POPULARITY
El pasado mes de mayo, sin darle mucha importancia, casi intentando volar bajo el radar, Microsoft anunció que iba a declarar como obsoleto a VBScript a partir de la próxima versión de Windows, este mismo año. A lo mejor te piensas que eso no tiene importancia, pero es algo con grandes implicaciones que vamos a analizar, y que igual te interesa más de lo que piensas. Enlaces mencionados: Boletín mensual de campusMVP.es El anuncio de Microsoft Petición en Change.org para salvar ASP Clásico Windows Scripting Host Internet Information Server (IIS) Estadísticas de sitios web con ASP Clásico hoy en día Documentación oficial del futuro Windows Server 2025
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 25/05 a 07/06.
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 25/05 a 07/06.
Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-389
Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-389
Nieuws na Microsoft Build over premium deployment stacks in Azure, de laatste Exchange server versie, een vleugje AI en wat is de toekomst van macro's bij Microsoft? CoPilot+ pc's Introductie van CoPilot+ pc's en de nieuwe 'Recall'-functie om je stappen terug te volgen. Bron: https://blogs.microsoft.com/blog/2024/05/20/introducing-copilot-pcs/ Bron: https://support.microsoft.com/en-us/windows/retrace-your-steps-with-recall-aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701cCopilot Deployment Stacks Algemene beschikbaarheid van ARM Deployment Stacks, een nieuwe manier om resources in Azure te beheren en te implementeren. Bron: https://techcommunity.microsoft.com/t5/azure-governance-and-management/arm-deployment-stacks-now-ga/ba-p/4145469 VBScript Deprecation Tijdlijnen en de volgende stappen voor de afschaffing van VBScript. Bron: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/vbscript-deprecation-timelines-and-next-steps/ba-p/4148301 Azure Bastion Premium Informatie over de Premium SKU en configuratie-instellingen voor Azure Bastion. Bron: https://learn.microsoft.com/en-us/azure/bastion/configuration-settings#skus Exchange Server vNext Update over de roadmap voor de volgende versie van Exchange Server. Bron: https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-roadmap-update/ba-p/4132742
In this episode, I cover the latest Chrome Zero Day, the upcoming retirement of VBScript, an update on the recent Google AI Overview story and much more! Reference Links: https://www.rorymon.com/blog/8th-chrome-zero-day-vbscript-retirement-plan-controversial-ai-interview/
Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-389
Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-389
Microsoft's Build event showcased several key announcements, including the introduction of AI-powered CoPilot Plus PCs, enhanced security measures, and new AI tools. The CoPilot Plus PCs featured AI-powered ARM-based Snapdragon X Elite and Plus processors, offering advanced capabilities for automation, collaboration, and productivity. These devices were designed to streamline IT tasks, boost collaboration, and enhance overall productivity for users.In terms of security, Microsoft unveiled a major push for Windows 11, introducing new features and updates to enhance user protections. This included the adoption of the Pluton security processor in the CoPilot Plus PCs, local security authority protection on all PCs, Windows Hello enhanced sign-in security, smart app control, and Windows Hello and Win32 app isolation updates. These security enhancements aimed to address cybersecurity challenges and provide users with a more secure computing environment.Additionally, Microsoft introduced new AI tools and capabilities, such as the Recall feature for logging and retrieving user actions, real-time video translation on Microsoft Edge, and the release of Azure AI Studio with various AI models optimized for different tasks. These tools aimed to improve user experience, accessibility, and efficiency by leveraging AI technology to enhance various aspects of computing and communication.Overall, Microsoft's focus on AI-powered CoPilot Plus PCs, enhanced security measures, and new AI tools at the Build event highlighted the company's commitment to innovation and improving the user experience in the digital landscape. Four things to know today from Microsoft Build 00:00 Surface Event Highlights: AI-Powered Copilot Plus PCs, Enhanced Security, and New AI Tools06:04 Microsoft Expands Copilot AI to Automate IT Tasks, Boost Collaboration, and Enhance Productivity09:15 End of an Era: Microsoft Deprecates NTLM and VBScript, Shifts to Modern Security Measures11:15 Windows 11 Recall Feature Sparks Privacy and Data Security Concerns Supported by: https://www.coreview.com/msp All our Sponsors: https://businessof.tech/sponsors/ Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social
Eric Lippert is a designer of fine programming languages; at Microsoft he worked on Visual Basic, VBScript, JScript and C#. At Facebook he worked on Hack (a gradually-typed PHP) and Bean Machine (a probabilistic extension of Python for data scientists). He is at present enjoying taking a break from corporate life. You can find Eric on the following sites: Twitter Mastodon Blog PLEASE SUBSCRIBE TO THE PODCAST Spotify Apple Podcasts YouTube Music Amazon Music RSS Feed You can check out more episodes of Coffee and Open Source on https://www.coffeeandopensource.com Coffee and Open Source is hosted by Isaac Levin --- Support this podcast: https://podcasters.spotify.com/pod/show/coffeandopensource/support
How fake drives continue to be sold on Amazon despite negative reviews Microsoft is discontinuing support for the VBScript language The 30-year old NTLM authentication protocol will eventually be removed from Windows Two new vulnerabilities found in cURL A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices Debate over whether "lib" should rhyme with "vibe" or "air" Instructions for accessing the SpinRite 6.1 pre-release version Feedback on passkey exportability and server IP address encryption A listener asks if ransomware can encrypt already encrypted files How Privacy Badger un-rewrites Google's search result links The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT
How fake drives continue to be sold on Amazon despite negative reviews Microsoft is discontinuing support for the VBScript language The 30-year old NTLM authentication protocol will eventually be removed from Windows Two new vulnerabilities found in cURL A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices Debate over whether "lib" should rhyme with "vibe" or "air" Instructions for accessing the SpinRite 6.1 pre-release version Feedback on passkey exportability and server IP address encryption A listener asks if ransomware can encrypt already encrypted files How Privacy Badger un-rewrites Google's search result links The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT
How fake drives continue to be sold on Amazon despite negative reviews Microsoft is discontinuing support for the VBScript language The 30-year old NTLM authentication protocol will eventually be removed from Windows Two new vulnerabilities found in cURL A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices Debate over whether "lib" should rhyme with "vibe" or "air" Instructions for accessing the SpinRite 6.1 pre-release version Feedback on passkey exportability and server IP address encryption A listener asks if ransomware can encrypt already encrypted files How Privacy Badger un-rewrites Google's search result links The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT
How fake drives continue to be sold on Amazon despite negative reviews Microsoft is discontinuing support for the VBScript language The 30-year old NTLM authentication protocol will eventually be removed from Windows Two new vulnerabilities found in cURL A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices Debate over whether "lib" should rhyme with "vibe" or "air" Instructions for accessing the SpinRite 6.1 pre-release version Feedback on passkey exportability and server IP address encryption A listener asks if ransomware can encrypt already encrypted files How Privacy Badger un-rewrites Google's search result links The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT
