They’re only killing the crappy store/UWP version that nobody used anyway and only caused confusion. The normal OneNote bundled in Office isn’t going anywhere as far as I know.

That said, I’ve moved a lot of my note taking to Obsidian. It’s not a perfect replacement but it’s a fantastic markdown editor and now I use both for different use cases.

The Kuva Bramma in Warframe. Just rains cluster bombs.

I heavily use both and this is objectively untrue.

I don’t deal with hardware much anymore, but I’d take Aruba over Cisco any day. But for everything else, yeah fuck HP.

“To read the purported PDF document, victims are persuaded to click a URL containing a list of steps to register their Windows system. The registration link urges them to launch PowerShell as an administrator and copy/paste the displayed code snippet into the terminal, and execute it.”

This is not new, nor is it newsworthy.

Yep that’s how I have Syncthing set up. All global and local discovery disabled, no firewall ports open on the clients, no broadcasting, no relay servers. Just syncing through a central server which maintains versioning and where the backups run. Works like a charm.

Yeah this article is complete garbage. Who upvotes this stuff?

I will never understand how anyone could come to thinking aspic was a good idea.

https://en.m.wikipedia.org/wiki/Aspic

And what about taking a nice drive down Jean Baptiste Pointe du Sable Lake Shore Drive?

Not that it’s my first recommendation for security reasons, and I would never do this in prod, but you can just add the self-signed cert to the local trusted root CA store and it should work fine. No reg changes needed.

If you do this, put it in the store of the user running the client, not LocalMachine. Then you just need to make sure you connect as something in the cert’s SAN list. An IP might work (don’t know since I never try to put IPs in the SAN list), but just use a hosts entry if you can’t modify local DNS.

Edit: after reading the full OP post (sorry), I don’t think it’s necessarily the self-signed cert. If the browser is connecting with https:// and presenting a basic auth prompt, then https is working. It almost sounds like there is a 301/302 redirect back to http after login. Check the Network tab of the browser’s dev pane (F12) to see what is going on.

Wow Forbes cybersecurity reporting is absolute dog shit. So much text to say absolutely nothing useful.

Anyway, this is just an AITM redirection onto a malicious site in the middle that pretends to be the MFA portal and intercept the session cookie.

I’m guessing most of the younger crowd here has never seen When Harry Met Sally.

https://youtu.be/iEV_pQIf3Og

Microsoft uses TPM PCRs 7+11 for BitLocker which is more secure than the Linux implementations mentioned in the article.

PCR 7 is the Secure Boot measurement which means it can’t be unlocked unless every signed boot component has not been tampered with up to the point of unlock by the EFI bootloader. PCR 11 is simply flipped from a 0 to a 1 by the bootloader to protect the keys from being extracted in user land from an already booted system.

The article is correct that most Linux implementations blindly following these kinds of “guides” are not secure. Without additional PCRs, specifically 8 and 9 measuring the grub commands (no single-user bypass) and initrd (which is usually on an unencrypted partition), it is trivial to bypass. But the downside of using these additional PCRs is that you need to manually unlock with a LUKS2 password and reseal the keys in TPM whenever the kernel and or initrd updates.

Of course to be really secure, you want to require a PIN in addition to TPM to unlock the disk under any OS. But Microsoft’s TPM-only implementation is fairly secure with only a few advanced vulnerabilities such as LogoFAIL and cold boot attacks.

This almost describes mine and my wife’s experience to a tee.

I feel bad for anyone trying to date online in this enshittified world today.

Probably the 9950x3d. And we’ve known for a while now that the cache would only be on one CCD.

Yeah you really need a password or TPM PIN protector to protect from cold boot attacks if that is in your threat model.

Bitlocker is extra vulberable because it stores the key in the TPM and requires no password to boot. An attacker can extract the key even if the computer is off when they get it.

This is not true.

You would additionally need to bypass Secure Boot with a separate exploit such as the one in this article (which is mitigated by disabling USB boot) or LogoFAIL to put the TPM PCRs in a state where the keys can be released.

LUKS2 is no different here as either can be TPM-only or require a separate PIN.

Linux on enterprise user endpoints is an insane proposition for most organizations.

You clearly have no experience managing thousands of endpoints securely.

You guys are finishing games?

Looks like they found someone.