rmhrisk
@rmhrisk.bsky.social
Dropout. Father. I build things. Security, Cryptography, Engineering, Entrepreneurship.
@peculiarventure
+ x-MSFT + x-GOOG ++. Also on @rmhrisk@infosec.exchange and twitter.com/rmhrisk
@peculiarventure
+ x-MSFT + x-GOOG ++. Also on @rmhrisk@infosec.exchange and twitter.com/rmhrisk
I also use this as a kind of low pass filter. It’s reasonable to expect a security leader to understand the concepts behind the systems they protect. You don’t need to be an expert to grasp the abstract properties; it’s an opportunity to practice humility and curiosity as well.
November 7, 2025 at 6:24 PM
I also use this as a kind of low pass filter. It’s reasonable to expect a security leader to understand the concepts behind the systems they protect. You don’t need to be an expert to grasp the abstract properties; it’s an opportunity to practice humility and curiosity as well.
Some thoughts on that here: unmitigatedrisk.com?p=1109
Beyond Gutenberg: How AI Is Teaching Us to Think About Thinking | UNMITIGATED RISK
unmitigatedrisk.com
October 25, 2025 at 11:10 PM
Some thoughts on that here: unmitigatedrisk.com?p=1109
No a few years ago they switched to their own root store. They do pull in certificates that the user adds but not the platform root store.
September 4, 2025 at 10:35 AM
No a few years ago they switched to their own root store. They do pull in certificates that the user adds but not the platform root store.
Full analysis here → unmitigatedrisk.com?p=1092
Another Sleeping Giant: Microsoft’s Root Program and the 1.1.1.1 Certificate Slip | UNMITIGATED RISK
unmitigatedrisk.com
September 3, 2025 at 10:23 PM
Full analysis here → unmitigatedrisk.com?p=1092
The bigger issue? Microsoft’s root program still trusts this CA, leaving Edge and Windows users exposed in ways Chrome, Firefox, and Safari users aren’t.
The pattern is familiar: long-lived trust, weak oversight, systemic risk. It’s time for Microsoft to step up and fund proper root governance.
👇
The pattern is familiar: long-lived trust, weak oversight, systemic risk. It’s time for Microsoft to step up and fund proper root governance.
👇
Another Sleeping Giant: Microsoft’s Root Program and the 1.1.1.1 Certificate Slip | UNMITIGATED RISK
unmitigatedrisk.com
September 3, 2025 at 10:23 PM
The bigger issue? Microsoft’s root program still trusts this CA, leaving Edge and Windows users exposed in ways Chrome, Firefox, and Safari users aren’t.
The pattern is familiar: long-lived trust, weak oversight, systemic risk. It’s time for Microsoft to step up and fund proper root governance.
👇
The pattern is familiar: long-lived trust, weak oversight, systemic risk. It’s time for Microsoft to step up and fund proper root governance.
👇
Reposted by rmhrisk
Prof. Michael Specter on practical vulnerabilities in deployed mobile voting systems.
www.youtube.com/watch?v=_BgA...
#VotingVillage
www.youtube.com/watch?v=_BgA...
#VotingVillage
17 Specter -- It's Not Safe Yet; Online Voting in Practice vv25 d2s8
YouTube video by Voting Village @ DEF CON
www.youtube.com
August 21, 2025 at 7:28 PM
Prof. Michael Specter on practical vulnerabilities in deployed mobile voting systems.
www.youtube.com/watch?v=_BgA...
#VotingVillage
www.youtube.com/watch?v=_BgA...
#VotingVillage
cabforum.org
August 22, 2025 at 9:31 PM
These flaws, combined with poor security practices from RMM vendors like ConnectWise & Atera, create a malware pipeline that offloads security costs directly onto customers.
Find out more here:
Find out more here:
How Microsoft Code Signing Became Part of a Trust Subversion Toolchain | UNMITIGATED RISK
unmitigatedrisk.com
August 21, 2025 at 11:52 PM
These flaws, combined with poor security practices from RMM vendors like ConnectWise & Atera, create a malware pipeline that offloads security costs directly onto customers.
Find out more here:
Find out more here:
Put down some thoughts about what the solution may look like here: unmitigatedrisk.com?p=1075
From Persistent to Ephemeral: Why AI Agents Need Fresh Identity for Every Mission | UNMITIGATED RISK
unmitigatedrisk.com
August 15, 2025 at 3:41 AM
Put down some thoughts about what the solution may look like here: unmitigatedrisk.com?p=1075
In this piece, I reflect on the difference between good and bad automation, why metrics matter more than ever, and how AI can quietly make the worst patterns harder to detect and fix. unmitigatedrisk.com?p=1067
When Automation Becomes Bureaucracy | UNMITIGATED RISK
unmitigatedrisk.com
July 25, 2025 at 10:20 PM
In this piece, I reflect on the difference between good and bad automation, why metrics matter more than ever, and how AI can quietly make the worst patterns harder to detect and fix. unmitigatedrisk.com?p=1067