At long last, Windows has a real, power user’s shell; and it’s been officially done. PowerShell is the new, highly flexible and extremely powerful shell for Windows (XP SP2+). From my first experiences with it, I’m quite impressed. This is a great tool for developers, system administrators, and just about any other power user.
While PowerShell doesn’t offer the power or flexibility that a traditional *nix shell does, the power is impressive. I’ve been looking forward to this being released, now that I’ve played with it, I’ve even more excited. This is a great tool, just trust me, get it, you need it.
My employer recently completed the final audit to confirm ISO 17799 compliance, the process was a real eye opener. In a process that should have been fairly short & painless, the ordeal lasted close to a year, with me joining the company just before the second, and largest audit. That made my first few weeks rather interesting, to say the least.
While 17799 does have some complex requirements, most of the issues found had more to do with the overall mentality than with the true technical issues involved.
It’s time for everyone from the industry, developers, and the government to declare war on ransomware and make it as hard as possible for them to ply their insidious trade. There have been false starts and baby steps, diligent fighters without enough resources, and vendors that have only given a nod to the issue. It’s time to use every tool reasonably available to stop this scourge.
For so many in the industry that have dedicated so much of their time and effort to this fight, this statement may seem to diminish their efforts, but that is not my intent.
The last release of YAWAST was on January 1, 2020; while the release history was sometimes unpredictable, the goal was a new release each month with new features and bug fixes. I intentionally took January off from the project. In February, I left the company I was at; the team of penetration testers there had helped to inspire new features while looking for ways to make them more productive. But something else happened in February, an issue was opened – something that appeared to be simple, but in fact, made me realize that the entire project was in doubt.
That researchers from Kaspersky Lab uncovered malware that uses hard-drive firmware has now been throughly discussed — perhaps too much for some people. It’s not exactly Earth-shattering news either, the idea has been discussed for years, and has been publicly demonstrated. Brandon Wilson and I were even working proof of concept for SSD controllers to demonstrate this based on our BadUSB work.
This isn’t about that story, exactly. This is about paranoia, and how it has changed over the last few years — and even the last few months.
Inspired by a post from Scott Arciszewski, I’ve decided to go ahead and publish a year in review post. This is something that I’ve generally avoided in the past, as the tone of these posts is more often than not, just cynicism and negativity. After seeing Scott’s post, it made me think about how such a review can be used to send a positive message — something desperately needed.
Year after year, we see predictions, projections, and sales pitches — and the cynical responses that they always generate.
