I think you hit the nail on it's head. Think about it: some countries where these mandates are/were introduced would describe themselves as liberal democracies. We have all these laws that limit the power of government. Forcibly injecting people with the vaccine is obviously not compatible with anything calling itself "liberal".
The ideological weakness is self evident. We can't go door to door with police to give everyone the jab, so we wishy-washy try to force people with other measures. Who can respect an authority that lies and betrays one of its core principles? How can one respect a government that truly tried to outlaw natural human behavior? Talk about heavy handed.
And, after some countries are now on their 4th boosters (Edit: shot, not booster), and my country being about halfway done with their third round, are we slowly stamping out the virus?
Personally I feel lied to and misled, the messaging from the government where I am from was far from what one would call nuanced and informed. The short story is that they promised: "If you take your shots, then we'll get out of this mess". Even now, a propaganda ad that states: "We don't want you to take a booster to make things impossible, we want you to take your booster to make things possible again". Even though it's abundantly clear that people are getting reinfected and spreading Omicron, booster or no booster.
From my perspective we're kidding ourselves that we can get a handle on this disease without permanently going in and out of lockdowns. In my county we stamped out the virus at least twice before (stamped out going to < 20 cases per day, some cities without for months). And then it comes back. Well I'm done locking down, and I think this is a consistent, fair standpoint to take. I don't want to have to identify myself and my status to enter the store or public life. People get sick, people die, everyone will get omicron, or something similar, eventually.
But the vaccinations are working to get everyone out of the mess. While Omicron is not prevented entirely by the vaccines, hospitalizations per confirmed case are an order of magnitude lower than previous waves, and deaths are similarly an order of magnitude lower. This was the trend with Delta before Omicron as well.
Highly vaccinated countries are now at the point where any of the current variants are now only a little more dangerous than seasonal flu, which we live with almost every year. As such, barring a more dangerous variant arising, there is no point to further lockdowns. It's endemic, it's not going away entirely, but we can now live with it.
The most important thing we can do now is get the rest of the world into a highly vaccinated state, which will help suppress further variants emerging so quickly.
"Microsoft Bug Bounty Program's (MSRC) response was poor: Initially, they misjudged and dismissed the issue entirely."
I recently ran into a similar issue with MSRC. I reported two exactly similar(near perfect) heap overflows exploitable from a local perspective with some time in between. The first report was awarded the maximum payout, and patched as 'Important'.
Meanwhile, MSRC changed its rules related local exploitation. Now, to obtain that, one needs to show the exploit working in the most hardened sandbox processes on the system. From my perspective this is quite unfair, both bugs are reported with the same severity to Microsoft's own customers. Both breach about 3 defined security boundaries (process, session and user). So, my communication stayed the same (all technical details), Microsoft's communication with _their_ customers stayed the same (important severity issue, 7.8 cvss), the only thing changed was my reward...(reason: ohh, it's not a sandboxed process, to we don't care.).
The only way to obtain the maximum payout is this even more stringent, and new, requirement of 'sandboxed process' -> 'other user' boundary. As if there are not a hundred thousand organizations sharing machines between users using Citrix and terminal and other similar technologies...
In any case, given that it takes close to a year, with hundreds of hours invested to uncover such a bug... I'm going to take my submissions elsewhere...
https://zerodium.com/, the going rate for a full exploit there (and I assume, one that works quickly & leaves little trace, i.e. a high quality exploit, never dealt with them before) is 80k.
Under the old rules that's already 4x as much as MS, but the warm fuzzies made up for that I suppose. Under the new rules, 40x as much, and no warm fuzzies are worth that imo.
Selling to Zerodium is not equivalent to getting a bounty from MSFT. Selling exploit code hurts people. Microsoft will patch the vuln to protect its customers. Selling exploits to Zerodium is very bad. Be a force for good in this world.
The logic of business would imply that a vendor of exploit code is going to make significantly more money reselling the exploit than the author of the exploit code. 100k for an exploit to the author? The exploit vendor will sell it for millions. Who has deep pockets enough that they are willing to buy exploit code for millions? A software vendor can engineers for many years for this cost.
Yeah, I don't like windows either, but its not the point. Billions rely on the security of Windows today, our entire global economy is dependent on reliability of our information systems.
One either helps maintain the security of our systems globally, or they seek to disrupt it for a pay day. I get quite upset when people enter with the mindset of 'the actual vendor wont pay me enough, ill sell it to shady exploit market'. It is not a simple pay day.
This way of thinking really reflects poorly on security professionals. They should care out of a sense of professional ethics or personal morals. Selling a bug to be fixed by a vendor or to be weaponized by one of Zerodium’s customers are not equivalent morally or ethically. They also aren’t the only two options: he could just sit on the bug. Someone else will likely discover it but he at least wouldn’t be complicit in the erosion of the security of the software ecosystem.
Let’s not pretend selling to private buyers is anything other than financially motivated. I don’t think security researchers who sell their vulnerabilities to private buyers are not acting to “motivate” Microsoft in a roundabout way. Even if we assume that is their motivation, such an arrangement is obviously unethical because vulnerabilities sold in this way are weaponized to do harm against others.