How fake drives continue to be sold on Amazon despite negative reviews Microsoft is discontinuing support for the VBScript language The 30-year old NTLM authentication protocol will eventually be removed from Windows Two new vulnerabilities found in cURL A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices Debate over whether "lib" should rhyme with "vibe" or "air" Instructions for accessing the SpinRite 6.1 pre-release version Feedback on passkey exportability and server IP address encryption A listener asks if ransomware can encrypt already encrypted files How Privacy Badger un-rewrites Google's search result links The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT
How fake drives continue to be sold on Amazon despite negative reviews Microsoft is discontinuing support for the VBScript language The 30-year old NTLM authentication protocol will eventually be removed from Windows Two new vulnerabilities found in cURL A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices Debate over whether "lib" should rhyme with "vibe" or "air" Instructions for accessing the SpinRite 6.1 pre-release version Feedback on passkey exportability and server IP address encryption A listener asks if ransomware can encrypt already encrypted files How Privacy Badger un-rewrites Google's search result links The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT
How fake drives continue to be sold on Amazon despite negative reviews Microsoft is discontinuing support for the VBScript language The 30-year old NTLM authentication protocol will eventually be removed from Windows Two new vulnerabilities found in cURL A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices Debate over whether "lib" should rhyme with "vibe" or "air" Instructions for accessing the SpinRite 6.1 pre-release version Feedback on passkey exportability and server IP address encryption A listener asks if ransomware can encrypt already encrypted files How Privacy Badger un-rewrites Google's search result links The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT
How fake drives continue to be sold on Amazon despite negative reviews Microsoft is discontinuing support for the VBScript language The 30-year old NTLM authentication protocol will eventually be removed from Windows Two new vulnerabilities found in cURL A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices Debate over whether "lib" should rhyme with "vibe" or "air" Instructions for accessing the SpinRite 6.1 pre-release version Feedback on passkey exportability and server IP address encryption A listener asks if ransomware can encrypt already encrypted files How Privacy Badger un-rewrites Google's search result links The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT
It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios. Many of these systems are designed, successfully, to maintain availability. But when a port scan can freeze or crash a device, that availability seems like it hasn't put enough consideration into adversarial environments. We chat about the common failures of OT design and discuss a few ways that systems designed today might still be secure 30 years from now. In the news, how HTTP/2's rapid reset is abused for DDoS, a look at the fix for Curl's recent high severity bug, OWASP moves to make CycloneDX a standard, Microsoft deprecates NTLM, VBScript, and old TLS -- while also introducing an AI bug bounty program. Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-259
How HTTP/2's rapid reset is abused for DDoS, a look at the fix for Curl's recent high severity bug, OWASP moves to make CycloneDX a standard, Microsoft deprecates NTLM, VBScript, and old TLS -- while also introducing an AI bug bounty program. Show Notes: https://securityweekly.com/asw-259
It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios. Many of these systems are designed, successfully, to maintain availability. But when a port scan can freeze or crash a device, that availability seems like it hasn't put enough consideration into adversarial environments. We chat about the common failures of OT design and discuss a few ways that systems designed today might still be secure 30 years from now. In the news, how HTTP/2's rapid reset is abused for DDoS, a look at the fix for Curl's recent high severity bug, OWASP moves to make CycloneDX a standard, Microsoft deprecates NTLM, VBScript, and old TLS -- while also introducing an AI bug bounty program. Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://securityweekly.com/asw for all the latest episodes!
How HTTP/2's rapid reset is abused for DDoS, a look at the fix for Curl's recent high severity bug, OWASP moves to make CycloneDX a standard, Microsoft deprecates NTLM, VBScript, and old TLS -- while also introducing an AI bug bounty program. Show Notes: https://securityweekly.com/asw-259
https://youtu.be/dSUkvBUDum4 This week on the podcast, we cover the recent HTTP/2 protocol vulnerability that lead to the largest DDoS attack ever recorded by CloudFlare. After that, we discuss Microsoft's announcement about the deprecation of VBScript and the impending removal of NTLM. We then cover a collection of data allegedly stolen from the genealogy website 23 and Me before ending with a fun bit of research targeting private servers for the Grand Theft Auto Online video game.
In this episode of the Business of Tech podcast, Dave Sobel discusses four key topics. First, he explores how SMBs are turning to technology for resilience. Next, he delves into the potential of automation, AI, and the four-day workweek. He then highlights significant changes in the cybersecurity landscape, focusing on VBScript, NTLM, and DDoS vulnerabilities. Finally, Dave shares the news that Google has joined Adobe and Microsoft in pledging to defend AI copyright. Throughout the episode, he emphasizes the implications for MSPs and the potential of passkeys in unlocking new opportunities. Don't miss this insightful discussion on the latest trends and developments in the tech industry.Four things to know today00:00 SMBs Look to Tech for Resilience: Automation, AI, and the 4-Day Workweek05:27 Significant Changes in Cybersecurity Landscape: VBScript, NTLM, and DDoS Vulnerabilities08:26 Google joins Adobe, and Microsoft with Pledge to Defend AI Copyright: What it Means for MSPs10:11 Unlocking the Potential of Passkeys: Why Small Might Lead the WayAdvertiser: https://mspglobal.com/ CODE MSPRADIOhttps://rfcode.com/mspradio/ CODE MSPRADIO for 30% offLooking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Support the show on Patreon: https://patreon.com/mspradio/Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.comFollow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftech
What is fifty-three minutes in time, and yet timeless? This episode of the PCPer podcast, of course! Yes, we made Podcast History (tm) once again this week, and did it in just under an hour. Listen again and again, savoring every moment. We can't stop you. Enjoy the Arc, The VBScript, and the Dark Rock within.Timestamps:00:00 Intro02:11 Josh did not have a burger04:14 Intel launches Arc A580 as A750 goes on sale for $10 more08:57 More Arc news - driver update massively improves Starfield perf11:17 be quiet! Dark Rock Pro 5 and Dark Rock Elite air coolers coming soon13:53 Microsoft says VBScript will be removed from future Windows release16:19 MS provides tutorial on installing Linux?17:54 Windows 11 21H2 already going EOL19:57 Security Corner32:02 Gaming Quick Hits43:01 Picks of the Week51:48 Outro ★ Support this podcast on Patreon ★
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 07/10 a 13/10.
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 07/10 a 13/10.
Genetic information stolen by credential stuffing attack.New “rapid reset” zero day enables record breaking DDoS.Microsoft will kill of VBScript in the near future.
