Vetting Vendors: Xcitiums ‘Insane, Outlandish Claims’ About Security [YouTube Release]

Additional Resources:

Jason’s Linkedin Post

CRN Article

Google Project 0 Tavis Ormandy on Comodo
https://bugs.chromium.org/p/project-zero/issues/detail?id=703&redir=1

Comodo Caught Breaking New CAA Standard One Day After It Went Into Effect

Lets Encrypt won its Comodo trademark battle – but now fan tools must rename • The Register

Chronicle found that Sectigo, formerly known as Comodo, had issued the highest number of digital certificates which were used to sign malware over the observed time period, Attackers Are Signing Malware With Valid Certificates | Decipher

Comodo, Lavasoft software bundled with Superfish-type code | TechRadar

Lets Encrypt in trademark drama • The Register

Comodo Caught Breaking New CAA Standard One Day After It Went Into Effect

Attackers Are Signing Malware With Valid Certificates | Decipher

Name Change We’re Making Improvements!

Comodo Cybersecurity - Wikipedia

Connecting With Us

Lawrence Systems Shirts and Swag

►👕 https://teespring.com/stores/lawrence-technology-services

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
:shopping_cart: Lawrence Systems's Amazon Page

Ubiquiti Affiliate
:shopping_cart: Ubiquiti Store USA – Ubiquiti Inc.

All Of Our Affiliates that help us out and can get you discounts!
:shopping_cart: Affiliates We Love - Lawrence Technology Services

Gear we use on Kit
:shopping_cart: Kit

Try ITProTV free of charge and get 30% off!
:shopping_cart: Learn technology and pass IT certifications with ITProTV

Use OfferCode LTSERVICES to get 10% off your order at
:shopping_cart: Tech Supply Direct | Shop Workstations, Servers, Storage, and More

Digital Ocean Offer Code
:shopping_cart: DigitalOcean – The developer cloud

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: Buy VPN with Credit Card or PayPal | Private Internet Access

Patreon
:moneybag: lawrencesystems is creating Tech Tutorials & Reviews | Patreon

:stopwatch: Timestamps :stopwatch:
00:00 :arrow_forward: Xcitium & Overstated Security Claims

01:00 :arrow_forward: The 100% Secure Claim

02:56 :arrow_forward: Comodo History Of Bad Behaviors

06:32 :arrow_forward: Vetting The Vendors

Nothing can stop malware from infecting organizations’ computers.

Four words:

Mandatory. Security. Awareness. Training.

Repeat it after me:

Mandatory. Security. Awareness. Training.

Need I say more?

If we want zero trust, zero threats, and 0 breach, then turn off your computer, disconnect Ethernet cable from the computer, disconnect the power cord from your computer, remove the battery if you have a laptop that has a removable battery, and you are done. If you must have your computer on at all times, put your computer in a faraday cage and you are all set.

Until then:

Mandatory. Security. Awareness. Training.

I can say those words 10 times and I would never get tired of it. I would recommend a monthly mandatory security awareness training for every single employee who isn’t part of the IT department. But then even the people who work in IT can fall victim to phishing and malware as well… In that cae, all we can do is educate ourselves and follow common sense regarding protecting organization’s security and data.

1 Like

Training i9s not enough if policy with consequences is not in place.

1 Like

Hah… Didn’t think about policies when it comes to security incidents.