Notices by Chester Wisniewski (chetwisniewski@securitycafe.ca)

@jalefkowit I was going to say I am not young enough, but after a few moments thought, I am still young compared to Democrat leaders.

I wish I had a nickel for every time I hear someone say this. It's just patently not true unless you are running the worst security program imaginable.

Who has only one layer of defence? Who does NO monitoring?
We have been talking about defence in depth for... 30 years?

FUD doesn't help anyone. It isn't selling more product and it isn't making your crappy paper any more important.

@GossiTheDog Worth a shot :) Certainly interested if you see more. I will reach out to some friends at the GOOG and see if they can help.

@GossiTheDog Any chance you have any of those HEIF spam samples you mentioned last week? I'm interested in doing some testing, but don't have any in my spam trap.

@SecureOwl They did the same thing when they bought Symantec. They only want the Fortune 1000, everyone else can pound sand. Odd strategy. We had customers telling us (Sophos) that Symantec wouldn't even accept their POs as they were too small and unwanted.

Is it just me or is it strange to put tariffs on Canada for "fentanyl and the immigrants" when it is the US CBPs job to... You know, keep out the fentanyl and the immigrants?

@skinnylatte Tell me more about the ones you like? I think I mostly get the HK-style ones here in Vancouver as well...

@GossiTheDog Are they Fortiproxy? That was affected.

@GossiTheDog 0-day confirmed https://www.csoonline.com/article/3802722/fortinet-confirms-zero-day-flaw-used-in-attacks-against-its-firewalls.html

@tim Right, but for me to set up DNS on HE's servers it needs to see the delegation.

@tim Strange thing was a local whois from my server showed the delegation, but Hurricane Electric's DNS service did not. It is possible HE checked as soon as I added the domain (race condition) and won't check for another 60 mins as a rate limiter?

@tim Some sort of odd timer, might be an issue with Hurricane Electric. Exactly 60 minutes after purchase it recognized the delegation.

I like my .ca domain names, but the provisioning is soooo slow. Every time I create a new domain, I want to USE it. The delegation seems to take hours to propagate sometimes, where a .com in 2024 seems almost instantaneous.

h/t to @johnshier

Is it just me or should all journalists be seriously looking at the Fediverse as the only sensible home? Now with Threads being able to follow accounts here and Threads banning political and news content on their own platform, it seems like the perfect workaround. Add in a bridge to BSky and Bob's deep throat's uncle.

What if AT&T had MFA enabled on their Snowflake... and were SIM swapped?

@GossiTheDog @campuscodi I did an analysis at RSA 6 years ago on who hosts the bad... https://youtu.be/FQLlt-7gsYI?si=iuXrCpLn1VVvgBfc

@GossiTheDog Yes, this happens a lot too.

@GossiTheDog we see the same last I checked. You don't need to believe me either, but I believe it is true.

@GossiTheDog This whole thing feels like a desperate ploy to explain to people why they should throw out their PCs to get a new one with an "NPU". Don't want, don't need. They have to include something that "requires" it, even though as already proven, it isn't even needed for this.