Microsoft is deprecating VBScript, X's CEO responds to the EU's 24-hour ultimatum on disinformation, and Microsoft owes the IRS nearly $30 billion in back taxes… MP3 Please SUBSCRIBE HERE. You can get an ad-free feed of Daily Tech Headlines for $3 a month here. A special thanks to all our supporters–without you, none of thisContinue reading "Microsoft Owes The IRS Nearly $30 Billion In Back Taxes – DTH"
On this week's episode I do a roundup of the Patch Tuesday news for October, I dive into the recently disclosed Citrix vulnerabilities, the deprecation of VBScript and more! Reference Links: https://www.rorymon.com/blog/critical-citrix-vulnerabilities-disclosed-vbscript-deprecated-patch-tuesday-news/
On this week's show Patrick Gray and Lina Lau discuss the week's security news. They cover: Microsoft has killed VBScript Google to make passkeys the new default sign-in method MGM losses to exceed $100m Clorox has a bad quarter Why a bug in cURL could be really bad news Much, much more This week's show is brought to you by KSOC. Jimmy Mesta, KSOC's co-founder and CTO, is this week's sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments. Show notes Deprecated features in the Windows client - What's new in Windows | Microsoft Learn Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive MGM Resorts' Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states Cybercrime gangs now deploying ransomware within 24 hours of hacking victims Microsoft: Human-operated ransomware attacks tripled over past year Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop 67 X accounts spread coordinated Israel-Hamas disinformation: report John Hultquist
On this week's show Patrick Gray and Lina Lau discuss the week's security news. They cover: Microsoft has killed VBScript Google to make passkeys the new default sign-in method MGM losses to exceed $100m Clorox has a bad quarter Why a bug in cURL could be really bad news Much, much more This week's show is brought to you by KSOC. Jimmy Mesta, KSOC's co-founder and CTO, is this week's sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments. Show notes Deprecated features in the Windows client - What's new in Windows | Microsoft Learn Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive MGM Resorts' Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states Cybercrime gangs now deploying ransomware within 24 hours of hacking victims Microsoft: Human-operated ransomware attacks tripled over past year Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop 67 X accounts spread coordinated Israel-Hamas disinformation: report John Hultquist
In the ongoing geopolitical battle between the United States and China, a new front has emerged, focusing on the open-source chip technology known as RISC-V. American lawmakers, citing national security concerns, are pressuring the Biden administration to place restrictions on U.S. companies' involvement in RISC-V, which is widely utilized in China. This technology competes with proprietary chip architectures from Arm and Intel and has applications ranging from smartphone chips to advanced artificial intelligence processors. The lawmakers fear that China is exploiting the culture of open collaboration among American companies to bolster its own semiconductor industry, potentially undermining the U.S.'s leadership in the chip field and supporting China's military modernization. We've spoken a lot about RISC-V and the US/China situation, so it's no surprise that these are coming together. How should we look at this situation? Time Stamps: 0:00 Welcome to the Rundown 0:50 - Backblaze Listed by CoreWeave 3:02 - VBscript to be removed by Mircosoft to block Malwar 5:42 - $21 Million Raised for Alcion's BaaS Platform 8:38 - Progress WS_FTP Exploited 11:36 - AMD Acquires Nod Labs 14:49 - APNIC Is Almost Out of Addresses 17:52 - US-China Tech War now Focused on RISC-V chip Technology 27:42 - The Weeks Ahead 29:24 - Thanks for Watching Follow our Hosts on Social Media Tom Hollingsworth: https://www.twitter.com/NetworkingNerd Stephen Foskett: https://www.twitter.com/SFoskett Follow Gestalt IT Website: https://www.GestaltIT.com/ Twitter: https://www.twitter.com/GestaltIT LinkedIn: https://www.linkedin.com/company/Gestalt-IT Tags: #Rundown, #AI, #Networking, #IPv6, #Backup, #Malware, #Storage, #BaaS, #VBScript, #RISCV, #China, @Backblaze, @CoreWeaver, @Microsoft, @AlcionHQ, @Progress_SW, @AMD, @NodLabsInc, @APNIC, #CFD18,
A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
Il Commissario Thierry Breton ha scritto una lettera a Elon Musk riguardo i contenuti del tutto o parzialmente falsi che circolano su X in merito al conflitto in Israele e Palestina, in base alle regole del Digital Services Act. E poi Microsoft ritira VBScript, e RISC-V risponde alle proposte americani di bloccare la circolazione degli open standard. #eu #elonmusk #twitter #microsoft #riscv === Podcast Spotify - https://open.spotify.com/show/4B2I1RTHTS5YkbCYfLCveU Apple Podcasts - https://podcasts.apple.com/us/podcast/buongiorno-da-edo/id1641061765 Amazon Music - https://music.amazon.it/podcasts/5f724c1e-f318-4c40-9c1b-34abfe2c9911/buongiorno-da-edo = RSS - https://anchor.fm/s/b1bf48a0/podcast/rss --- Send in a voice message: https://podcasters.spotify.com/pod/show/edodusi/message
On this week's episode of the podcast I discuss the fact VBScript is now removable in a Windows 11 preview, I cover a Malware threat from OneNote files and much more! Reference Links: https://www.rorymon.com/blog/is-vbscript-nearing-the-end-possible-windows-12-leak-bing-ai-in-windows-11/
In this special episode of The PowerShell Podcast, we celebrate the show's 1 year anniversary with a very special guest, Don Jones! Don is the founder of the DevOps Summit and has been a leader in the PowerShell community for many years. We chat about the origins of the DevOps Summit, the transition of leadership to James Petty and others, and the importance of learning by doing. Don also shares his tips for responding to recruiters, and Jordan gives himself a well-deserved pat on the back. Tune in to hear all this and more! Guest Bio and links: Don has been writing since 2000, although for the first almost two decades, he stuck with technology books. You know, those big, thick ones that seem to be sold by the pound. That included bestsellers like Learn Windows PowerShell in a Month of Lunches, Managing Windows with VBScript and WMI, and The Windows Server 2003 Delta Guide. In 2018 or so, Don's career turned away from technology, and his writing turned toward fiction. See The PowerShell Podcast on YouTube: https://www.youtube.com/watch?v=6aAsymolQvw @donjones@techhub.social https://donjones.com/books/shell-of-an-idea/ https://leanpub.com/bethemaster4 Own Your Tech Career (manning.com) https://www.patreon.com/donjoneswrites https://twitter.com/concentrateddon
John Hammond demonstrates a CTF walkthrough and also explains the tools and techniques he uses to be more efficient. Menu: 0:00 ⏩ This stuff helps in your real world job 1:16 ⏩ Introduction 1:48 ⏩ picoCTF site 2:36 ⏩ Labs can be accessed at any time 3:12 ⏩ picoCTF labs 3:33 ⏩ First CTF walkthrough 3:57 ⏩ Favourite distro 4:07 ⏩ Linux natively or in a VM? 4:29 ⏩ First CTF solution 5:50 ⏩ Second CTF 9:51 ⏩ Skills that John recommends you get 12:12 ⏩ Linux and then Python and then CTFs 12:57 ⏩ Ubuntu vs Kali vs Parrot OS etc 14:04 ⏩ Kali in VM? 14:46 ⏩ What about writing reports or e-mail? 15:50 ⏩ Which application do you recommend? 17:05 ⏩ Do you dump knowledge into something? 18:38 ⏩ How do you manage all the data collected? 20:16 ⏩ Don't just do it and forget what you have done 21:10 ⏩ CTFs vs Real World 21:54 ⏩ Base64 and ideas 24:17 ⏩ John's VBscript example 25:58 ⏩ Second CTF solution 26:40 ⏩ CTFs vs Bug Bounty vs Real World Previous video: https://youtu.be/u4u6ob13s2c ================ Connect with me: ================ Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal ================ Connect with John: ================ YouTube: https://www.youtube.com/johnhammond010 Twitter: https://twitter.com/_johnhammond LinkedIn: https://www.linkedin.com/in/johnhammo... ================ Links: ================ picoCTF: https://picoctf.org/ Obsidian: https://obsidian.md/ Hack the box: https://www.hackthebox.eu/ Try Hack Me: https://tryhackme.com/ All-Army CyberStakes: https://www.acictf.com/ CTF Time: https://ctftime.org/ctf-wtf/ eLearn Security: https://elearnsecurity.com OSCP: https://www.offensive-security.com/co... CEH: https://www.eccouncil.org/programs/ce... ================ Support me: ================ DavidBombal.com: CCNA ($10): http://bit.ly/yt999ccna Udemy CCNA Course: https://bit.ly/ccnafor10dollars GNS3 CCNA Course: CCNA ($10): https://bit.ly/gns3ccna10 ctf capture the flag tryhackme hackthebox picoctf picoctf 2021 base64 john hammond cybersecurity hack the box try hack me htb thm incident response incident response cyber security cyber security career cybersecurity cybersecurity careers ceh oscp ine oscp certification ctf for beginners first job cybersecurity job Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
