Awareness - Convenience & Security

Awareness - Convenience & Security

Introduction - the case of copy-paste: local <-> VM

On myDRE you cannot copy-paste text from or into a VM. As a Jupyter Lab user myself (Python) that heavily makes use on Google to find solutions, I do miss this copy-paste option. It would be so much quicker and less effort.

Why not allow copy-paste local <-> VM

The principle is that it should not be possible to copy information from a VM to a local machine and this follows the foundation laid in anDREa's Security Manifesto. Due to technicallities in the current solution this rules out copy information from local machine to VM as well. In principle the latter, local to VM, is fully compliant with  anDREa's Security Manifesto.

Every disadvantage has its advantage

There are clever people that try to do things that have been never done before. Some do this for the good, some for the abuse.  Recenly Gabriel Friedlander demonstrated a valid argument "...why you should  NEVER copy paste commands directly into your terminal."  You can try it yourself, it is quite unnerving to think what this can be exploited.
Read his blog and try it out yourself at/via: HOW TO GET HACKED BY ACCIDENTALLY COPY PASTING
Though the demonstrated exploit is for Linux, creative minds never rest.

    • Related Articles

    • Awareness - Malicious code packages in repositories

      anDREa B.V. takes information security very seriously. We recently engaged in the ISO 27001 certification process. Moreover, we are subscribed to several security news feeds. As a result, we will post awareness articles from time to time with ...

    • Awareness - Malicious code packages in repositories

      Version: 2022-08-16 Introduction anDREa B.V. takes information security very seriously. We recently engaged in the ISO 27001 certification process. Moreover, we are subscribed to several security news feeds. As a result, we will post awareness ...

    • Awareness - MFA: number matching, location and additional context

      TL;DR: The Microsoft Authenticator app will enforce number matching starting February 27th 2023 in response to MFA fatigue attacks. anDREa has already enabled location and additional context, number matching will follow soon. Activation date to be ...

    • NIS2 Update: Mapping NIS2 to ISO27001

      First version: 2023-11-03 Last update: - Last change(s): - NIS2 Update The NIS2 directive is upcoming and as you have come to know, anDREa B.V. is keeping a close eye on what this means and how organizations can prepare for this. Recently, we wrote ...

    • myDRE is NOT vulnerable for CVE-2022-26809 - Serious Vulnerabilities in Microsoft Windows Workplaces and Servers

      Situation Last “patch Tuesday” Microsoft disclosed and fixed a large number of serious vulnerabilities in Microsoft Windows. One of these vulnerabilities is identified as CVE-2022-26809 with a CVSS score of 9.8 (scale 1-10). CVE-2022-26809 is a ...