> Unless you work for free, you don't get to criticize others for getting paid for their work.
This is completely ridiculous. By this reasoning we shouldn’t criticize corrupt politicians or anyone whose chosen profession means they get paid to make the world a worse place to live. I don’t think we’ll see eye to eye on any of this, I simply can’t understand any of the arguments you’ve presented to justify getting paid to make the world a more dangerous place.
We're not going to see eye-to-eye because you think that other folks should work for free to make Microsoft products more secure.
I think that when security problems in Microsoft products are Microsoft's responsibility and no one else's. By insisting that other people work for free to improve that security, you're arguing that other people are responsible for said security problems.
That's a curious position. You think that someone who isn't paid is responsible, but not Microsoft, who is paid.
I understand why Microsoft would like that arrangement, but why do think that anything else is wrong?
This the result of the two party systems. Bi-paetisan compromise is rare, and even then is often backdoored with legislation not actually discussed.
This leads to the two parties only ever being in an adversarial relationship.
In other systems, sometime you get to make a majority government with other parties. This differi means that in mutti-party systems the "party line" is "these guys are ok, and reasonable" every once in a while.
Not so in the two party system, where the winner-takes-all perpetual adversarial relationship generates a constant steam of "the others suck, are dumb, evil and want to destroy the country"
> shaming and/or implying that people like myself are anti-vax.
I'm in a low risk bracket. My country saw an uptick in people canceling vaccination appointments. 40% of 60+ people here are now 'unsure' of taking the vaccine.
I've done nothing but work and follow the rules since this whole thing began. Young people without partners, or young people in general, that are active, have a social life did a complete 180* in their "allowed lifestyles".
I've paid with money, time, a year of my otherwise busy life, for people in risky age brackets, at _little_ benefit to myself. *
But I'm so done, don't tell me you're asking people like me to be stuck in our anti-social and unhealthy living arrangements, while there's a solution that's _safer_ than going to a covid shower?
People like me are done paying, I'm not going to wait around another year, you take the vaccine or you take covid for all I care.
They don't directly translate due to the inherent differences in between the two systems.
In short, pass-the-hash is a technique by which it is possible to authenticate to a windows system using the hash of a password, instead of the password itself. The NTLM hash is the secret, and does not need decrypting to authenticate.
NTLM authentication over the network can be redirected to other machines if they don't have traffic signing enabled (default only for domain controllers). So this gives rise to 'spreading' over the network in two ways:
* Steal the hash out memory of a system where you've got root access (called SYSTEM in windows terminology).
* Trick an administrator's system by connecting to your system somehow, and redirect the authentication to another system to take control. There are various techniques to do this, which I won't explain in this answer.
Given this known weakness, TAM/PAM/PAWs are all procedures/and a tiering architecture to prevent those secrets from being compromised.
A PAW, privileged access workstation, can be seen as an equivalent to a linux sysadmin's bastion host, roughly. It contains all private keys to all systems, but is well segmented, audited, and protected. This is the system that you use to perform administrative tasks that can't be done with any lower level of privilege. Say, the system that has the root account to all your production servers, for example.
PAM is the set the set of policies around logging when highly privileged accounts are used, which systems they can access with what privilege, etc, who can use them, how to approve actions by them, etc.
In short, they are the frameworks and policies used to combat the security weakness of these legacy protocol designs, and the reality of running big networks with guaranteed attacker activity in it.
Hopefully it doesn't? That would be poor design. It typically is just on a network segment that the firewall rules allow it to access the other servers.
Well, not literally. But it is meant to be the system that is used to gain root access to your domain controller to perform administrative tasks there. Install updates, fix issues, that type of thing.
So, although it does not literally house all passwords/keys/whatever to your network, it has access to a system that indirectly does.
Normal jump hosts should not have your private keys I guess, but I thought it was the closest analogy.
Just put it this way: if an attacker gets on that system, it's complete game over.
If it contains all private keys that would indeed be a bad design. Maybe what awd meant is that it contains a private key that all systems trust. That would make more sense.
I regularly perform tests like these. Overall there's a flat 10% 'critical failure' rate across organizations. You send a phishing e-mail pretending to be from the IT department, with some instructions to install the 'anti-virus scanner' or whatever, and 1 out of 10 people will open the e-mail, click the link, give their credentials, follow all instructions, click through all warnings and infect their machines.
If your organization is above a certain size, remote code execution in your network is a given. There's several technical measures you can take to make is _much_ harder to perform these attacks on Windows in general:
* Disable unsigned Office macro execution (if on windows with office)
* Disable mshta.exe or remove the .hta file association
If you can get away with it, productivity wise, enable whitelisting for all software.
Attackers can often times still find weak points in your organization. It's not always the marketing or HR department with Windows that gets phished. I once observed a colleague phish a webdev on a macbook with a recruitment 'challenge'.
You may have some (mild) form of dyslexia. You triggered me with your remedial classes to improve it, but no improvement.