There's a new privacy model designed by Apple and someone else, I don't recall, that makes DNS fairly securely private. I should post about that. But that just gives users more privacy, it doesn't increase security. That's a network perimeter and server OS issue. For most users, security isn't much of an issue for their devices because they don't have valuable information. Occasionally someone falls victim to ransomware, but that's more of a drive-by attack, not targeted. Worst a user is looking at is throwing away a hard drive for a couple hundred bucks and starting fresh with a loss of data. Stealing corporate and gov't data is the big ticket target these days.
And, of course, securing a toehold in corporate, government, university, and utility networks for potential future exploitation.
It's a little funny. Just a week or so ago the uni that I work for started sending emails that they were implementing two-factor authentication (2FA) for email and I think for online Microsoft product use, I don't recall if it was just for employees or across the board, because it was the "gold standard" for security. I almost did a spit take. I guess they didn't read about all of the bitcoin wallets that were stolen because these 15 and 16 y/o's social engineered Verizon and AT&T to change cell phone credentials and intercepted 2FA verification and committed some pretty big thefts.
Yeah, gold standard. If they want gold standard, they'd issue those Verisign random number generator security dongles to employees or give them the app for their phones. I had one for World of Warcraft for a while, had to enter a random number when logging on.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
no subject
Date: 2020-12-16 01:38 am (UTC)There's a new privacy model designed by Apple and someone else, I don't recall, that makes DNS fairly securely private. I should post about that. But that just gives users more privacy, it doesn't increase security. That's a network perimeter and server OS issue. For most users, security isn't much of an issue for their devices because they don't have valuable information. Occasionally someone falls victim to ransomware, but that's more of a drive-by attack, not targeted. Worst a user is looking at is throwing away a hard drive for a couple hundred bucks and starting fresh with a loss of data. Stealing corporate and gov't data is the big ticket target these days. And, of course, securing a toehold in corporate, government, university, and utility networks for potential future exploitation. It's a little funny. Just a week or so ago the uni that I work for started sending emails that they were implementing two-factor authentication (2FA) for email and I think for online Microsoft product use, I don't recall if it was just for employees or across the board, because it was the "gold standard" for security. I almost did a spit take. I guess they didn't read about all of the bitcoin wallets that were stolen because these 15 and 16 y/o's social engineered Verizon and AT&T to change cell phone credentials and intercepted 2FA verification and committed some pretty big thefts. Yeah, gold standard. If they want gold standard, they'd issue those Verisign random number generator security dongles to employees or give them the app for their phones. I had one for World of Warcraft for a while, had to enter a random number when logging on.