@krisbuytaert @amsterdam haha no, I wasn’t even at the company back then 😅 This is a fresh oopsie of epic proportions

@hacks4pancakes @sldrant my favorite flavor of foam! 😄

@hacks4pancakes I have had success with DHL, UPS and FedEx, but in all cases I removed storage devices, add-in cards and CPU coolers and put large blocking amounts on foam inside the case. The removed parts shipped separately.

@GossiTheDog found it! https://en.m.wikipedia.org/wiki/Microsoft_SenseCam it just didn’t have AI back then

@GossiTheDog isn’t this the general issue with data access control anyway? As soon as you can see something with your eyeballs, so can a phone with a camera.

Putting a native infostealer in Windows is definitely another order of sillyness, but the idea that anyone can contain data while it’s visible to arbitrary eyeballs/cameras has not really held up for quite a while. I suppose DRM failed the same way, which recall also breaks.

A similar problem exists with a previous product that would have you carry around a camera so it could take pictures of your life for you; if you sat in front of your computer it would store that too. IIRC, Microsoft had one of those too. I guess history just keeps repeating.

@riskybusiness I’ve found the ARMO thing pretty neat since instead of “here are the 500 CVEs in your app, enjoy” you get to press a button to get a “here are the three things that are actually risky, and this is the action to take to either mitigate of fix it” instead. It’s kubernetes-centric, and definitely closer to AppSec than endpoint or workspace security, but the idea is sound. We’re thinking about trailing their product just because of that specific feature.

@riskybusiness have you had ARMO or Sysdig on recently?

@riskybusiness Golden paths, like in platform engineering but instead it is security. Success stories, patterns that work(ed), processes that are feasible and actually help. So not an abstract mitre defender “break the killchain” thing, but actual concrete success.

@neilcar @KuroeNekoDemon @GossiTheDog there are some distributions that have it as an option, but a fun anecdote is how signed software is required by RedStar OS (North Korean Linux distro, forgot what it is based on), and it will halt/reset the machine if you try to get around it.