  • Ruben Schade ☛ The “email is authentication” patterns

    I’m the first to admit that I don’t live in the real (electronic) world. As the late Jim Kloss pointed out during one of his broadcasts, we (and probably you) live in a part of the Web with ad blockers (as the FBI recommends), limited JavaScript, password managers, and a (mostly) finely-tuned sense of what is a scam and what is legitimate (that was a lot of brackets).

    Most people don’t live like this. I’d posit the vast majority don’t. And it’s worth a reality check sometimes.

• Confidentiality

  • Mat Duggan ☛ Why Login Security Sucks

    All of this is sort of a way to talk around the basic problem. I need a username and a password for every user on my platform. That password needs to be randomly generated and never stored as plain text in my database. If I had a way to know that the browser generated and stored the password, this basic level of security is met. As far as I can tell, there's no way for me to know that for sure. I can guess based on the length of the password and how quickly it was entered into a form field.

• Windows TCO

  • The Record ☛ Ransomware hackers threaten Montana branch of Planned Parenthood

    Fuller confirmed that they are aware that the RansomHub operation — responsible for dozens of ransomware attacks in August — posted information allegedly stolen from their systems. RansomHub claimed it stole 93 GB of data from the organization in a post made on Wednesday.