NaibofTabr
@NaibofTabr@infosec.pub
- Comment on Wednesday, my dudes. 6 days ago:
Never could get the hang of Thursdays.
- Comment on partytime 1 week ago:
An identification card usually issued by a government office.
- Comment on Senator Bernie Sander's Speech in regards the Israeli-Palestinian War 1 week ago:
It’s the strategic position in the Middle East, primarily. It wouldn’t surprise me at all if Israel intentionally provoked Iran as a way of saying to the US “you still need us”.
It’s not so much about what the US stands to gain as it is maintaining a longstanding political and military relationship. No country ends such relationships quickly, although there are signs that the relationship is weakening.
- Comment on trapped! 2 weeks ago:
“Hard” science fiction usually means that the futuristic concepts and fancy technology are based on (and limited) by our current understanding of the physical universe - if you had enough engineering ability, you could actually do the things presented in the story. This is in contrast to things like Star Wars and Star Trek, where the things they’re able to do are basically fantasy dressed up with a technological skin.
- Comment on A photography depicting the construction of the Great Pyramid of Giza - 2565 BCE. 2 weeks ago:
No they were built by human slave labor to be landing pads for alien space ships.
- Comment on What do companies get out of rewards programs 2 weeks ago:
Substitute your local area code as needed: ###-8675309.
- Comment on is there a legal way to consume alcohol bought at a store, outside of a home, hotel room, etc.? 3 weeks ago:
- Comment on Is the body of Christ gluten free? Asking for a friend. 3 weeks ago:
Which part of His body did you get? The spleen? A bit of intestine? One of the toes?
- Comment on Is the body of Christ gluten free? Asking for a friend. 3 weeks ago:
Then you can’t be Catholic.
- Comment on Passwords and 2FA at a small business 3 weeks ago:
OK, Workspace (web-hosted) business environment on Windows systems. You should probably use Google’s built-in 2FA enforcement for access to your business stuff. It will be the easiest to implement and manage. Also consider implementing Chrome Enterprise as a requirement for accessing your business apps, it will give you more control and if you’re using Workspace then the integration should be smooth. If your business needs expand beyond Google services, you might look at Island.
Are the laptops on Windows Enterprise? or Professional? Do you have any domain management for them? Or are they off-the-shelf with Home/OEM installs?
In any case, Applocker is built-in and free. With this you can restrict the laptops to only executing the applications that your business needs - if everything is accessed through Chrome, then it’s really simple, nothing else needs to run and if an employee has a specific extra need (Photoshop or CAD or QuickBooks or w/e) you can handle that on a case-by-case basis. If you have domain management then it’s easy to enforce Applocker on all the laptops, if not you’ll have to do each one manually, but it’s worth it because it will prevent a lot of nonsense. If your business expands and you outgrow the functionality of Applocker, consider Airlock Digital.
A big question is, where is your data? Is all of it in Workspace? Or do individual employees have pieces of it sitting on their hard drives? What happens if one of those hard drives crashes and you lose the employee’s work? Are those laptops going home with them? Are they on home/shared/public networks? As a startup, your business is your information, whatever form that takes. You need to get tracking on where your most sensitive bits of information are (customer lists, proprietary design/code/concept/etc, high-value assets, licenses/certifications/contracts, financial records, employee PII, anything that could end your business if you lost it), how they’re stored and how they’re used, and that is much more important than 2FA login. If possible, implement Bitlocker on the laptops. Maybe learn to use filesystemwatcher if you have sensitive files living on the Windows laptops. And start figuring out a backup plan (even if everything important is done in Workspace, keeping all of your data in Workspace doesn’t count as a backup plan).
I would highly recommend that you develop a security plan based on something like the NIST Cybersecurity Framework (this is a quickstart guide aimed at small businesses with little to no existing security planning). Don’t buy any fancy security products yet. Sit down and plan your security in a systematic way, and that will help expose your actual needs and blind spots.
Finally, some useful information sources:
- SANS Stormcast - 10-minute daily podcast with alerts about current threats
- Risky.biz - weekly cybersecurity news podcast and interviews with industry professionals
- Security Now - weekly cybersecurity news with deep dives into security topics
- Comment on Passwords and 2FA at a small business 3 weeks ago:
The right solution for you will depend a lot on your existing infrastructure.
