Tristan Watkins
@tristanwatkins.com
Microsoft technology generalist at Advania UK, with deep specialism in Identity, Security + Compliance. Windows security remains focal, with recent depth in AI (and a resurrection of latent SharePoint Enterprise Search skeelz). https://tristanwatkins.com
Reposted by Tristan Watkins
Interesting stuff. A chart of UK based Google searches.
The blue line is searches in the last 7 days for "VPN", the red "Age Verification".
So the Online Safety Act 2023 is achieving it's aim of keeping people safe then 🙄
The blue line is searches in the last 7 days for "VPN", the red "Age Verification".
So the Online Safety Act 2023 is achieving it's aim of keeping people safe then 🙄
July 25, 2025 at 10:51 AM
Interesting stuff. A chart of UK based Google searches.
The blue line is searches in the last 7 days for "VPN", the red "Age Verification".
So the Online Safety Act 2023 is achieving it's aim of keeping people safe then 🙄
The blue line is searches in the last 7 days for "VPN", the red "Age Verification".
So the Online Safety Act 2023 is achieving it's aim of keeping people safe then 🙄
Reposted by Tristan Watkins
Web browser history leaks have plagued users for 25 years. After 15 years of research and pushback, a real fix is coming! 🎉
I'm beyond excited—this issue sparked my Ph.D. journey! It’s amazing to see progress at last. 🔐 blog.lukaszolejnik.com/fixing-web-b...
I'm beyond excited—this issue sparked my Ph.D. journey! It’s amazing to see progress at last. 🔐 blog.lukaszolejnik.com/fixing-web-b...
April 1, 2025 at 11:13 AM
Web browser history leaks have plagued users for 25 years. After 15 years of research and pushback, a real fix is coming! 🎉
I'm beyond excited—this issue sparked my Ph.D. journey! It’s amazing to see progress at last. 🔐 blog.lukaszolejnik.com/fixing-web-b...
I'm beyond excited—this issue sparked my Ph.D. journey! It’s amazing to see progress at last. 🔐 blog.lukaszolejnik.com/fixing-web-b...
Reposted by Tristan Watkins
Apple will soon support end-to-end (E2E) encrypted RCS messaging with Android users 🙏 www.theverge.com/news/629620/...
Apple will soon support encrypted RCS messaging with Android users
Building bridges without blue bubbles.
www.theverge.com
March 14, 2025 at 9:58 AM
Apple will soon support end-to-end (E2E) encrypted RCS messaging with Android users 🙏 www.theverge.com/news/629620/...
Reposted by Tristan Watkins
We did a thing!
DES (not even 3DES) has been a pain in our necks for years, but we couldn't remove it for compat reasons. It required special config to use so it's not dangerous out of the box, but it's still just...ugh, DES.
Anyway, we said enough is enough and now the code is getting deleted.
DES (not even 3DES) has been a pain in our necks for years, but we couldn't remove it for compat reasons. It required special config to use so it's not dangerous out of the box, but it's still just...ugh, DES.
Anyway, we said enough is enough and now the code is getting deleted.
Removal of DES in Kerberos for Windows Server and Client | Microsoft Community Hub
To enhance security and protect against cyber threats, the Data Encryption Standard (DES) encryption algorithm will be intentionally removed from...
techcommunity.microsoft.com
February 28, 2025 at 3:56 PM
We did a thing!
DES (not even 3DES) has been a pain in our necks for years, but we couldn't remove it for compat reasons. It required special config to use so it's not dangerous out of the box, but it's still just...ugh, DES.
Anyway, we said enough is enough and now the code is getting deleted.
DES (not even 3DES) has been a pain in our necks for years, but we couldn't remove it for compat reasons. It required special config to use so it's not dangerous out of the box, but it's still just...ugh, DES.
Anyway, we said enough is enough and now the code is getting deleted.
