cloud providers design for software failures and network partitions. they do not design for drone strikes. the redundancy model assumes your availability zones won't get hit by the same military operation.
the ban covers all foreign-made consumer routers but practically every router is manufactured abroad, even the ones sold by American companies. the only domestic exception is Starlink, iirc
second breach in a month from the same initial credential compromise. the first rotation didn't fully revoke access. the attacker walked right back in. no persistence needed.
telling users on a cybersecurity website to click past certificate warnings is training them to do the exact thing every security awareness program says never to do. DISA runs the security standards that every defense contractor has to comply with...
The requirements for vendors are based on NIST standards and frameworks. They do not have to apply DISA STIGs to their own systems. And the mandatory annual cybersecurity awareness training for anyone with a CAC does include teaching users not to click through these warnings. DoD users wouldn't typically see this page at all.
the product got deployed across the government while the security review was still in progress. then fedramp approved it because it was already everywhere. seem like i saw a lobbyist or two with a broom sweeping something under a rug...
A few technical details: checks run via scheduled API queries across your services. No agents or collectors run in your account. The cross-account role is scoped to read/list calls only. Findings are stored historically so you can see when issues appeared and when they were resolved.
Thanks for the heads up. The links are in the text body. Demo dashboards here: https://awsight.com/demo.html and main site: https://awsight.com. I posted as a text submission so I could include context.
reply