On this episode Demise of AMC & Movie Theatres vs HBO MAX vs YouTube : Man in search of the truth over Chinese Espionage: Virus, Bio Warfare, Masks & Curbside COVID-19 @ Best Buy, watch out for these Coronavirus websites and scams, China spreading rumors about COVID-19, hackers, Taiwan, US, Chinese and Russian trolls working 24/7 to spread disinformation, State Department employees test positive for Coronavirus, ebola, Netflix to slow down streaming to stop the internet from breaking, leave a voicemail at 313-MAN-0231........ 寻找有关中国间谍活动的真相的人:病毒,生物战,口罩和路边COVID-19 @ Best Buy,当心这些冠状病毒网站和骗局,中国散布有关COVID-19,黑客,台湾,美国,中国和中国的谣言 俄罗斯巨魔全天候(24/7)传播虚假信息,国务院员工对冠状病毒,埃博拉病毒和Netflix呈阳性反应,以减慢流传输速度以阻止互联网中断,并在313-MAN-0231留下语音邮件COVID-19: De-Coupling, Cyber-Bio-Toxic Warfare and Man search of truth and the COVID-19: China Virus Dis.info campaign waged by
TV CANCELLED: COPS, BLM, GONE W THE WIND, COVID-19 MALWARE PHISHING CYBERSPACE HBO MADONNA DISNEY ............. hackers 1.1 Air-Gapped Network. 1.2 Antivirus. 1.3 Best Practices. 1.4 Black Hat. 1.5 Blacklist. 1.6 Botnet. 1.7 Casus Belli. 1.8 Civilian Participation. Igloo Security, ESTSecurity, SOPHOS, SK 2020. △AI △Ransomware △Supply Chain Attacks △Cloud △IoT △Malicious Emails △Dark Web ASIA PACIFIC SECURITY, CYBER RESILIENCE, DATA BREACH, EDITOR'S DESK, EDUCATION, EVENTS, IT SOLUTIONS, MOVERS & SHAKERS, RISK MANAGEMENT, SECURITY PRODUCTS, TECHTIM: The Invisible Wall and Vault 7, Espionage, fake news, Man in search of the truth over Chinese Espionage: Virus, Bio Warfare, Masks watch out for these Coronavirus websites and scams, China spreading rumors about COVID-19, hackers, Taiwan, US, Chinese working 24/7 to spread disinformation, State Department employees test positive for Coronavirus, ebola, Netflix to slow down streaming to stop the internet from breaking, leave a voicemail at 313-MAN-0231........ 寻找有关中国间谍活动的真相的人:病毒,生物战,口罩和路边COVID-19 @ Best Buy,当心这些冠状病毒网站和骗局,中国散布有关COVID-19,黑客,台湾,美国,中国和中国的谣言 俄罗斯巨魔全天候(24/7)传播虚假信息,国务院员工对冠状病毒,埃博拉病毒和Netflix呈阳性反应,以减慢流传输速度以阻止互联网中断,并在313-MAN-0231留下语音邮件1.1 Air-Gapped Network. 1.2 Antivirus. 1.3 Best Practices. 1.4 Black Hat. 1.5 Receive alerts via phone call, SMS, push notification, or email | Configure automatic incident escalation marketing/advertising campaigns or product names, data, articles, documents, discussion forum threads, blog entries, computer code, such as software sample code, source code, scripts, patches, bug fixes, binaries or executables, or other information The malicious VBScript is camouflaged as popular Hollywood movies
COVID-19: De-Coupling, Cyber-Bio-Toxic Warfare and Man search of truth and the COVID-19: China Virus Dis.info campaign waged by
Man search of truth and the COVID-19: China Virus Dis.info campaign waged by
Oh this episode: COVID-19 cybersecurity. Dreambot malware operation goes silent This cyberwar : eventbot, ‘Black Rose Lucy' Malware Botnet Returns With Ransomware Apple e-mail app for iOS infected w malware, Chip readers and not so state of the art technology: insert chip insert chip insert chip : mobile security, India, FaceBook, Chinese hackers 1.1 Air-Gapped Network. 1.2 Antivirus. 1.3 Best Practices. 1.4 Black Hat. 1.5 Blacklist. 1.6 Botnet. 1.7 Casus Belli. 1.8 Civilian Participation. Igloo Security, ESTSecurity, SOPHOS, SK Infosec, Check Point, and Trend Micro have selected 7 cyber security keywords for the year 2020. △AI △Ransomware △Supply Chain Attacks △Cloud △IoT △Malicious Emails △Dark Web ASIA PACIFIC SECURITY, CYBER RESILIENCE, DATA BREACH, EDITOR'S DESK, EDUCATION, EVENTS, IT SOLUTIONS, MOVERS & SHAKERS, RISK MANAGEMENT, SECURITY PRODUCTS, TECHTIM: The Invisible Wall and Vault 7, Espionage, fake news, Man in search of the truth over Chinese Espionage: Virus, Bio Warfare, Masks watch out for these Coronavirus websites and scams, China spreading rumors about COVID-19, hackers, Taiwan, US, Chinese working 24/7 to spread disinformation, State Department employees test positive for Coronavirus, ebola, Netflix to slow down streaming to stop the internet from breaking, leave a voicemail at 313-MAN-0231........ 寻找有关中国间谍活动的真相的人:病毒,生物战,口罩和路边COVID-19 @ Best Buy,当心这些冠状病毒网站和骗局,中国散布有关COVID-19,黑客,台湾,美国,中国和中国的谣言 俄罗斯巨魔全天候(24/7)传播虚假信息,国务院员工对冠状病毒,埃博拉病毒和Netflix呈阳性反应,以减慢流传输速度以阻止互联网中断,并在313-MAN-0231留下语音邮件1.1 Air-Gapped Network. 1.2 Antivirus. 1.3 Best Practices. 1.4 Black Hat. 1.5 Blacklist. 1.6 Botnet. 1.7 Casus Belli. 1.8 Civilian Participation. Igloo Security, ESTSecurity, SOPHOS, SK Infosec, Check Point, and Trend Micro have selected 7 cyber security keywords for the year 2020. △AI △Ransomware △Supply Chain Attacks △Cloud △IoT △Malicious Emails △Dark Web ASIA PACIFIC SECURITY, CYBER RESILIENCE, DATA BREACH, EDITOR'S DESK, EDUCATION, EVENTS, IT SOLUTIONS, MOVERS & SHAKERS, RISK MANAGEMENT, SECURITY PRODUCTS, TECHTIME, VULNERABILITIES software products, technologies, Receive alerts via phone call, SMS, push notification, or email | Configure automatic incident escalation marketing/advertising campaigns or product names, data, articles, documents, discussion forum threads, blog entries, computer code, such as software sample code, source code, scripts, patches, bug fixes, binaries or executables, or other information The malicious VBScript is camouflaged as popular Hollywood movies such as John Wick: Chapter 3 – Parabellum, and it is delivered using file names such as "John_Wick_3_Parabellum," and "contagio-1080p," as well as Spanish titles "Punales_por_la_espalda_BluRay_1080p," "La_hija_de_un_ladron," and "Lo-dejo-cuando-quiera."
Hallo und herzlich willkommen zur ersten Folge des Please Talk Data To Me Podcasts im neuen Jahrzehnt. Irgendjemand hat das Kellerfenster im Aufnahmestudio aufgelassen und nun haben sich heimtückische T-SQL Ninjas eingeschlichen und den Podcast übernommen. Zum Glück können unsere Protagonisten auf die Erfahrungen vom Nakatomi Plaza aus dem letzten Jahr zurückgreifen und haben natürlich unglaublich viele 80er Jahre Actionfilme gesehen in denen Ninjas vorkommen - daher sollte es für sie ein Leichtes sein auch diese Bedrohung abzuwenden. Wie immer eröffnen sie mit dem Reisetagebuch und geben eine Vorschau auf das, was im ersten Halbjahr 2020 so ansteht. Danach berichtet Tillmann aus den Untiefen der deutschen Internetkonnektivität. Im Anschluss schafft es Tillmann Biml Ben von Windows Terminal zu überzeugen weil man da ja VBScript laufen lassen kann. Dann endlich betritt der T-SQL Ninja die Bühne und Tobi-San und Fred-San erklären was es mit dem Projekt auf sich hat. Danach gibt es Infos zu Microsoft Styleguides und zu SSIS, ein Produkt das nicht mal der Ninja erledigen kann. Nachdem sich die Talkrunde das Thema Erweiterungen für VS Code, insbesondere dem ARM Template Viewer und der Stream Analytics Extension vorgeknöpft und ordentlich vermöbelt haben versucht Tillmann die Ninjas durch ein schnell eingeschobenes Thema (Polumi und Terraform) zu verwirren. Eine weitere Finte führt Biml Ben aus indem er von seiner Lego-Sammlung berichtet. So leicht lassen sich echte Ninjas aber nicht täuschen und nehmen sich dann als Endboss einen Film vor den ganz bestimmt nicht nur Frank gesehen hat: Star Wars - The Rise of Skywalker. Nachdem auch dieses Thema mit viel Hilfe aus den achziger Jahren des letzten Jahrtausends windelweich geprügelt wurde verschwinden die Ninjas wieder in den Schatten der Dunkelheit und lassen uns und ein angefangenes Jahr 2020 zurück. Ich denke vom T-SQL Ninja werden wir noch hören. Abspann und Cliffhanger: wir sehen wie sich die Ninjas im Schatten High Fives geben...