My AI GRC content is up now. Think of it as:
> a broad, global view of AI legislation and compliance with a UK filter
> a broad view of current AI risk for 2025
> a deep inspection of what it means to get ready to bring generative AI capabilities to your own data
www.advania.co.uk/ai-governance/
> a broad, global view of AI legislation and compliance with a UK filter
> a broad view of current AI risk for 2025
> a deep inspection of what it means to get ready to bring generative AI capabilities to your own data
www.advania.co.uk/ai-governance/
What to consider for governing the use of AI in your organisation
Discover what you need to consider for effective and responsible AI governance across your organisation with the guidance of our experts.
www.advania.co.uk
February 28, 2025 at 8:21 AM
My AI GRC content is up now. Think of it as:
> a broad, global view of AI legislation and compliance with a UK filter
> a broad view of current AI risk for 2025
> a deep inspection of what it means to get ready to bring generative AI capabilities to your own data
www.advania.co.uk/ai-governance/
> a broad, global view of AI legislation and compliance with a UK filter
> a broad view of current AI risk for 2025
> a deep inspection of what it means to get ready to bring generative AI capabilities to your own data
www.advania.co.uk/ai-governance/
Reposted by Tristan Watkins
Reposted by Tristan Watkins
NEW: Multiple researchers — independent and crypto monitoring firms — are accusing North Korean hackers of stealing $1.4 billion in crypto from Bybit.
Attribution is based on link to previous hacks and "characteristic pattern" of laundering the funds.
techcrunch.com/2025/02/24/r...
Attribution is based on link to previous hacks and "characteristic pattern" of laundering the funds.
techcrunch.com/2025/02/24/r...
Researchers accuse North Korea of $1.4 billion Bybit crypto heist | TechCrunch
North Korea is behind the massive crypto hack, according to several blockchain monitoring firms and a well-known researcher
techcrunch.com
February 24, 2025 at 4:55 PM
NEW: Multiple researchers — independent and crypto monitoring firms — are accusing North Korean hackers of stealing $1.4 billion in crypto from Bybit.
Attribution is based on link to previous hacks and "characteristic pattern" of laundering the funds.
techcrunch.com/2025/02/24/r...
Attribution is based on link to previous hacks and "characteristic pattern" of laundering the funds.
techcrunch.com/2025/02/24/r...
Reposted by Tristan Watkins
Microsoft's big quantum gamble pays off: they were harder to build (and about as hard to understand!) but Microsoft's topological qubits are more effective, easier to control - and will probably help design their own replacements.
Microsoft Makes Quantum Computing Breakthrough With New Chip
Microsoft’s breakthrough with the first topological qubits and its own quantum chip, Majorana 1, could outpace Google’s brute force approach.
thenewstack.io
February 19, 2025 at 4:06 PM
Microsoft's big quantum gamble pays off: they were harder to build (and about as hard to understand!) but Microsoft's topological qubits are more effective, easier to control - and will probably help design their own replacements.
New post on contemporary AI risks for 2025: some old, some new. Includes my take on DeepSeek, Shadow AI, Data Sovereignty, Agents, risks from new modes, SLMs, and safety technologies. Some on generative AI on your own data as well, but going deeper on that soon. www.advania.co.uk/insights/blo...
What’s changed in AI risk?
Discover how the AI risk landscape has evolved over the past few years in our expert blog. Learn how to protect your organisation from AI-related threats and ensure compliance.
www.advania.co.uk
February 14, 2025 at 3:19 PM
New post on contemporary AI risks for 2025: some old, some new. Includes my take on DeepSeek, Shadow AI, Data Sovereignty, Agents, risks from new modes, SLMs, and safety technologies. Some on generative AI on your own data as well, but going deeper on that soon. www.advania.co.uk/insights/blo...
Reposted by Tristan Watkins
Apple has been secretly ordered to create an encryption back door for UK spying. If implemented, the secret order would give the UK access to encrypted backups belonging to any user — not just Brits 😲 www.theverge.com/news/608145/...
Apple ordered to open encrypted user accounts globally to UK spying
If implemented, the secret order would give the UK access to encrypted backups belonging to any user — not just Brits.
www.theverge.com
February 7, 2025 at 11:35 AM
Apple has been secretly ordered to create an encryption back door for UK spying. If implemented, the secret order would give the UK access to encrypted backups belonging to any user — not just Brits 😲 www.theverge.com/news/608145/...
