Tux Machines

Security and Windows TCO

Posted by Roy Schestowitz on Jun 26, 2023

Programming Leftovers

Red Hat on K8s and OpenShift 4.13

Sweetwater Union High School District confirms data breach caused outages in February [Ed: Probably Windows, but no details given]

↺ Sweetwater Union High School District confirms data breach caused outages in February

> The Sweetwater Union High School District has confirmed a hack was the cause of a days-long system outage at their facilities, saying the personal information of employees, students, and families was accessed and taken.

> The update comes four months after the incident. On Friday afternoon, the Sweetwater Union High School District sent out a release about a security incident that left students and staff without email and internet access for days in February.

> "First of all, it hasn't even been sent to us employees," said Katina Rondeau, a teacher in the district.

Cyberattacks on hospitals 'should be considered a regional disaster,' researchers find

↺ Cyberattacks on hospitals 'should be considered a regional disaster,' researchers find

> But the crunch wasn't the result of a massive accident or the latest wave of patients infected by a new coronavirus variant. The influx was the direct result of a ransomware attack, a costly and unfortunately now common form of cybercrime in which [crackers] lock down their victims' files and demand a ransom, often millions of dollars, to unlock them.

Microsoft slammed for hitting European cloud users with ‘unfair, additional’ charges

↺ Microsoft slammed for hitting European cloud users with ‘unfair, additional’ charges

> Research from non-profit Cloud Infrastructure Services Providers in Europe organisation suggests cost of digital transformation is going up for ‘unfair’ reasons

Web-based cryptography is always snake oil

↺ Web-based cryptography is always snake oil

> A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

> It is inherent to the model of the web platform that the code which implements a client-side web application is distributed by the given website. Thus the client-side code is always distributed by the operator of the web server.

> In other words, web-based “E2E” applications claim to secure against malice on the part of the server operator using encryption implemented in client-side JavaScript, but this is obviously not true, since if the server operator was malicious, they could just push different client-side JavaScript. (Conversely, entities other than the server operator are secured against via use of TLS, so there is no additional benefit to “E2E” if you trust the server operator.)

gemini.tuxmachines.org