Try to enroll a Yubi U2F key with Outlook 365.
-
-
This is another problem with security advice! We all know people who work at these companies and so we’ve all got kid gloves on. Yes, Microsoft has fantastic security engineers, some of the best in the world. But Google Mail is much safer.
1 reply 0 retweets 1 like -
I talk to Mozilla security engineers that I think the world of every day. But I’m not going to pretend it’s safe for campaign staffers to use Firefox instead of Chrome.
1 reply 0 retweets 4 likes -
Come on. In no way is Firefox “unsafe” for campaign staffers. Nobody is going to burn the mythical first Spectre exploit in the wild on some random campaign staffer.
2 replies 0 retweets 6 likes -
Dropping Thomas because he expressed disinterest in engaging with you but your insistence that it’d be a “mythical Spectre 0day” rather than any rando other FF 0day or n-day is precisely the attitude&informed-ness problem here.
2 replies 0 retweets 1 like -
Replying to @hypatiadotca @pcwalton and
It’s less disinterest and more just not wanting to “teach the controversy” on Bob Lord’s TL.
1 reply 0 retweets 0 likes -
Replying to @tqbf @hypatiadotca and
You’re being unbelievably condescending here.2 replies 0 retweets 0 likes -
Replying to @pcwalton
I dunno man I think the really condescending thing is giving at-risk people risky security advice out of ideological devotion to one browser, just sayin
1 reply 0 retweets 0 likes -
Replying to @hypatiadotca
It’s not risky security advice. There is no meaningful difference between Firefox and Chrome for congressional campaign staff. Both browsers have up-to-date sandboxes and are updated regularly, with top-notch security teams.
1 reply 0 retweets 0 likes -
Replying to @pcwalton @hypatiadotca
Ah that explains the Spectre mention, defense against which is a clear differentiator between the two. JavaScript Spectre PoCs exist, though, and if they were being used in targeted ways it would be hard to detect that.
1 reply 0 retweets 1 like
Though Firefox does deploy more coarse-grained mitigations than Chrome does right now (timer mitigations, etc., which are disabled in Chrome when Site Isolation is used). So I suspect it’s not really exploitable in either.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.