Given the number of Thinkpad users in the wild, this is a particularly sensitive vulnerability that should be patched as soon as possible.
Parents beware! Given the proximity of the Christmas holiday, this breach is particularly important. You may have set and forgotten these credentials a season ago, so go check, update, and monitor accordingly.
This is a very lucid explanation of the Dell self-signed certificate issue that has spread across the IT security sites and forums the last couple of days. It is being compared to the Lenovo Superfish debacle of earlier in the year, but Dell’s issue appears to be less diabolical and easier to remedy.
This is fantastic advice from Brian Krebs for 2-factor authentication at Amazon, especially entering the holiday shopping season.
I honestly do not know what to say or where to begin. I cannot say that I am surprised that yet another government agency has failed to fund and execute an effective IT security program. This is a systemic problem and I believe it should be addressed before additional controls are passed down to the private sector. The approach of “do as I say and not as I do” can no longer be allowed to stand.
Call it what you will – a sign of the times, an inevitability, a sign that Apple has real traction in the desktop space – but malware is alive and well in the world of OS X and VirusTotal is taking this fact seriously.
This is a “sad but true but expected” article to ponder. Kudos to the teams at IBM and Tripwire for shining a light on this problem.
I have seen this debate in many different forms and all ring true. Professionalism, consistency of delivery, and customer service are quite relevant regardless of the deliverable. People are clearly willing to pay for prompt service, whether they originally wanted it or not. The lessons to be learned are numerous , but allow me to start with the simplest first. If we as security practitioners approached the proactive controls and the delivery of said controls with the same professionalism, consistency and promptness, would ransomware be as big of problem today?