The DNC document isn’t even internally consistent. It claims that enrollment in Google Advanced Protection should be “mandatory”, but explicitly condones people using O365 and not using phishing-proof security keys.
-
-
None of this is personal and I’m sure you mean well. I just think the DNC checklist is impaired by two insidious flaws in security thinking: NIH and refusal to make recommendations that irritate audiences.
1 reply 0 retweets 1 like -
Replying to @tqbf
Again, if you have advice on how to convince large numbers of people to switch to iPhones, or to convince campaigns to migrate to G Suite, I'd love to learn. No sarcasm. Many people have done great work before us. Eager to learn!
2 replies 0 retweets 1 like -
Replying to @boblord
I think you have to start by telling people the uncomfortable truth, which is that if they’re really prioritizing not getting owned up, they can’t keep using their bargain-basement off-brand Android phones.
2 replies 0 retweets 7 likes -
Strong agree there. Do we have specific reasons to prefer Gsuite to O365, though? I like Gsuite
but I do think MS has good security engineering, and guess? that O365 is a flagship product?1 reply 0 retweets 1 like -
Try to enroll a Yubi U2F key with Outlook 365.
3 replies 0 retweets 3 likes -
This is another problem with security advice! We all know people who work at these companies and so we’ve all got kid gloves on. Yes, Microsoft has fantastic security engineers, some of the best in the world. But Google Mail is much safer.
1 reply 0 retweets 1 like -
I talk to Mozilla security engineers that I think the world of every day. But I’m not going to pretend it’s safe for campaign staffers to use Firefox instead of Chrome.
1 reply 0 retweets 4 likes -
Come on. In no way is Firefox “unsafe” for campaign staffers. Nobody is going to burn the mythical first Spectre exploit in the wild on some random campaign staffer.
2 replies 0 retweets 6 likes -
Dropping Thomas because he expressed disinterest in engaging with you but your insistence that it’d be a “mythical Spectre 0day” rather than any rando other FF 0day or n-day is precisely the attitude&informed-ness problem here.
2 replies 0 retweets 1 like
I’m referring to effect of the primary difference right now—Site Isolation—between Firefox security and Chrome security. Site Isolation does not yet protect against compromise. Though lack of win32k lockdown on newer versions of Windows is admittedly a point in favor of Chrome.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.