Visual Basic Welcome to the History of Computing Podcast, where we explore the history of information technology. Because understanding the past prepares us for the innovations of the future! Today we're going to cover an important but often under appreciated step on the path to ubiquitous computing: Visual Basic. Visual Basic is a programming language for Windows. It's in most every realistic top 10 of programming languages of all time. It's certainly split into various functional areas over the last decade or so, but it was how you did a lot of different tasks in Windows automation and programming for two of the most important decades through a foundational period of the PC movement. But where did it come from? Let's go back to 1975. This was a great year. The Vietnam War ended, Sony gave us Betamax, JVC gave us VHS. Francisco Franco died. I don't wish ill on many, but if I could go back in time and wish ill on him, I would. NASA launched a joint mission with the Soviet Union. The UK voted to stay the EU. Jimmy Hoffa disappears. And the Altair ships. Altair Basic is like that lego starter set you buy your kid when you think they're finally old enough to be able to not swallow the smallest pieces. From there, you buy them more and more, until you end up stepping on those smallest pieces and cursing. Much as I used to find myself frequently cursing at Visual Basic. And such is life. Or at least, such is giving life to your software ideas. No matter the language, there's often plenty of cursing. So let's call the Altair a proto-PC. It was underpowered, cheap, and with this Microsoft Basic programming language you could, OMG, feed it programs that would blink lights, or create early games. That was 1978. And based largely on the work of John Kemeny and Thomas Kurts, the authors of the original BASIC in 1964, at Dartmouth College. As the PC revolution came, BASIC was popular on the Apple II and original PCs with QuickBASIC coming in 1985, and an IDE, or Integrated Development Environment, for QuickBASIC shipped in 2.0. At the time Maestro was the biggest IDE in use, but they'd been around since Microsoft released the first in 1974. Next, you could compile these programs into DOS executables, or .exe files in 3.0 and 4.0 brought debugging in the IDE. Pretty sweet. You could run the interpreter without ever leaving the IDE! No offense to anyone but Apple was running around the world pitching vendors to build software for the Mac, but had created an almost contentious development environment. And it showed from the number of programs available for the Mac. Microsoft was obviously investing heavily in enabling developers to develop in a number of languages and it showed; Microsoft had 4 times the software titles. Many of which were in BASIC. But the last version of QuickBASIC as it was known by then came in 4.5, in 1988, the year the Red Army withdrew from Afghanistan - probably while watching Who Framed Roger Rabbit on pirated VHS tapes. But by the late 80s, use began to plummet. Much as my daughters joy of the legos began to plummet when she entered tweenhood. It had been a huge growth spurt for BASIC but the era of object oriented programming was emerging. But Microsoft was in an era of hyper growth. Windows 3.0 - and what's crazy is they were just entering the buying tornado. 1988, the same year as the final release of QuickBASIC, Alan Cooper created a visual programming language he'd been calling Ruby. Now, there would be another Ruby later. This language was visual and Apple had been early to the market on Visual programming, with the Mac - introduced in 1984. Microsoft had responded with Windows 1.0 in 1985. But the development environment just wasn't very… Visual. Most people at the time used Windows to open a Window of icky text. Microsoft leadership knew they needed something new; they just couldn't get it done. So they started looking for a more modern option. Cooper showed his Ruby environment to Bill Gates and Gates fell in love. Gates immediately bought the product and it was renamed to Visual Basic. Sometimes you build, sometimes you partner, and sometimes you buy. And so in 1991, Visual Basic was released at Comdex in Atlanta, Georgia and came around for DOS the next year. I can still remember writing a program for DOS. They faked a GUI using ASCII art. Gross. VB 2 came along in 1992, laying the foundations for class modules. VB 3 came in 93 and brought us the JET database engine. Not only could you substantiate an object but you had somewhere to keep it. VB 4 came in 95 because we got a 32-bit option. That adds a year or 6 for every vendor. The innovations that Visual Basic brought to Windows can still be seen today. VBX and DLL are two of the most substantial. A DLL is a “dynamic link library” file that holds code and procedures that Windows programs can then consume. DLL allow multiple programs to use that code, saving on memory and disk space. Shared libraries are the cornerstone of many an object-oriented language. VBX isn't necessarily used any more as they've been replaced with OCXs but they're similar and the VBX certainly spawned the innovation. These Visual Basic Extensions, or VBX for short, were C or C++ components that were assembled into an application. When you look at applications you can still see DLLs and OCXs. VB 4 was when we switched from VBX to OCX. VB 5 came in 97. This was probably the most prolific, both for software you wanted on your computer and malware. We got those crazy ActiveX controls in VB 5. VB 6 came along in 1998, extending the ability to create web apps. And we sat there for 10 years. Why? The languages really started to split with the explosion of web tools. VBScript was put into Active Server Pages . We got the .NET framework for compiled web pages. We got Visual Basic for Applications, allowing Office to run VB scripts using VBA 7. Over the years the code evolved into what are now known as Unified Windows Platform apps, written in C++ with WinRT or C++ with CX. Those shared libraries are now surfaced in common APIs and sandboxed given that security and privacy have become a much more substantial concern since the Total Wave of the Internet crashed into our lego sets, smashing them back to single blocks. Yah, those blocks hurt when you step on them. So you look for ways not to step on them. And controlling access to API endpoints with entitlements is a pretty good way to walk lightly. Bill Gates awarded Cooper the first “Windows Pioneer Award” for his work on Visual Basic. Cooper continued to consult with companies, with this crazy idea of putting users first. He was an earlier proponent of User Experience and putting users first when building interfaces. In fact, his first book was called “About Face: The Essentials of User Interface Design.” That was published in 1995. He still consults and trains on UX. Honestly, Alan Cooper only needs one line on his resume: “The Father of Visual Basic.” Today Eclipse and Visual Studio are the most used IDEs in the world. And there's a rich ecosystem of specialized IDEs. The IDE gives code completion, smart code completion, code search, cross platform compiling, debugging, multiple language support, syntax highlighting, version control, visual programming, and so much more. Much of this isn't available on every platform or for every IDE, but those are the main features I look for - like the first time I cracked open IntelliJ. The IDE is almost optional in functional programming - but In an era of increasingly complex object-oriented programming where classes are defined in hundreds or thousands of itty bitty files, a good, smart, feature-rich IDE is a must. And Visual Studio is one of the best you can use. Given that functional programming is dead, there's no basic remaining in any of the languages you build modern software in. The explosion of object-orientation created flaws in operating systems, but we've matured beyond that and now get to find all the new flaws. Fun right? But it's important to think, from Alan Kay's introduction of Smalltalk in 1972, new concepts in programming in programming had been emerging and evolving. The latest incarnation is the API-driven programming methodology. Gone are the days when we accessed memory directly. Gone are the days when the barrier of learning to program was understanding functional and top to bottom syntax. Gone are the days when those Legos were simple little sets. We've moved on to building Death Stars out of legos with more than 3500 pieces. Due to increasingly complex apps we've had to find new techniques to keep all those pieces together. And as we did we learned that we needed to be much more careful. We've learned to write code that is easily tested. And we've learned to write code that protects people. Visual Basic was yet another stop towards the evolution to modern design principals. We've covered others and we'll cover more in coming episodes. So until next time, think of the continuing evolution and what might be next. You don't have to be in front of it, but it does help to have a nice big think on how it can impact projects you're working on today. So thank you for tuning in to yet another episode of the History of Computing Podcast. We're so lucky to have you. Have a great day!
