Vetting Vendors: Xcitiums ‘Insane, Outlandish Claims’ About Security [YouTube Release]

Additional Resources:

Jason’s Linkedin Post

CRN Article

Google Project 0 Tavis Ormandy on Comodo
https://bugs.chromium.org/p/project-zero/issues/detail?id=703&redir=1

Comodo Caught Breaking New CAA Standard One Day After It Went Into Effect

Lets Encrypt won its Comodo trademark battle – but now fan tools must rename • The Register

Chronicle found that Sectigo, formerly known as Comodo, had issued the highest number of digital certificates which were used to sign malware over the observed time period, Attackers Are Signing Malware With Valid Certificates | Decipher

Comodo, Lavasoft software bundled with Superfish-type code | TechRadar

Lets Encrypt in trademark drama • The Register

Comodo Caught Breaking New CAA Standard One Day After It Went Into Effect

Attackers Are Signing Malware With Valid Certificates | Decipher

Name Change https://info.comodo.com/blog/xcitium-announcement

Comodo Cybersecurity - Wikipedia

Connecting With Us

• Hire Us For A Project: Hire Us – Lawrence Systems
• Tom Twitter https://twitter.com/TomLawrenceTech
• Our Web Site https://www.lawrencesystems.com/
• Our Forums https://staging-forum.lawrencesystems.com/
• Instagram https://www.instagram.com/lawrencesystems/
• Facebook https://www.facebook.com/Lawrencesystems/
• GitHub lawrencesystems (Lawrence Systems) · GitHub
• Discord Lawrence Systems

Lawrence Systems Shirts and Swag

►👕 https://teespring.com/stores/lawrence-technology-services

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
Lawrence Systems's Amazon Page

Ubiquiti Affiliate
Ubiquiti Store

All Of Our Affiliates that help us out and can get you discounts!
https://www.lawrencesystems.com/partners-and-affiliates/

Gear we use on Kit
Kit

Try ITProTV free of charge and get 30% off!
https://go.itpro.tv/lts

Use OfferCode LTSERVICES to get 10% off your order at
Tech Supply Direct - Premium Refurbished Servers & Workstations at Unbeatable Prices

Digital Ocean Offer Code
DigitalOcean: AI-Powered Unified Inference Cloud Infrastructure

HostiFi UniFi Cloud Hosting Service
HostiFi - Fast and Reliable UniFi in the Cloud

Protect you privacy with a VPN from Private Internet Access
https://www.privateinternetaccess.com/pages/buy-vpn/LRNSYS

Patreon
https://www.patreon.com/lawrencesystems

Timestamps
00:00 Xcitium & Overstated Security Claims

01:00 The 100% Secure Claim

02:56 Comodo History Of Bad Behaviors

06:32 Vetting The Vendors

Nothing can stop malware from infecting organizations’ computers.

Four words:

Mandatory. Security. Awareness. Training.

Repeat it after me:

Mandatory. Security. Awareness. Training.

Need I say more?

If we want zero trust, zero threats, and 0 breach, then turn off your computer, disconnect Ethernet cable from the computer, disconnect the power cord from your computer, remove the battery if you have a laptop that has a removable battery, and you are done. If you must have your computer on at all times, put your computer in a faraday cage and you are all set.

Until then:

Mandatory. Security. Awareness. Training.

I can say those words 10 times and I would never get tired of it. I would recommend a monthly mandatory security awareness training for every single employee who isn’t part of the IT department. But then even the people who work in IT can fall victim to phishing and malware as well… In that cae, all we can do is educate ourselves and follow common sense regarding protecting organization’s security and data.

Training i9s not enough if policy with consequences is not in place.

Hah… Didn’t think about policies when it comes to security incidents.