Security Memetics

Like We Don't Have Enough Malware To Study Already secmeme.com/2016/09/like-w…

I am a Microsoft security architect. In 1994, researchers discovered RC4 was fundamentally broken. We made it the default cipher in Windows anyway. By 2000, every machine on Earth was running it. We called it "battle-tested." Technically true. It lost every battle. In 2013, more researchers confirmed it was still broken. We published a knowledge base article thanking them for their passion. In 2015, the entire industry formally deprecated it. We kept it enabled by default. Compatibility is more important than security. Security is just compatibility with not being hacked. Hospitals ran their patient records through it. Banks authenticated their transactions with it. Fortune 500 companies trusted their crown jewels to it. The Ascension breach happened. 5.6 million patient records. 140 hospitals offline. Ransomware walked through our cipher like it wasn't there. It basically wasn't. Senator Wyden called it "gross cybersecurity negligence." He demanded an FTC investigation. We released a statement thanking him for his continued partnership. After 26 years of careful consideration, we've made a decision. We're going to disable RC4 by default. In mid-2026. We're giving everyone 18 months notice. Because we believe in thoughtful transitions. We've been thoughtfully transitioning since the Clinton administration. Two Clintons could have run for president in the time we've been "evaluating options." Some things are just hard to kill off. Like a legacy cipher. Or institutional momentum. Or the phrase "we take security seriously." We do take it seriously. We just don't take it urgently. Urgency is for startups. We're a mature organization. We mature our vulnerabilities like fine wine. 26 years. That's not negligence. That's commitment.

There is no cloud, just other people's computers. This is why it's important to keep that in mind.

1977: Hacker space epic "Star Wars" was released to little fanfare, though it has since become a cult classic. It's the tale of the droid R2-D2's hacking of the Death Star computer systems after his inept friends foolishly dove into a trash compactor.

The current enterprise firewall landscape

Password Criteria Watch THE SKINNY on Hulu here hulu.tv/TheSkinny

We're giving out the good stuff this year. 🎃

@UK_Daniel_Card @LisaForteUK we still doing these?

As a dog mom, I know that my dog is the cutest! 😊 And as the CISA Director, I know his name does not make a strong password. 🚫 Learn what does make a strong password in our new animation youtu.be/XXrbut5xRbE #SecureOurWorld #StrongPasswords

New by me: if you see this, please share it. Facebook to start account-lock facial scans, a new investigation into Tesla autopilot includes a fatality, that Covid font, and more... Plus, Sam cat and crinkly paper 🥰 Link: patreon.com/posts/cybersec…

8 years ago I went down a rabbit hole about facial recognition. At the same time I applied for my first passport. I flared my nostrils in the photo to "fool" any cameras I may encounter. I now have to flare them every time I go through an auto passport gate so I guess it worked.

Every time I go to the hotel, I tell one of the cleaners that I have been locked out of my room safe and if they could unlock it for me. You'd be surprised at how many actually do it no questions asked.

@evilsocket Not gonna lie, I lost it at this meme:

Probably would have been cheaper to become a TSA agent

Malware hiding in plain sight...

New by me: 1/3 of cyberattacks result in job losses, techbros waking up in the trolley problem, people "trying to wind back the clock to a halcyon 2019 where their business felt safe and secure," and more. Please share: this app hates Patreon links! Link: patreon.com/posts/cybersec…