Veeam releases update to fix updater which you can fix with the compromised updater (YOLO) www.veeam.com/kb4712
KB4712: CVE-2025-23114
A vulnerability impacting the Veeam Updater component used by the proxy appliance within Veeam Backup for AWS, Veeam Backup for Google Cloud, Veeam Backup for Microsoft Azure, Veeam Backup for Nutanix...
www.veeam.com
February 5, 2025 at 5:35 PM
Veeam releases update to fix updater which you can fix with the compromised updater (YOLO) www.veeam.com/kb4712
Wasn't sure which news events the top point here was referencing for a minute
-USAID breached by cryptomining gang
-Tata deals with ransomware attack
-Wave of Twitter account hacks
-DeepSeek dealing with week-long DDoS attacks
-AWS Redshift has new secure defaults
-OAuth 2.0 Security guide becomes an RFC
-New FUNNULL group
-AngelSense GPS tracker leaks user data
-Tata deals with ransomware attack
-Wave of Twitter account hacks
-DeepSeek dealing with week-long DDoS attacks
-AWS Redshift has new secure defaults
-OAuth 2.0 Security guide becomes an RFC
-New FUNNULL group
-AngelSense GPS tracker leaks user data
February 3, 2025 at 11:42 AM
Wasn't sure which news events the top point here was referencing for a minute
At least they had the endurance for it
Mizuno USA says hackers stayed in its network for two months
Mizuno USA says hackers stayed in its network for two months
Mizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024.
www.bleepingcomputer.com
January 31, 2025 at 3:23 PM
At least they had the endurance for it
I'm kicking off a set of related new content on AI governance, risk and compliance with this first post, which compares/contrasts AI regulation and compliance needs in the UK, EU and America. www.advania.co.uk/insights/blo...
How AI legislation and compliance in the UK compares with the rest of the world
Explore AI compliance and legislation in the UK, EU, and US with insights from Tristan Watkins. Understand the key differences and implications for your AI projects.
www.advania.co.uk
January 31, 2025 at 2:27 PM
I'm kicking off a set of related new content on AI governance, risk and compliance with this first post, which compares/contrasts AI regulation and compliance needs in the UK, EU and America. www.advania.co.uk/insights/blo...
This looks like quite a difficult problem to solve, with scarcely anyone willing to chuck their hat in the ring. It's being actively exploited up to RCE, and numerous bug reports are either Open or Won't Fix devco.re/blog/2025/01...
WorstFit: Unveiling Hidden Transformers in Windows ANSI! | DEVCORE 戴夫寇爾
The research unveils a new attack surface in Windows by exploiting Best-Fit, an internal charset conversion feature. Through our work, we successfully transformed this feature into several practical a...
devco.re
January 28, 2025 at 11:04 AM
This looks like quite a difficult problem to solve, with scarcely anyone willing to chuck their hat in the ring. It's being actively exploited up to RCE, and numerous bug reports are either Open or Won't Fix devco.re/blog/2025/01...
This is brilliant beierle.win/2024-12-20-W...
FWIW, requiring signed WDAC policies would be a strong mitigation, but that's a big barrier to policy change, and quite far beyond what most organisations are ready for.
FWIW, requiring signed WDAC policies would be a strong mitigation, but that's a big barrier to policy change, and quite far beyond what most organisations are ready for.
Weaponizing WDAC: Killing the Dreams of EDR
beierle.win
January 21, 2025 at 5:44 PM
This is brilliant beierle.win/2024-12-20-W...
FWIW, requiring signed WDAC policies would be a strong mitigation, but that's a big barrier to policy change, and quite far beyond what most organisations are ready for.
FWIW, requiring signed WDAC policies would be a strong mitigation, but that's a big barrier to policy change, and quite far beyond what most organisations are ready for.
AI is getting real. Literally. AI is creating new types of matter. Quite real. Microsoft Research have open sourced these two matter discovery/generation and matter simulations tools, which significantly exceed human capability in the space www.microsoft.com/en-us/resear...
Rethinking materials innovation with AI
Microsoft researchers introduce MatterGen, a model that can discover new materials tailored to specific needs—like efficient solar cells or CO2 recycling—advancing progress beyond trial-and-error expe...
www.microsoft.com
January 17, 2025 at 1:44 PM
AI is getting real. Literally. AI is creating new types of matter. Quite real. Microsoft Research have open sourced these two matter discovery/generation and matter simulations tools, which significantly exceed human capability in the space www.microsoft.com/en-us/resear...