Premier épisode de septembre 2019 Préambule Shameless plug Prochaines activités 26 septembre 2019 - QuebecSec - Sujet à déterminer 7-9 octobre 2019 - ISACA-Quebec - Congrès international sur les opportunités et les défis des technologies émergentes 1-2 novembre 2019 - Hackfest - Hackfest Upsidedown edition 20 avril 2020 - Québec Numérique - SéQCure Shownotes and Links How Twitter CEO Jack Dorsey's Account Was Hacked Twitter disables SMS-to-tweet feature after its CEO got hacked last week Real-ID data surge raises real dangers DoD unveils new cybersecurity certification model for contractors Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations Cybersecurity Maturity Model Certification Ransomware Attacks Are Testing Resolve of Cities Across America While one Texas county shook off ransomware, small cities took full punch Texas Towns Recover, but Local Governments Have Little Hope for Contractors have questions about DOD's cyber requirements When Ransomware Cripples a City, Who's to Blame? This I.T. Chief Is Rockville Center School District pays $88,000 ransom Eurofins Scientific: Cyber-attack leads to backlog of 20,000 forensic samples UK Police Investigations Still Affected by Ransomware Attack Rash of ransomware continues with 13 new victims—most of them schools Ransomware ‘halts everything' in Connecticut school district A very deep dive into iOS Exploit chains found in the wild A message about iOS security Android PDF app with just 100m downloads caught sneaking malware into mobes AWS to scan for misconfigurations Women in Security [Applying for Internships as a Woman in Tech Findings from a Survey of GWC-Affiliated Women](http://girlswhocode.com/wp-content/uploads/2019/08/GWC_Advocacy_InternshipApplicationExperiences_PDF_z6.pdf) For Young Female Coders, Internship Interviews Can be Toxic Patel v. Facebook: Federal Appeals Court Says Consumers Can Sue Facebook for Facial Recognition Proposal to Make HTPPS Certificate Expire Yearly Back on the Table Why the United States needs more cybersecurity experts — badly Why blockchain-based voting could threaten democracy New Weaknesses Found in WPA3 An update on disabling VBScript in Internet Explorer 11 Google Project Zero: 95.8% of all bug reports are fixed before deadline expires Newly stringent FAA tests spur a fundamental software redesign of Boeing's 737 MAX flight controls Chances of destructive BlueKeep exploit rise with new explainer posted online What You Should Know About the Equifax Data Breach Settlement Ex-Equifax CIO Gets 4-Month Prison Term for Insider Trading Kazakhstan government is now intercepting all HTTPS traffic N.S.A. Contractor Who Hoarded Secrets at Home Is Sentenced to Nine Years in Prison The Road to Zero Trust (Security) Defense Innovation Board wants to help DOD understand zero trust Crew Nicolas-Loïc Fortin Crédits Montage audio par Intrasecure inc Music Twin Cobra “Blade Pitch” par Sir_NutS via OverClocked ReMix Locaux réels par Intrasecure inc
On this week's episode of the podcast there is some pretty major news on changes coming to Microsoft's Licensing that could impact organizations who use their existing product licenses in the cloud. I also cover multiple stories of security breaches (AGAIN), a report on Cisco settling a lawsuit and much more! Reference Links: https://www.rorymon.com/blog/episode-84-vbscript-disabled-in-ie11-major-change-to-microsoft-licensing-mongodb-ransomware-more/
GUEST BIO: Eric Lippert is a programmer who builds tools for other programmers. He’s worked on Visual Basic, JavaScript and C# at Microsoft, designed code analyzers at Coverity, and is now working on a variety of programming language design problems at Facebook. EPISODE DESCRIPTION: Phil’s guest on today’s show is Eric Lippert. His career has been a long and varied one. He was a Principal Developer at Microsoft and a member of the C# language design team. Eric was also involved in the design and implementation of VBScript, JScript, Windows Script Host and Visual Studio Tools for Office. Over the years, Eric has published and edited numerous programming books and is now working at Facebook. KEY TAKEAWAYS: (01.00) – Phil asks Eric to expand on his brief introduction. Eric said that he studied computer science and maths at the University of Waterloo. There they run a co-operative education system where you study for 4 months and work for 4. He was an intern at Wacom and Microsoft. When he left Microsoft he went to work at Coverity. He is now working on developer tools at Facebook. (3.39) – Phil asks Eric for a unique IT career tip. When Eric was a young developer at Microsoft his manager told him to “find a source of questions and learn to answer them”. He put that advice to work straight away and read every question in the JavaScript group. If someone asked a question that related to his area that he did not know the answer to, he would go away and find out. That taught him to answer queries concisely, which in turn honed his own knowledge. (5.54) – Can you tell us about your worst IT career moment and what you learned from the experience? Eric says it was probably the morning he woke up to the headline “Worst Security Flaw Ever Found in Internet Explorer”. Eric had worked on the piece of code that was involved in the issue. At first, he thought that he may have made the error. It turned out that his code had been changed and that change had not been properly reviewed, so the potential weakness was not found. The security flaw was nowhere near as serious as reported by the press. It would have required a virtually impossible hack to be executed in order to take advantage of the flaw. After that, a much stronger culture of code reviews was put into place. (9.17) – Phil says to Eric - Can you maybe take us through your career highlights or greatest success? Eric says there were two. The first was his work on a new version of VisualStudio. They met the completion target date and every single planned feature was included in the release. His other highlight was being involved in the “from scratch” C sharp rewrite. That massive project was also successfully completed and shipped. C sharp now has over 5 million lines of code, it is truly huge. (14.42) – Looking to the future Phil wants to know what excites Eric about the IT industry. Eric says it is the fact that we have still only really scratched the surface. There are so many features that can still be added to the various languages. For example, we can take features from programming languages and add them to production languages which would immediately raise the bar. We want to be able to write programs that can reason naturally about all kinds of probabilistic things and we are getting there. There is still a ton of stuff to do in the programming languages and tools space. (17.43) – What first attracted you to a career in IT? Eric started programming before he owned a computer. He would write them out on paper and type them into the school’s Commodore PET. He had intended to study either mathematics or physics. But, he soon realized that he was not good at physics. He was much better at computer programming and enjoyed it, plus he could work while studying IT. (19.22) – What is the best career advice you have been given? Eric reiterated the advice to find a source of questions and answer them. But, he added that it was important to learn how to write well. Learn how to be concise and convince people that you’ve written correct code. To do that you need to write convincingly. (20.29) if you were to begin your IT career again, right now, what would you do? Eric says he would study statistics. Much of the machine learning and probabilistic programming is about understanding statistics. With differential programming there is even calculus involved, something Eric never expected to see. (21.27) – What objectives are you focusing on now Eric? He responded by saying, "Building cutting-edge tools and helping real developers to get real stuff done". The same focus he had at the start of his career. (21.30) – What would you consider to be your most important non-technical skill? Being able to communicate effectively, it is crucial. (22.57) - Eric, can you share a parting piece of career advice with the IT Career Energizer audience. Know your tools. I get pitched features for tools and programming languages that already exist. It shows that a lot of people do not know their tools well. It also indicates that the tools are not as discoverable as they should be. Users need to dig in and understand them better and tool providers need to make their tools more discoverable. BEST MOMENTS: (2.18) ERIC – “I have a keyboard on my desk that is older than my intern.” (4.09) ERIC – “Find a source of questions and learn to answer them” (9.27) ERIC – “I want to ship actual code that solves actual developer’s problems” (14.34) ERIC – “It’s immensely satisfying to build something really, really big that actually works.” (17.25) ERIC – “Every time you build a tool, you magnify your impact across the entire industry.” (20.54) ERIC - “So much of machine learning and probabilistic programming is about understanding statistical concepts.” CONTACT ERIC LIPPET: Twitter: https://twitter.com/ericlippert @ericlippert LinkedIn: https://www.linkedin.com/in/eric-lippert-a3893485/ Website: https://ericlippert.com
8/23/18 VBScript; Marap; Fileless Malware; Internet Weather | AT&T ThreatTraq
In this week’s Shadow Talk, the pod unpacks the reporting on VPN Filter, a malware affecting half a million network devices. Reports have suggested that the malware is being prepped to perform imminent large scale disruptive attacks against Ukrainian infrastructure. We also cover new research on the TRITON malware targeting industrial control and SCADA systems, as well as new techniques for the Roaming Mantis malware family. Finally, we bring you updates on vulnerabilities related to VBScript and the Spectre/Meltdown attacks.
