Notices by Chester Wisniewski (chetwisniewski@securitycafe.ca)

@SecureOwl They did the same thing when they bought Symantec. They only want the Fortune 1000, everyone else can pound sand. Odd strategy. We had customers telling us (Sophos) that Symantec wouldn't even accept their POs as they were too small and unwanted.

Is it just me or is it strange to put tariffs on Canada for "fentanyl and the immigrants" when it is the US CBPs job to... You know, keep out the fentanyl and the immigrants?

@skinnylatte Tell me more about the ones you like? I think I mostly get the HK-style ones here in Vancouver as well...

@GossiTheDog Are they Fortiproxy? That was affected.

@GossiTheDog 0-day confirmed https://www.csoonline.com/article/3802722/fortinet-confirms-zero-day-flaw-used-in-attacks-against-its-firewalls.html

@tim Right, but for me to set up DNS on HE's servers it needs to see the delegation.

@tim Strange thing was a local whois from my server showed the delegation, but Hurricane Electric's DNS service did not. It is possible HE checked as soon as I added the domain (race condition) and won't check for another 60 mins as a rate limiter?

@tim Some sort of odd timer, might be an issue with Hurricane Electric. Exactly 60 minutes after purchase it recognized the delegation.

I like my .ca domain names, but the provisioning is soooo slow. Every time I create a new domain, I want to USE it. The delegation seems to take hours to propagate sometimes, where a .com in 2024 seems almost instantaneous.

h/t to @johnshier

Is it just me or should all journalists be seriously looking at the Fediverse as the only sensible home? Now with Threads being able to follow accounts here and Threads banning political and news content on their own platform, it seems like the perfect workaround. Add in a bridge to BSky and Bob's deep throat's uncle.

What if AT&T had MFA enabled on their Snowflake... and were SIM swapped?

@GossiTheDog @campuscodi I did an analysis at RSA 6 years ago on who hosts the bad... https://youtu.be/FQLlt-7gsYI?si=iuXrCpLn1VVvgBfc

@GossiTheDog Yes, this happens a lot too.

@GossiTheDog we see the same last I checked. You don't need to believe me either, but I believe it is true.

@GossiTheDog This whole thing feels like a desperate ploy to explain to people why they should throw out their PCs to get a new one with an "NPU". Don't want, don't need. They have to include something that "requires" it, even though as already proven, it isn't even needed for this.

@GossiTheDog @Quinnypig Everyone gives me the side eye for running my own mail server, IRC, nextcloud, etc. I have seen this play before and it ends in tears. Trust no one.

@Techmeme Hadn't this already been debunked?

@GossiTheDog @metlstorm I'm surprised this was effective considering many more ransomware crews are doing "remote ransomware", effectively running the encryption on an unprotected device and connecting to the shares over the network. Would work against Netware shares as well as anything else...

Looks like Lush Cosmetics were victims of Akira as they have appeared on their leak site. Akira has exploited unpatched Cisco ASA VPNs in the past, wondering if the same here? They use them according to Shodan data.