Yes, but it doesn't seem okay to share other people's files whether they're marked "TOP SECRET" or not. If you argue it's okay 1/2
-
-
Replying to @taviso @MalwareJake and
to collect them for malware reasons, you can ship signatures without having to share the originals with third parties, no? 2/2
9 replies 0 retweets 8 likes -
Replying to @taviso @MalwareJake and
Do you recommend technical controls like DLP to prevent this? How would you prevent them being abused for evasion?
2 replies 0 retweets 1 like -
Replying to @hacks4pancakes @taviso and
No snark, seriously looking for a feasible solution.
4 replies 0 retweets 3 likes -
Replying to @hacks4pancakes @taviso and
Aren't we back to "put an amazing amount of trust in my security tools" and hope none of them screw you?
3 replies 0 retweets 6 likes -
Replying to @MalwareJake @hacks4pancakes and
Using 3rd party AV -> u are trusting AV vendor. If u use MS Defender, u are trusting
@Microsoft but ur already trusting MS by using@Windows1 reply 0 retweets 7 likes -
Replying to @CrispinCowan0 @MalwareJake and
So you can reduce your trust exposure on
@Windows by just using MS Defender instead of installing a 3rd party AV product.1 reply 0 retweets 1 like -
Replying to @CrispinCowan0 @MalwareJake and
Then you’re relying exclusively on the top security product that attackers will test mass malware variants against.
2 replies 0 retweets 1 like -
Replying to @hacks4pancakes @CrispinCowan0 and
And a product that has a non-sandboxed Javascript interpreter running with system privileges IIRC.
2 replies 0 retweets 0 likes -
Replying to @MalwareJake @hacks4pancakes and
Isn't that true for all of them on Windows though (maybe not JS in particular, but parsing with system privileges)?
1 reply 0 retweets 1 like
Yes, they're all terrible at the moment (although some are promising this will change soon). That's a different discussion though, imo.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.