The Xz supply chain attack taught us that even trusted, longstanding open source projects can be compromised. Security vigilance must apply to every piece of code, no matter its history and the developer. We had a huge near-miss.

I hear hack back as a solution to intrusions, and disagree. Compromised machines in friendly/ neutral countries will be targeted, risking harm to innocents. The diplomatic implications are already severe. Hack back is inherently a governmental function. Cyber doesn’t stop cyber.

Shockingly accurate video of many enterprise security products.

Serious question. Can anyone tell me how we are safer / better for the cookie warning clicking I have to do on the internet? Advertisers still own your browsing habits and the world expends a collective bazillion hours a week on a needless friction.

It’s been quite a year… Expect anything that is internet facing to be probed, tested and then exploited if insecure. Restrict management interfaces for appliances - never directly expose them. Log and inspect with rigor!

We are all in this together. Government, industry, and academia need to collaborate in an environment where attackers have the advantage. Sometimes, however, each side can be a bit aggressive in its messaging.

Yes- I’m looking at you!

I’m at the point that I don’t need / want backpacks, notebooks, pens, lights, t-shirts and all of the other conference items. Despite that, it’s still a huge part of the conference experience. Anyone have a good estimate of what percent of giveaway swag is actually used?