Some HTTPS inspection tools might weaken security [iophk: "the death of web-mail UI"]
In a typical enterprise environment, an HTTPS connection can even be intercepted and re-encrypted multiple times: at the network perimeter by gateway security products or data leak prevention systems and on endpoint systems by antivirus programs that need to inspect such traffic for malware.
The problem is that users' browsers no longer get to validate the real server certificates because that task falls to the interception proxy. And as it turns out, security products are pretty bad at validating server certificates.
In light of the Vault 7 documents leak (and the rise to power of Lord Voldemort this year), it might make sense to rethink just how paranoid we need to be.
Remember that USB stick that would destroy almost anything in its path, from laptops, photo booths, kiosks, to even cars?
Now there's a new version, and it's even more dangerous than before.
In case you missed it the first time around, a Hong Kong-based company built a weaponized pocket-sized USB stick, which when plugged into a device, will rapidly charge its capacitors from the USB power supply and then discharge, frying the affected device's circuits.
Managing known vulnerabilities is the first step towards a strong security posture. If we’re not updating our systems, and keeping an eye on emerging vulnerabilities that are yet to be patched upstream, we’re basically leaving the front door wide open.