Having been through both, I much prefer the "rigid" ISO 27001 as the SOC2 audits seem to be based on how well you vibed with the auditor and the auditors competency more than anything. The things they are auditing seem overly broad and open to interpretation, and the auditors descriptions of your controls can easily be twisted.
I don't fully understand. Is Windows 10 completely dead in the water due to lack of security updates? You can just keep using an old Windows 10 PC and take your chances. The browser will be a barrier, and the built in firewall and anti malware as well. Not perfect, but a solution.
It’s actually really wild that OS vendors apparently sell software that is so defective that it is assumed unsafe without ongoing updates, and then use the threat of not providing updates to spur adoption of their subsequent products.
In a more reasonable world they’d owe their customers a recall.
The point is that to get further security updates, you have to spend money to run the new major version of Windows. You can run the most up-to-date Linux for free on a computer from 1989.
I tend to play around with old machines (late 80s, early 90s mostly) and getting any kind of modern-ish distro working on old machines, even distros really cut down, can be quite challenging.
As a response to the kernel's various SNAFUs, I've gone ahead and refunded to myself all of the money I've spent on Linux kernels over the past several decades -- and updated my install to the new version for free.
It only took about 7 years between XP’s EOL and EternalBlue based attacks like Wannacry and NotPetya.
A well configured firewall between your computer and the internet, uBlock Origin in the browser, and not downloading untrusted files off the internet can do a long way to help. Not stopping everything but at least shielding you from the worst.
I think the bigger issue is like on iPhones and Androids. Your software and apps stop supporting your OS long before the hardware or OS fails you.
It affected anything using SMBv1 and improperly configured SMBv2. SMBv3 requires all mitigations in place
Which from what I understand is that even Windows 11 still has support for SMBv1.
But my point was that your standard “up to date” XP install in 2016 was highly vulnerable and could effectively be nuked by such an attack. It took nearly 7 years after support ended for that to happen. So you could theoretically get another 7 years out of Windows 10 before a similar situation happens where a global cyberattack negatively impacts you with no way to protect yourself because your OS doesn’t support a configuration that would prevent you from being a victim.
I see. But even after the 7 years, XP users were still able to protect themselves from WannaCry once the patch was created. Or they could've disabled SMB even before that, good idea anyway.
Btw I do have a spare PC, it only got Win10 because the GPU didn't support 7, and it's not getting 11 even though it supports it. Microsoft's job to keep that secure.
Well I would hardly say that protections against being obliterated in a global ransomware attack that comes out after the ransomware attack occurs helps the victims that much but yes it is possible if there is another massive cyber attack Microsoft could release a fix for 10 years after support has ended.
It is definitely possible to heavily lockdown a Windows computer to prevent 99% of attacks and if you don’t need WAN access especially that becomes significantly easier.
It is far more likely browsers will drop support for 10 in a few years and that will be what stops the average user from being able to continue to use their Windows 10 computer.
Ah, I missed the part where the vuln had already been patched for newer versions before it was patched for XP, it's just that many didn't install the patches. Although, the exploit happened to not be compatible with XP just because the creator didn't bother. Security through poverty (jk)
Fast, cheap, good - pick two. Seems like a non-profit fund paid probably tens of thousands of dollars for this RoR audit. Can you raise the same amount to audit Django or convince a fund to spend money they already raised? If so, great!
Aspartame is fine in things like soda, but the reason erythritol is mixed with monk fruit (and perhaps aspartame as well?) is it is closer to the sweetness level of sugar in terms of sweetness per gram, and so it's usually easier to use in recipes that are based on sugar quantities.
Temu is in a great position to enter this market. Being deeply connected to the supplier networks, they could easily put together a plane and become a competitor to Boeing.
Windows is only getting worse because of all the bloat like ads, telemetry, react ui, frequent updates (needs to restart like every other day), recall and so on. Software from 20 years ago feels snappier, even though they didn't add anything new.
However in the US it's not very relevant or even interesting to companies, and some European companies fail to understand that.
SOC 2 is the default and the preferred standard in the US - it's more domestic and less rigid than ISO 27001.
reply