Are you a Microsoft/Azure/O365 shop? Google Workspace? Do you have graphics people working on Apple devices? OT? Do you have self-hosted infra? All cloud? Hybrid? How complex is the environment you need to protect?
- Comment on Flying Aircraft Carriers (2019) 3 weeks ago:
- Comment on 70 percent of devs unsure of live-service games sustainability 3 weeks ago:
Get dev cycles to 3 years or less so that you can actually react to changing market conditions, and charge a fair price for a good product.
This industry’s already killing people with overwork and stress. Increasing the time pressure isn’t going to improve the quality or bring the price down.
We don’t need faster game development, there are already more games out there than anyone could play. We (the market) need to encourage quality over quantity.
- Comment on People watching at a mall in 1996 4 weeks ago:
They’re not just at the mall to pick up their online order?
- Comment on The U.S. government may finally mandate safer table saws 5 weeks ago:
That surgeon had been operating a table saw when his glove caught the saw blade and pulled in his hand.
Never wear gloves when working with rotating cutting heads (saws, routers, even drills). The blade will grab the glove and pull your hand in as the fabric wraps around it. The glove also gives you a false sense of safety, and blocks your sense of touch. A tiny catch of the glove might destroy your hand, where if your hand was bare you might’ve pulled it away with only a cut.
You’re much safer with your hands bare and being very aware of where your fingers are, especially around a table saw.
- Comment on Meta cancelled climate change ads, then cancelled a local newspaper that reported about the ads, then a blogger who reported on the paper's cancellation, and now has escalated to blocking all of LGF for posting the blogger's story 5 weeks ago:
This is a well written and a very rational take on the situation. Nick is probably right.
- Comment on Polish 1 month ago:
German is also a completely sensible language.
- Comment on *So far* 1 month ago:
I’ll just have the boiled plant mash filtered through compost.
- Comment on Uranium 🤤 1 month ago:
Hmm, this implies that pig #1 built his house out of hydrogen…
- Comment on LEGO Reveals Massive Dungeons & Dragons Set 1 month ago:
overpriced
At $359.99 for 3745 pieces this actually falls below the $0.10/brick threshold, which is pretty good for a licensed set. Most of the Star Wars sets are higher than that.
- Comment on LEGO Reveals Massive Dungeons & Dragons Set 1 month ago:
paperback book that can be purchased with 2,7000 Insider points
wut
- Comment on Rooster Teeth, home of Red Vs. Blue and RWBY, shutting down after 21 years 2 months ago:
There’s a really excellent documentary on YouTube titled On the Verge of Collapse - the Story of Rooster Teeth. Very much worth watching if you were ever a fan of their work.
- Comment on Cloudflare Employee records her final meeting where HR tries to fire her 3 months ago:
Hmm, but the HR people said they didn’t have any documentation, and if she hasn’t had a bad performance review prior to this meeting then there isn’t a paper trail showing poor performance.
If they generate some documentation after this meeting that shows poor performance, wouldn’t that kind of be a smoking gun for a fraud case? Because it seems pretty clear that the intent is to defraud her of unemployment benefits by claiming that she was fired with cause.
- Comment on Don't even think about it 3 months ago:
- Comment on The AI Horde has generated One Hundred Million Images! 4 months ago:
Wonderful. We’ve designed a system that can produce mostly garbage images that no one wants to look at extremely fast.
- Comment on Has google stopped working for finding anything? 4 months ago:
You can see the content, but it isn’t categorized, tagged or organized in any way. If you’re looking for some specific information but you don’t know which server/channel it was discussed on, you’ll never find it.
- Comment on I knew it all along! 4 months ago:
I trapped lightning in a rock, and taught it to do math.
Computers are arcane wizardry.
- Comment on Toilet without borders 4 months ago:
Building codes? We don’t need no stinkin’ building codes!
- Comment on A fair trade 4 months ago:
- Comment on Is the saying, "The internet's written in ink, not pencil" accurate? 4 months ago:
And if it’s an forum discussion with a solution to your current technical problem, the link will be dead.