Biometrics should be treated like a username, not a password
Biometrics should be used to identify a user, not as a security method to protect data. If your biometrics end up in some online leak, it's not as if you can re-key them or change them, like a password
If the #Quaznet domain ever suffers a breach, anyone will be able to view the "encrypted" personal info of #Kazakhstan internet users inc. credit card details and passwords unencrypted, thanks to their government's dangerous attempt at a MITM attack. Luckily, installing the certificate is optional, so do not do it!
The best threat actors will always move as slow as is practical to prevent getting caught. 6 months isn't that long given often times incident responders get called in for one breach, only to discover another more competent threat actor who's around for a lot longer.
#citrix #hack #infosec
Fun fact: Most people use IP cameras for boosting their security, however many IP cameras either never get a firmware update or updates never get installed by the user. Most users don't even partition their network. This means the camera is a weak point of the network, actually making them far less secure!
Here's a perfect example of how a security device (car alarms) introduce security vulnerabilities. It also goes to show why vehicles should not have web APIs. Nothing is unhackable!
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!