Security Leftovers and Windows TCO
-
Medevel ☛ Why I Recommend ParrotOS Over Kali Linux: A Personal Take
As a blogger who’s always diving deep into tech and cybersecurity, I’ve spent quite a bit of time experimenting with both ParrotOS and Kali Linux.
-
Ruben Schade ☛ HTTPS as an accessibility issue
Like many of you, I was quick to install Let’s Encrypt once it was available. It reduced the barrier to entry significantly for HTTPS by rendering the experience of buying, installing, and renewing certificates affordable and easy. I let other commercial certs lapse because Certbot and the various other ACME clients were that much nicer.
[...]
But this is a pragmatic issue. Many endpoints are old and lack support for modern ciphers, or never had the feature to begin with. Implementing HTTPS everywhere introduces a limitation on the machines, operating systems, and therefore people who can view this. Terence Eden’s 2021 post about this topic is worth a read if you don’t think this is an issue.
This gets us back to the value proposition of HTTPS. Are they… really necessary for a blog without a web-facing admin portal, software downloads, or mission-critical features? Have I shut people out for benefits that don’t really make sense in this context? Have a lot of us?
It might be too late to reconsider reverting back to plain old HTTP for this blog, because I assume endpoints would see a former HTTPS site rendering as HTTP as a security risk. Redirects would also be tricky. But it’s making me re-evaluate my use of it elsewhere.
-
SANS ☛ Security related Docker containers, (Wed, Oct 2nd)
-
OpenSSF (Linux Foundation) ☛ Recap on SOSS Community Day EU
On September 19, the OpenSSF community gathered in Vienna for SOSS Community Day EU, held alongside Open Source Summit EU. Each summit and community day is a celebration of open source excellence, showcasing the collective efforts of passionate individuals committed to making the world a safer place. We extend a heartfelt thanks to our dedicated maintainers for their continuous efforts in advancing open source security!
-
Federal News Network ☛ DoD agencies confront zero trust challenges, misunderstandings ahead of 2026 deadline
The Defense Department’s zero trust framework is acting as a catalyst, driving mission owners to industry in search of zero trust solutions
-
Security Week ☛ Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps
Clownflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps.
-
Security Week ☛ US, Allies Release Guidance on Securing OT Environments
New guidance provides information on how to create and maintain a secure operational technology (OT) environment.
-
Security Week ☛ MITRE Adds Mitigations to EMB3D Threat Model
MITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices.
-
Security Week ☛ Zero-Day Breach at Rackspace Sparks Vendor Blame Game
A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.
-
Federal News Network ☛ Cyber Leaders Exchange 2024: CISA’s Jeff Greene on challenging the status quo [Ed: Microsoft-infested [1, 2, 3, 4]]
The new executive assistant director for cybersecurity at CISA details how sharing threat intelligence more broadly pays off.
-
Federal News Network ☛ DoJ revising vulnerability disclosure framework to encourage Hey Hi (AI) red teaming
DoJ says its policy will encourage independent security and safety research, but will large Hey Hi (AI) companies follow suit in encouraging vulnerability disclosure?
-
Security Week ☛ Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI
Multiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI.
-
SANS ☛ Kickstart Your DShield Honeypot (Thu, Oct 3rd)
-
The Register UK ☛ Average North American CISO salary now $565K, mainly thanks to one weird trick
The data showed that by far the most effective way to boost your pay was to switch jobs, or at least threaten to, and get a counter offer from your original employer. Both moves bring an average compensation increase of 31 percent. By contrast, just doing your job and getting an annual pay rise would increase the average salary by just 6.3 percent, according to data from IANS Research and recruitment firm Artico.
-
Windows TCO
-
Federal News Network ☛ Strengthening federal defenses against nation-state email compromise in the wake of CISA’s emergency directive
CISA’s emergency directive follows the January breach of Abusive Monopolist Microsoft corporate email accounts by Russian state-sponsored cyber actor Midnight Blizzard.
-
-
Tom's Hardware ☛ Windows 11 24H2 update faces gaming issues — devices with Asphalt 8, older versions of Easy Anti-Cheat on compatibility hold
Microsoft is putting backdoored Windows 11 24H2 on hold on some systems because of crashes and BSODs with Asphalt 8, Easy Anti-Cheat.
-
Tom's Hardware ☛ Microsoft retires WordPad after 28 years — app no longer available as of backdoored Windows 11 24H2 [Ed: Windows has become increasingly obsolete because of Android et al]
The backdoored Windows 11 24H2 rollout formally removes support for Wordpad as Abusive Monopolist Microsoft formally adds in its deprecated feature, ending its 28 years of product lifespan.