Myself personally I use KeePassXC with database stored on my own locally hosted Nextcloud server. Database is protected with long password AND keyfile which is stored outside of KeePassXC directory. That keyfile is never sync'd anywhere and always copied over via SD card to another device.

Encrypted database protection is only good as how the password combined with other method authentication are used. Straight password is not good enough these days.

KeepassXC even supports YubiKeys.

Same here.

The difference is they caused the outage by rolling out changes to their servers without fully testing it. They did the exact same thing a few months ago. Google it.

Same thing happened a few months ago when Microsoft rolled out the changes to the authentication servers. They said won't happen again as they put in safeguards. Uh huh.

The fact these buttons can be hacked to serve a different purpose makes it a moot point for Amazon. So killing it stops the $$ bleeding for Amazon and push for Alexa.

Thanks for the tip! I haven't released the new updates to our enterprise environment yet due to the BS updates the past few months.

That would be true if the computer been infected with malware. However, most people don't pay close attention to details like URLs before continuing so that would be hope by the attackers.

I've been using FreeNAS and PfSense for years which are great performing servers with practically zero downtime other than patches and reboots. FreeBSD is geared towards as server platform and rightfully so. To make it into a desktop not so much. I rather they focus less bloat and keeping performance high in FreeBSD than trying to support the desktop apps to muck things up. Leave the desktop to Linux as it's more supported by the community.

Microsoft did the same thing with their Windows Server installs. Just install the "core" without the desktop GUI and it will run longer without reboots and less time to download and install security updates.

Using your own personal VPN connected to your home network or rather "secure network" is a good idea. Why bother with remote desktop to another computer connected via VPN when you can set your VPN client to route ALL traffic to the VPN server?

If you are referring to Yubikey then yes. There are plenty of FIDO2 keys that are under $20.

My uncle's invoice management system was written to run on a SCO server and has been running for 20+ years. Yes on a Pentium II processor! He's not concerned about it because the server is not even connected to the network. All connected via serial WYSE terminals. For giggles I've made a ghost image of the server and got it running as a VM but unfortunately the way the special serial cards are designed it won't work as a VM. The TCP/IP stack can't be installed on the version of the server he has now due to $$$. Eventually he will have to upgrade to something more modern but for now it works.
 

Most government entities don't have a clue on their network infrastructure let alone on locking the computers down. Too many different standards and different ways of their networks are built. Guess how many system admins come and go over the years without an once of documentation. Router passwords changed and no one seems to know them. Since no one bother to enforce industry standards of best practices this is what got them.

Best they could do in the interim is enforce policy rules on the firewall to disallow porn sites and block unauthorized VPN connections (this can be done via the application level on the firewall). Also keep eye on access logs and fetch keywords. Since neither one of them are used is a sign of lazy admins.

This piece of marvel been in orbit since the 1990s and amazing it lasted this long. But as with any equipment it will wear out. Without the shuttles it will be hard to perform any kind of major mechanical repairs so they may have to bite the bullet and plan on a replacement soon.

Yep. I run my own Nextcloud as a private server on a different port. I get e-mails from fail2ban about hack attempts. Mostly from China. Nothing new. Just long as security measures such as securing the admin accounts and alerts are in place you're fine.

"DavMail gateway is implemented in java and should run on any platform"

And why would I be stuck with this java stuffs when it's being phased out and eliminate the security concerns? If they are planning a complete rewrite to use open standards I'd be up for it.