Awareness - Convenience & Security

Awareness - Convenience & Security

Introduction - the case of copy-paste: local <-> VM

On myDRE you cannot copy-paste text from or into a VM. As a Jupyter Lab user myself (Python) that heavily makes use on Google to find solutions, I do miss this copy-paste option. It would be so much quicker and less effort.

Why not allow copy-paste local <-> VM

The principle is that it should not be possible to copy information from a VM to a local machine and this follows the foundation laid in anDREa's Security Manifesto. Due to technicallities in the current solution this rules out copy information from local machine to VM as well. In principle the latter, local to VM, is fully compliant with  anDREa's Security Manifesto.

Every disadvantage has its advantage

There are clever people that try to do things that have been never done before. Some do this for the good, some for the abuse.  Recenly Gabriel Friedlander demonstrated a valid argument "...why you should  NEVER copy paste commands directly into your terminal."  You can try it yourself, it is quite unnerving to think what this can be exploited.
Read his blog and try it out yourself at/via: HOW TO GET HACKED BY ACCIDENTALLY COPY PASTING
Though the demonstrated exploit is for Linux, creative minds never rest.

    • Related Articles

    • Awareness - Malicious code packages in repositories

      anDREa B.V. takes information security very seriously. We recently engaged in the ISO 27001 certification process. Moreover, we are subscribed to several security news feeds. As a result, we will post awareness articles from time to time with ...

    • Awareness - Malicious code packages in repositories

      Version: 2022-08-16 Introduction anDREa B.V. takes information security very seriously. We recently engaged in the ISO 27001 certification process. Moreover, we are subscribed to several security news feeds. As a result, we will post awareness ...

    • Awareness - MFA: number matching, location and additional context

      TL;DR: The Microsoft Authenticator app will enforce number matching starting February 27th 2023 in response to MFA fatigue attacks. anDREa has already enabled location and additional context, number matching will follow soon. Activation date to be ...

    • Awareness - Passwords, Spell Checkers, and MFA

      Introduction We like to make you aware of some of the current security vulnerabilities, what you can do and what anDREa is doing to mitigate the risks. Passwords & Spell Checkers Spell checkers offered by browsers, but also apps like Grammarly, pose ...

    • Awareness - MFA: number matching, location and additional context

      The Microsoft Authenticator app will enforce number matching starting February 27th 2023 in response to MFA fatique attacks. anDREa has already enabled location and additional context, number matching will follow soon. Activation date to be decided, ...