Reposted by Tristan Watkins
Today at NCSC we published two blogs on our position regarding passkeys - the first is below (links to the second) - they are our future, not perfect but getting better..
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
Passkeys: they're not perfect but they're getting better
Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.
www.ncsc.gov.uk
January 15, 2025 at 9:58 AM
Today at NCSC we published two blogs on our position regarding passkeys - the first is below (links to the second) - they are our future, not perfect but getting better..
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
@rick-hopkins-313.bsky.social @disconottechno.bsky.social y'all might find this account a bit boring. All IT/security/AI stuff. The other one might put you to sleep less. :)
January 10, 2025 at 4:13 PM
@rick-hopkins-313.bsky.social @disconottechno.bsky.social y'all might find this account a bit boring. All IT/security/AI stuff. The other one might put you to sleep less. :)
Reposted by Tristan Watkins
ShredOS
ShredOS is a stripped-down operating system designed to destroy data. GitHub page here.
ShredOS is a stripped-down operating system designed to destroy data. GitHub page here.
ShredOS
ShredOS is a stripped-down operating system designed to destroy data. GitHub page here.
www.schneier.com
January 3, 2025 at 2:46 PM
ShredOS
ShredOS is a stripped-down operating system designed to destroy data. GitHub page here.
ShredOS is a stripped-down operating system designed to destroy data. GitHub page here.
Missed opportunity to name this feature old school ambient authentication. Never has proof been more relaxed techcommunity.microsoft.com/discussions/...
Ambient Authentication has been added to Edge for InPrivate and Guest sessions | Microsoft Community Hub
Microsoft Edge Version 82.0.442.0 (Official build) canary (64-bit) the 2 new flags edge://flags/ Enable Ambient Authentication in InPrivate...
techcommunity.microsoft.com
January 2, 2025 at 3:39 PM
Missed opportunity to name this feature old school ambient authentication. Never has proof been more relaxed techcommunity.microsoft.com/discussions/...
And if you haven't seen the new video about o3 and o3-mini, you should. OpenAI's pivot to deliberation is having other huge qualitative benefits. openai.com/12-days/?day... This will be arriving with users early next year, at the same time that agency has become the thing of the moment.
12 Days of OpenAI
12 Days of OpenAI: 12 days. 12 livestreams. A bunch of new things, big and small.
openai.com
December 24, 2024 at 7:44 AM
And if you haven't seen the new video about o3 and o3-mini, you should. OpenAI's pivot to deliberation is having other huge qualitative benefits. openai.com/12-days/?day... This will be arriving with users early next year, at the same time that agency has become the thing of the moment.
OpenAI o-series models are using a new safety training approach called Deliberative Alignment to replace RLHF (which doesn't scale). It uses a stage of Chain-of-Thought with some supervision and a stage of Reinforced Learning without human feedback to define a new State of the Art in safety. 1/2
December 24, 2024 at 7:40 AM
OpenAI o-series models are using a new safety training approach called Deliberative Alignment to replace RLHF (which doesn't scale). It uses a stage of Chain-of-Thought with some supervision and a stage of Reinforced Learning without human feedback to define a new State of the Art in safety. 1/2
THE RETURN OF AQA
😅 63336 anyone? Somehow the similarity had eluded me thus far, but I think we can learn some things about answers from how that popular human intelligence service worked.
www.linkedin.com/posts/openai...
😅 63336 anyone? Somehow the similarity had eluded me thus far, but I think we can learn some things about answers from how that popular human intelligence service worked.
www.linkedin.com/posts/openai...
OpenAI on LinkedIn: You can now talk to ChatGPT by calling 1-800-ChatGPT (1-800-242-8478) in… | 191 comments
You can now talk to ChatGPT by calling 1-800-ChatGPT (1-800-242-8478) in the U.S. or by sending a WhatsApp message to the same number—available everywhere… | 191 comments on LinkedIn
www.linkedin.com
December 19, 2024 at 8:23 AM
THE RETURN OF AQA
😅 63336 anyone? Somehow the similarity had eluded me thus far, but I think we can learn some things about answers from how that popular human intelligence service worked.
www.linkedin.com/posts/openai...
😅 63336 anyone? Somehow the similarity had eluded me thus far, but I think we can learn some things about answers from how that popular human intelligence service worked.
www.linkedin.com/posts/openai...