From Dark Reading Today – a long running MAC OS vulnerability that lets unverified apps appear to be verified. Details https://www.darkreading.com/vulnerabilities—threats/macos-bypass-flaw-lets-attackers-sign-malicious-code-as-apple/d/d-id/1332031
More from: Technical
O’ most awesome of awesomeness!
After years of wishing, in the Fall Creator’s Update, OpenSSH was added to Windows 10! That is right – cross server inter-operability using normal tools and secure keys without needing to mess around with obtuse VPN setups or 3rd party programs!
GO START -> Setup -> Apps -> Apps and Features -> Manage optional features -> Add a feature and select SSH. Copy your Linux keys to a folder named .ssh in your home folder (c:\Users\yourlogin\.ssh), just as is the default in Linux.
You must restrict access to your private key(s) just as in Linux. In Microsoft this is done by browsing to the key file, right click, Properties, Security then remove everyone / objects, add yourself (only), and give yourself Full Control.
Read more at the link above concerning generating keys and protecting them with a key manager program.
I am still exploring the possibility of using File Explorer to browse via ssh, just as the file manager can be used in Linux. More later…
My build at Gray Garden in Fallout 4. Sometimes it helps to get motivated for real life work through simulations. You can easily and cheaply alter sims to see what you like, but real-life mistakes take much time and money.
From an article on Digikey.com
As an alternative to commonly used passive cooling techniques, thermoelectric cooling can offer numerous advantages. These include accurate temperature control and faster response, the opportunity for fanless operation (subject to heat sink performance), reduced noise, space savings, reduced power consumption and the ability to cool components to sub-ambient temperatures.
This just arrived in email from wordfence.com. If you use Drupal or know someone who does, the Drupal patches need to be applied immediately to prevent / stop remote code execution attacks.
A more detailed overview of upgrade recommendations from the Drupal security team is available on Drupal.org. They have also published a detailed FAQ. This attack has been nicknamed “Drupalgeddon 2.” The previous Drupalgeddon was as high in severity as this, and had automated attacks against unpatched Drupal sites within a matter of hours after the public announcement of the vulnerability was made.