Desktop security model as in lack of a security model. Also see https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html ….
-
-
Replying to @CopperheadOS @Scott_Helme and
"[...] target API Level 24 and above no longer trust user or admin-added CAs for secure connections, [...]"
2 replies 0 retweets 0 likes -
what's the solution for enterprise environments here?
3 replies 0 retweets 0 likes -
there's an implicit assumption that "enterprise" needs this. I challenge that.
2 replies 0 retweets 1 like -
Replying to @hanno @Scott_Helme and
Issue is always exfil. They'll just API the remote instead: https://www.paloaltonetworks.com/products/secure-the-cloud/aperture …
2 replies 0 retweets 0 likes -
Replying to @TychoTithonus @hanno and
API into corp Dropbox to do DLP. Non-corp Dropbox accts blocked by PA. No need to intercept.
1 reply 0 retweets 1 like -
Replying to @TychoTithonus @hanno and
Drawback: requires app-aware NGFW, & tight integration between firewall and remote DLP
1 reply 0 retweets 0 likes -
Replying to @TychoTithonus @hanno and
The other half is to whitelist outbound encryption (block all unexpected outbound TLS)
1 reply 0 retweets 0 likes -
Replying to @TychoTithonus @hanno and
The right solution is to block internet entirely from systems with sensitive data.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @hanno and
If the user has access to the data, so does the attacker. Always.
1 reply 0 retweets 0 likes
If they have to move it by plugging hw, it's in realm of physical security/surveillance.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.