I think PowerShell is a great addition to the Microsoft stack. Given the previous versions of VBScript, Perl and Python ports, and more on Windows, PowerShell is a great improvement. Even for someone that spent a lot of time in the C Shell and Bourne Shell as a student and young professional, I think PowerShell is an improvement. There are certainly still things that make me crazy about PoSh, such as the -eq, but I'm getting more comfortable with the structures and flow. In SQL Server, we had the old SQLPS module, which was, well, a start. Then we got the SqlServer module, which is better. However, the best thing I've seen for us data professionals is the dbatools project from Chrissy LaMaire (@cl) and company. To me, this is incredibly useful for anyone that wants to use PoSh with SQL Server, but it's really indespensible for SQL Server migrations from instance to instance. I'm not sure I'd even try anything else at this point. Read the rest of A Great Case for Powershell
Andrew Himes He didn't use the term then, but Andrew Himes was one of the web's first content strategists. Years before Bill Gates' famous "Internet Tidal Wave" memo, Andrew and his co-founders at the Microsoft Developer Network (MSDN) were working on a proprietary hypertext document system, code-named Blackbird. Then along came the web. Andrew and his colleagues at MSDN were uniquely positioned to pioneer some of the very first enterprise-scale web content strategy. They had tons of digitized information - newsletters, code examples, etc. - published on CD-ROMs with Blackbird. They served a community of several hundred thousand tech-savvy readers around the globe. They had access to the best programmers. Andrew had already gone to school on Apple's early Hypercard program and had worked on one of its successors, PowerCard, so he knew how to work in a hypertext environment. This confluence of a huge tech-savvy global audience, access to programming talent, a huge storehouse of digitized information, and familiarity with hypermedia led to the creation of what was likely the world's first content management system. Andrew's Bio Andrew Himes is a consultant for Carbon Innovations. Himes was founding editor of MacTech, the leading Apple technology journal, then co-founded the Microsoft Developer Network and led the first web development project at Microsoft. After leaving Microsoft, Himes became a nonprofit startup specialist before founding Charter for Compassion International. He produced the documentary "Voices in Wartime" and is the author of "The Sword of the Lord: The Roots of Fundamentalism in an American Family." Video Here's the video version of our conversation: https://youtu.be/yw7o7H_CVMc Show Notes/"Transcript" [Not an actual transcript - just my quick notes on first listen-through] 0:00 - long-winded intro by yours truly . . . 1:30 - Andrew intro - one of several co-founders of MSDN - connect, learn, get software, SDKs, tech info, APIs, etc. - used to need a brother-in-law at MS to get that stuff - early SaaS - orig delivered on CD along with monthly newsletter, "MSDN News" 3:40 - his accidental introduction to the world of publishing for developers - Puget Sound Computer User - wrote about consumer software in early 1980s - learning as he went - local Apple user group + 25K in Apple coop - then Macintosh came out so Apple launched Mac mag - consumer mag - never went anywhere - started a software mag for Apple developers and he became, reluctantly, founding editor of MacTech magazine - once you have that job description, people talk to you as if you are an expert, even if you aren't 6:20 - Apple launched Hypercard - shipped with every new Mac - he was fascinated - got into hypertext, other technologies that prepared him for web - brought that intense interest to MS 7:30 - 1993 - discovered web browser - immediately realized power of online publishing - over next couple of years MSDN launched online access via SAAS developer access to SDKs, sample code, advice, interaction, and online network - extraordinary learning experience for him - got to implement brand-new stuff 9:30 - from monthly paper newsletter - microsoft.com existed, but only content was random pieces of content, just random info - they wanted to build online application, but no tools yet, so created VBScript, Access database, and pointers to Word docs, converted to RTF and then to HTML, added home page - only tool he know of then - the first CMS? - yes, first database-driven, auto-built, structured set of documents - 12:25 - information architecture - an intense, sophisticated methodological group already in place at MS, working with SGML - only folks who knew about SGML were PhDs - they used SGML to create CD-ROM product with structured content - 600 MB of info - thousands of pages of content - created hieararchy and imported into Media View file - one big file on a CD-ROM - only worked with structured info and link...
Andrew Himes He didn't use the term then, but Andrew Himes was one of the web's first content strategists. Years before Bill Gates' famous "Internet Tidal Wave" memo, Andrew and his co-founders at the Microsoft Developer Network (MSDN) were working on a proprietary hypertext document system, code-named Blackbird. Then along came the web. Andrew and his colleagues at MSDN were uniquely positioned to pioneer some of the very first enterprise-scale web content strategy. They had tons of digitized information - newsletters, code examples, etc. - published on CD-ROMs with Blackbird. They served a community of several hundred thousand tech-savvy readers around the globe. They had access to the best programmers. Andrew had already gone to school on Apple's early Hypercard program and had worked on one of its successors, PowerCard, so he knew how to work in a hypertext environment. This confluence of a huge tech-savvy global audience, access to programming talent, a huge storehouse of digitized information, and familiarity with hypermedia led to the creation of what was likely the world's first content management system. Andrew's Bio Andrew Himes is a consultant for Carbon Innovations. Himes was founding editor of MacTech, the leading Apple technology journal, then co-founded the Microsoft Developer Network and led the first web development project at Microsoft. After leaving Microsoft, Himes became a nonprofit startup specialist before founding Charter for Compassion International. He produced the documentary "Voices in Wartime" and is the author of "The Sword of the Lord: The Roots of Fundamentalism in an American Family." Video Here's the video version of our conversation: https://youtu.be/yw7o7H_CVMc Show Notes/"Transcript" [Not an actual transcript - just my quick notes on first listen-through] 0:00 - long-winded intro by yours truly . . . 1:30 - Andrew intro - one of several co-founders of MSDN - connect, learn, get software, SDKs, tech info, APIs, etc. - used to need a brother-in-law at MS to get that stuff - early SaaS - orig delivered on CD along with monthly newsletter, "MSDN News" 3:40 - his accidental introduction to the world of publishing for developers - Puget Sound Computer User - wrote about consumer software in early 1980s - learning as he went - local Apple user group + 25K in Apple coop - then Macintosh came out so Apple launched Mac mag - consumer mag - never went anywhere - started a software mag for Apple developers and he became, reluctantly, founding editor of MacTech magazine - once you have that job description, people talk to you as if you are an expert, even if you aren't 6:20 - Apple launched Hypercard - shipped with every new Mac - he was fascinated - got into hypertext, other technologies that prepared him for web - brought that intense interest to MS 7:30 - 1993 - discovered web browser - immediately realized power of online publishing - over next couple of years MSDN launched online access via SAAS developer access to SDKs, sample code, advice, interaction, and online network - extraordinary learning experience for him - got to implement brand-new stuff 9:30 - from monthly paper newsletter - microsoft.com existed, but only content was random pieces of content, just random info - they wanted to build online application, but no tools yet, so created VBScript, Access database, and pointers to Word docs, converted to RTF and then to HTML, added home page - only tool he know of then - the first CMS? - yes, first database-driven, auto-built, structured set of documents - 12:25 - information architecture - an intense, sophisticated methodological group already in place at MS, working with SGML - only folks who knew about SGML were PhDs - they used SGML to create CD-ROM product with structured content - 600 MB of info - thousands of pages of content - created hieararchy and imported into Media View file - one big file on a CD-ROM - only worked with structured info and link...
