I've significantly expanded the Chromebook build howto: https://www.techsolvency.com/distance-asd/chromebook/ We already have a couple people collecting donated laptops and turning them into Chromeboo

The advantages of using a Chromebook workalike distribution like CloudReady are: * its UI is identical to what students are already using on Chromebooks at school * it is self-patching, without user k

I wrote a howto here: https://www.techsolvency.com/distance-asd/chromebook/ If you can help neighbors turn unpatchable old laptops into Chromebooks, do what you can. Please let me know if you learn an

Looks like lots of them have been fixed. Scott Helme is doing scans hourly: https://github.com/ScottHelme/le-scan Only these hosts from my original Alaska list remain at this writing: asch.cc cpanel.a

OK, in theory ... here are all of the Alaska-ish-looking hosts that I know of that appear in the known-broken list - best-effort and not exhaustive, but better than nothing: https://www.techsolvency.c

Let's Encrypt is revoking 3M certs tomorrow (issuance bug): https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864 Check yours manually here: https://unboundtest.com/caapr

PoC of a forged cert has been published - well-known researcher. https://twitter.com/esizkur/status/1217247035029622784 Many endpoint controls - antivirus, app whitelisting - are likely using crypt32.

Quickly: https://twitter.com/beauwoods/status/1217107577441587200 Today's @msftsecurity #PatchTuesday updates will fix several critical, high-profile vulnerabilities. This morning Anne Neuberger, Dire

A Citrix vulnerability is in the news again because it's being vigorously scanned for by what appear to be multiple actors. This Reddit thread provides an excellent summary of the issue: https://www.r

OK, the TLS scan results should now be complete. Also, older/stale hosts that are no longer in DNS should now be properly removed. Only certs with common issuers (DigiCert, GoDaddy, etc.): https://www

Er ... scratch that. :) I appear to have missed a passel of older scans. The current update should still be useful, but it'll be a couple more days before it's fully freshed. :)

Update: I've just completed a fresh scan of the rest of all known Alaskan hosts (it takes a few days!). Quite a few new hosts were discovered in the process. This "no TLS 1.2" search should now be pre

(tl;dr: if you have servers that do not support TLS 1.2, you need to start working now to upgrade/replace. And if you're not sure, you *really* do. :) ) The major browsers announced a year ago - in Oc

As I understand it, yes - physical access required.

The only remedy appears to be to replace the device. https://twitter.com/axi0mX/status/1177542201670168576 EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom explo

As you've probably seen, additional RDP vulns were patched for Patch Tuesday. Microsoft holds back the patch if Symantec AV is present in some circumstances, to avoid a system-impacting issue, Symante

Most of you have probably already heard about the BlueKeep RDP vulnerability, that Microsoft deems as wormable. What you may not have heard is that a reliable remote exploit is being privately managed

Patch ASAP. Patch and vuln announcement from SonicWall: https://www.sonicwall.com/support/product-notification/?sol_id=190717234810906 References: https://thehackernews.com/2019/07/vxworks-rtos-vulner

[cross-posting to AKLUG and NUGA] Along with the rest of the flood of vuln reports yesterday, Microsoft's Patch Tuesday included patches for a remote RDP bug: https://portal.msrc.microsoft.com/en-US/s

OK - my scan didn't turn up any that weren't already visible in Shodan (19 in Alaska). But there may be others. The Shodan list is exactly what attackers are using as a list of targets, but motivated