Author: Andreas

  • Consultant

    Bild
    “Consultant”

    Source: “Internet”. Apologies, this flew along some timeline. If you made this, please let me know in the comment and I will give proper credit!

    It’s true, though. Consultants managed to ruin their reputation in the past 2 decades. Once, Business Consultant meant seasoned, experienced business leaders. Nowadays, it’s too often junior university graduates, that senior management uses as an excuse to drive an agenda through political cliffs.

    Having been on both sides of this table, it feels just too natural or even tempting not to cash out on management needs to make an argument.

  • Wochenende

    Hoch die Füße

    Alles geschafft, Samstag ist ja Werktag bis Mittag. Danach ist Wochenende.

  • Arbeitsplatz

    Arbeitsplatz des Tages

    Die Pandemie hat es geschafft, dass sich jeder von uns merkwürdige Dinge angewöhnt. Und so war das gestern meine erste Präsentation vor Menschen, in der weder MS Teams noch Slack noch Zoom eine Rolle spielen. So richtig, mit Projektor und Stehpult und Leuten die zuhören. Erst wenn man sich darauf vorbereitet merkt man, wie leicht es Teams einem macht, unvorbereitet in so eine Präsentation zu gehen. Weil man auch während man präsentiert alles ablesen kann.

  • Good CX? Look no further than mobile authentication

    The pandemic has uprooted life for everyone, from distributors to sellers to consumers; and with this change in the economy, a heavier dependence on digitalization has formed. Businesses across industries have placed a concentrated effort on transforming their digital presence to meet the growing needs of hungry consumers accustomed to instant gratification.

    Source: Good CX? Look no further than mobile authentication

  • Schmelzkäse

    Schmelzkäse

    Für ein Sandwich aus dem Sandwich-Toaster unterwegs auf dem Plastik-Highway in die CO2-Hölle.

  • “Secret” Agent Exposes Azure Customers To RCE

    This week, again Azure makes the news with cloud security issues. Following the linked article, Microsoft secretly installed a “management agent” on customer VMs. As if the act itself was not severe enough, the agent is reachable from the network.

    Source: “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution | Wiz Blog

    And, if this does not seem bad enough, the said agent will an attacker root access when the authentication header is missing:

    When working with the cloud, do your threat modelling before choosing a vendor.

  • Nervennahrung

    Prinzregententorte
  • Apple may have to work alone on its electric car after failing to find a partner

    The Apple-Car has been a rumor for years. And mobility is one of the hottest bets for the future. Car manufacturers, in particular premium brands, are in a good position to defend their pool position. The techradar.com news therefore does not sound surprising. At all.

    From techradar.com

    Some Apple gossip is pure fantasy, but some of the hearsay has roots in the real world. The Apple car falls into the latter category, and if a new report from Korean site mk.co.kr is accurate, the company now plans to shoulder the entire development process of the autonomous and/or electric car on its own.

    Source: techradar.com

  • cloud based CI/CD issues – travis-ci

    Travis-CI published a security bulletin the other day, describing a special condition that would allow to access secrets belonging to a foreign repository in Github or Bitbucket. The condition requires a fork from a public repository. That’s how open source work, and very central functionality. Not a corner case.

    Turns out, the cloud service did address the issue, still plenty of secrets have been affected:

    While cloud technology is all great economically, this is another sample of why commercial software vendors need to consider third party vendors in their threat profiles.