SwiftOnSecurityDec 5, 2022
Microsoft seeing people use their products with the default settings they ship to customers
Show threadKostcheiDec 30, 2022
@SwiftOnSecurity a year+ ago I did azure security training, provided by Microsoft, in singapore, to folks they knew were security professionals ...
And every session of the multi-week epic involved setting up resources groups, servers, storage and users with credentials or settings that were just plain insecure. "we'll just do X- you wouldn't do this in production but for training purposes we'll do this quick work around" every time, every exercise.
"here's an rdp link" " copy this password" "open this to internet so we can X"
Teach / train /ship by default.. the way you want people to use it-- this must be, securely. Anything else is an abomination, a taint on the future... /rantoff
Show threadDave DustinDec 30, 2022

@kostchei @SwiftOnSecurity Preach it.

I once proposed a training course about how to secure SQL Server to the point stoneage mindset auditors couldn't find a fault.

Better part of a week required if we made them do labs properly.

Nope, was made to cut it down to half-day of training, and two half-day of labs (second one optional for juniors)

Show threadCyber YukiDec 30, 2022

@venzann @kostchei @SwiftOnSecurity It's almost as if the problem was...

capitalism 馃

Until corporations are held accountable with severe economic penalties for not doing their homework, we'll keep finding this over and over because instead of investing in security ("it's cheaper to pay the fines"), top execs prefer to maximize their profits.

Show threadAlexanderDec 30, 2022
@venzann @kostchei @SwiftOnSecurity @yuki2501 or it's that resources are limited and short-term thinking prevails in every system. If anything this was worse under communism. The best solution might be to properly penalize for negative externalities like this and create a incentive structure that uses capitalism to get the desired outcome.
Show threadTr枚gl枚d每tDec 30, 2022

@ajmurmann

wow, such optimism

@venzann @kostchei @SwiftOnSecurity @yuki2501

Show threadAlexanderDec 30, 2022
@yuki2501 @troglodyt @venzann @SwiftOnSecurity @kostchei No, not optimistic at all, just even more pessimistic to throw out the baby with the bathwater and still accomplish nothing. Nothing will happen though at all due to regulatory capture. Witu communism nothing would even need to be captured though which is even worse
Show threadTr枚gl枚d每tDec 30, 2022

@ajmurmann
your fear of a post-capitalist, class-less society that is not built on capital accumulation is funny and also quite disturbing

the "baby" is right now causing incomprehensible suffering to a degree and on a scale that makes the disasters of the hebrew bible look like jokes, and most of the people alive are participating knowingly in this

@yuki2501 @venzann @SwiftOnSecurity @kostchei

Show threadTr枚gl枚d每tDec 30, 2022

@ajmurmann
and no, your religious hope that somehow capitalism will overcome itself spontaneously and suddenly stop eradicating our habitat isn't pessimism, it's optimism fueled by a fanatic, religious fervour

please join us apostates

@yuki2501 @venzann @SwiftOnSecurity @kostchei

Show threadTr枚gl枚d每tDec 30, 2022

@ajmurmann
if by communism you mean the attempts at replacing the dictatorship of the market with dictatorships of the proletariat in soviet and china and you also seriously think we aren't way, way worse today than they were, that's also a religious opinion

@yuki2501 @venzann @SwiftOnSecurity @kostchei

Show threadAlexanderJan 1, 2023

@venzann @troglodyt @yuki2501 @SwiftOnSecurity @kostchei life today by almost any metric you can think of is better than it was twenty years ago.

I'm fairly convinced that as long as there is scarcity we are gonna either have economic or social pressure. I do hope that once we reach post-scarcity we can alleviate those. But that's far out.

Show threadTr枚gl枚d每t

@ajmurmann
also scarcity isn't an issue. the problem since the fifties or so is to make people consume more even though they don't need to, e.g. we're wasting insane amounts of good food to keep it out of the hands of the poor

@venzann @yuki2501 @SwiftOnSecurity @kostchei

Jan 1, 2023 at 7:27amWeb