Rich Bartlett

Infosec nerd, environmentalist, wannabe #solarpunk and water gypsy. Strategic Lead for Information Security at the Wildlife Trusts. All views my own. Non sum hic araneae fornicati

  • 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle
  • Like thousands of others, reviewing the Microsoft security releases :| Questions include:

    1. What’s being/might be exploited ITW?
    2. What could it break?
    3. Is there temporary remediation put in which new patches negate and do we need to reverse those?
    4. Why does one of the largest multi-billion international companies still get away with writing such crap code that high and critical rated vulnerabilities in their core products are still normal every month?
    5. What ghastly vulnerabilities are there in their cloud products we don’t know about?
    6. Should I take up another line of work completely?

    Happy Patch Tuesday everyone :D



  • We stripped it back to the hull as there were so many issues with the original fit out. The hull was largely fine, we needed a vent hole too close to the waterline closed and a beam where the weld had popped welded, and then it was re-treating the bilge with Lanoguard to prevent rusting, then building from there. The floor is in (using recycled plastic lumber and sheets) first fit electrics hopefully in the next two weeks. It’s a journey :D


  • I’m currently combining a data protection improvement project with security audits of multiple small to medium charities and we’re also rebuilding our home (a solar powered fossil fuel free widebeam boat). It’s exhausting. I’m also struck by how lack of key skills in some many sectors increases cost and risk!


    1. Yes, I think a lot of discussion in cybersecurity is the outcomes, but not enough is talked about underlying cause and the boring stuff like slow incremental improvement and doing the fundamentals. Some discussion on that would be great.
    2. I’m intending to watch the different spaces as they evolve, I’ve got a presence on fedio.io, here and the infosec.exchange Mastodon instance and I’m still watching Reddit blueteamsec (though not posting). I don’t mind some pluralism in the community, it’s a good thing, it just makes it a bit harder (but we should be wary of easy, that’s what commercial solutions will always drive but that doesn’t work out so well!)
    3. Yes, definitely.
    4. I think the big move from Twitter to infosec.exchange was a sign of how a community can thrive in a non-commercial space, and how the power lies with us, not the platform.