Tweet this Episode John-Daniel Trask is the CEO and developer at Raygun.io. JD and Chuck talk in this episode about learning to program as a kid, the arc of JD's career, and entrepreneurship. Links: 154 JSJ Raygun.io Error Reporting and Workflow with John-Daniel Trask JSJ 263 Moving from Node.js to .NET and Raygun.io with John-Daniel Trask C C++ Delphi NetScape Navigator VBScript JQuery Mindscape Raygun.io CoffeeScript Visual Studio Scott Hanselman on Dark Matter Developers Tensorflow Stripe @traskjd Picks: JD: Keygen.sh Octopus Deploy JavaScript x86 Chuck: The Miracle Morning Meditations App Vision Board App LootCrate Game of Thrones Journal Zelda Theme Journal
Tweet this Episode John-Daniel Trask is the CEO and developer at Raygun.io. JD and Chuck talk in this episode about learning to program as a kid, the arc of JD's career, and entrepreneurship. Links: 154 JSJ Raygun.io Error Reporting and Workflow with John-Daniel Trask JSJ 263 Moving from Node.js to .NET and Raygun.io with John-Daniel Trask C C++ Delphi NetScape Navigator VBScript JQuery Mindscape Raygun.io CoffeeScript Visual Studio Scott Hanselman on Dark Matter Developers Tensorflow Stripe @traskjd Picks: JD: Keygen.sh Octopus Deploy JavaScript x86 Chuck: The Miracle Morning Meditations App Vision Board App LootCrate Game of Thrones Journal Zelda Theme Journal
Tweet this Episode John-Daniel Trask is the CEO and developer at Raygun.io. JD and Chuck talk in this episode about learning to program as a kid, the arc of JD's career, and entrepreneurship. Links: 154 JSJ Raygun.io Error Reporting and Workflow with John-Daniel Trask JSJ 263 Moving from Node.js to .NET and Raygun.io with John-Daniel Trask C C++ Delphi NetScape Navigator VBScript JQuery Mindscape Raygun.io CoffeeScript Visual Studio Scott Hanselman on Dark Matter Developers Tensorflow Stripe @traskjd Picks: JD: Keygen.sh Octopus Deploy JavaScript x86 Chuck: The Miracle Morning Meditations App Vision Board App LootCrate Game of Thrones Journal Zelda Theme Journal
Scott talks to Jacob Krall from Fog Creek Software about how his team used the open source C# Roslyn compiler to bring their ancient VBScript-style language called "Wasabi" into the 21st century. They solved real-world problems in a systematic way with smart decisions and computer science.
It's automated testing with Pete Richardson! The gang talks end-to-end testing nirvana to make smoother days and restful nights. Also: Plenty of tooling is discussed and we refrain from saying "boogers" until about minute 18. Lee gets in a jab at Eclipse. If you don't like Javascript maybe you should try VBScript ca. 2001. Jorge likes manually allocating data to processor registers. Mentioned in this episode: Brightstreet Group Protractor Cucumber Selenium Selenium Grid "We are the Borg. Your biological and technological distinctiveness will be added to our own. Resistance is futile." Docker Bamboo MyHealth (Spectrum Health) Javascript: the Good Parts The Mythical Man Month Picks of the week: Pete: BOSS Loopstation Jorge: Building Jorge's computer Lee: Ed Finkler (@Funkatron) Lee: Open Sourcing Mental Illness Lee: So you want to give a talk on mental health Lee: Take This (It's Dangerous to Go Alone.)
In this episode of #BITTechTalk, Greg and Ayori welcome Joshua Hoskins to the podcast to talk about his journey to becoming a salesforce.com consulting MVP. Joshua shares valuable tips on driving your career, taking risks, starting his own company, relationship management, life hacking, work-life balance and how to get a job offer while attending dreamforce. We even manage to get into the nitty gritty details of data modeling on cloud platforms! Tune in because won’t want to miss this podcast!About our guest:Joshua has been using computers since the age of 4 and began writing code in the 5th grade. By age 22 he was Director of IT. While being extremely passionate about Customer Relationship Management & Application Development he lives to build reliable, robust and scalable solutions just about anything you can think of.Joshua’s specialties are Force.com Development, Salesforce.com Customization/Implementation, Data / Solution Architecture, Cloud & On-Premise Integrations, Configuration Management, Project Management, Ruby on Rails, ASP, VBScript, System Administration, Relational Databases, Networking, Computer Telephony Integration Follow him on Twitter:@jhoskin
In this episode of #BITTechTalk, Greg and Ayori welcome Joshua Hoskins to the podcast to talk about his journey to becoming a salesforce.com consulting MVP. Joshua shares valuable tips on driving your career, taking risks, starting his own company, relationship management, life hacking, work-life balance and how to get a job offer while attending dreamforce. We even manage to get into the nitty gritty details of data modeling on cloud platforms! Tune in because won’t want to miss this podcast!About our guest:Joshua has been using computers since the age of 4 and began writing code in the 5th grade. By age 22 he was Director of IT. While being extremely passionate about Customer Relationship Management & Application Development he lives to build reliable, robust and scalable solutions just about anything you can think of.Joshua’s specialties are Force.com Development, Salesforce.com Customization/Implementation, Data / Solution Architecture, Cloud & On-Premise Integrations, Configuration Management, Project Management, Ruby on Rails, ASP, VBScript, System Administration, Relational Databases, Networking, Computer Telephony Integration Follow him on Twitter:@jhoskin
Richard and Greg talk to Ed Wilson, one of the Scripting Guys from Microsoft's Script Center (www.microsoft.com/technet/scriptcenter). Ed talks about the evolution of scripting, from batch files to VBScript to PowerShell. He digs into what folks need to know about scripting today and in the future.
Client Side Technology includes - DHTML - Flash, Silverlight, Applets - RIA Flash, Silverlight, Applets Define DHTML Code execution: Browser vs. Server DHTML - css - javascript and VBScript - embedded vs external - toolkits: Dojo, Moshikit, Scriptaculous, YUI, Prototype, JQuery, GWT... client-side vs server-side - speed: client way faster - Security: can view source (vs server-side scripting), ctrl+u - Compatibility: server-side produces same output no matter what, client-side has compatibility issues RIA (Flex, OpenLaszlo) AJAX!!!