decrypt[.]fail

This post documents my testing results for the Desktop version of the Linux distro Ubuntu. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

Ubuntu collected 12 out of 18 possible points – A score that shows its maturity.

Read more...

This post documents my testing results for the Desktop Linux distro Pop!_OS. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

Pop!_OS collected 9 out of 18 possible points – An OK balance between user experience and security.

Read more...

This post documents my testing results for the Desktop Linux distro Linux Mint. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

Linux Mint collected 13 out of 18 possible points – A very good result that shows the high level of maturity of this nicely polished distribution.

Read more...

This post documents my testing results for the Desktop Linux distro Manjaro. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

Manjaro collected 12 out of 18 possible points – A pretty good result for a distro that is focused on user experience.

Read more...

This post documents my testing results for the Desktop Linux distro EndeavourOS. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

EndeavourOS collected 9 out of 18 possible points – An OK balance between UX and Security.

Read more...

This post documents my testing results for the Desktop Linux distro MX Linux. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

MX Linux collected 10 out of 18 possible points – A good balance between UX and Security.

Read more...

I try out different Linux distros for my personal computers quite often. (Right now I'm running Manjaro on my laptop and Ubuntu on my personal workstation.) While hopping through various Linux distros per year, I observed that some distros have a better security posture by default than others. Good default security settings are important because a lot of users won't bother to improve security of their desktop OS by fiddling with settings or installing extra software.

So I decided to do some research and document the results within blog posts here. I will choose the distros based on their distrowatch ranking, starting with MX Linux. In this post I will define all the tests I run through, when reviewing the default settings of a vanilla install of the distros.

Read more...

This post tries to summarize the key steps to take for an effective Privilege Access Management program. Segmenting Privileges in an Active Directory based IT infrastructure is a key defense strategy against automated as well as human operated Ransomware attacks.

Key Challenges:

  1. Domain Admin group members have global privileges
  2. IT staff has local Admin privileges on all workstations
  3. The local Administrator account has the same password on many/all systems
  4. Passwords of highly privileged accounts aren't rotated frequently
  5. IT staff's normal user accounts have high privileges

The problem with the above is not that IT staff will misuse these privileges – The problem is rather that if one of the IT staffs' privileged accounts is compromised, adversary can laterally move very easily and quickly create a lot of damage (like encrypting all the systems they get access to).

Let's look into mitigating strategies for the above 5 Challenges!

Read more...

The Fediverse is a vastly different place than Twitter. Functions like the Local Timeline and server announcements in Mastodon create communities that do feel way more like real communities than let's say #infosec Twitter.

Things are just more civilized on Mastodon.

However, there are users on Mastodon, who use cross-posting integrations to toot all their Twitter tweets to Mastodon. With that the following issues arise:

  1. High frequency tweets flood the otherwise civilized Local Timeline of the user's home instance.
  2. The Mastodon user account becomes more or less a Bot – You cannot interact with it because the actual human never logs into Mastodon to check notifications there.

For the above reasons I have decided to limit such user accounts on the two instances I'm responsible for going forward. Below is a description of the 'Limit' moderation action.

Read more...

As a fellow #infosec practitioner I enjoy maturing the Cyber Security capabilities of the organization I work for. And as we make progress almost every day, I keep thinking about what the perfect state will be like and whether a state of perfection can ever be reached.

So, what does a perfect state of Cyber Security Operations look like?

Read more...