What do you think this is?

Some months ago I bought a desktop system. I hadn't had one for years, but a very strange and unexpected need came up; I wanted to play games with my son who lives in Greece, in an attempt to spend a bit more time with him, even virtually. I bought and built a desktop system based on AMD's excellent Ryzen line, but that's for another time. On that computer, and as it would be used predominantly for games, I installed MS Windows. That is another thing that hadn't happened in my household for decades!

As you may have heard, Let's Encrypt revoked several certificates today that were issued through a faulty process. Read on for the details, and on how to identify the revoked certificates themselves.

Some years ago, during a (quite extended) phishing avalanche in the company I was at the time, the (then) CIO said: Let's fire every user that falls for a phishing mail! That will solve the problem for good. I considered it a joke, and I replied pretty much with a rhyme: Let's train them before we blame them and I didn't give it a second throught. We went on to deploy some training modules, but never really implemented the technical controls on the mail server; an activity that if had been implemented, several of those phishing mails would never have entered the company. I think that this is not strictly a user failure and I'm inclined to blame the IT deparment more than the user.

I am a huge fan of automation; I strongly believe that automation, machine learning and / or artificial intelligence (whatever these terms mean for different people) are our best chance to tackle one of the biggest problems we have in the cyber security industry: the human limitations.