Tristan Watkins
@tristanwatkins.com
Microsoft technology generalist at Advania UK, with deep specialism in Identity, Security + Compliance. Windows security remains focal, with recent depth in AI (and a resurrection of latent SharePoint Enterprise Search skeelz). https://tristanwatkins.com
Reposted by Tristan Watkins
Last week I announced that we're finally killing off RC4 in the Windows Kerberos stack.
This has been a long time coming, so much so that we've been working on it for more than a decade, albeit off and on as we sometimes had to target other more pressing issues.
What does this mean?
This has been a long time coming, so much so that we've been working on it for more than a decade, albeit off and on as we sometimes had to target other more pressing issues.
What does this mean?
Beyond RC4 for Windows authentication
As organizations face an evolving threat landscape, strengthening Windows authentication is more critical than ever.
www.microsoft.com
December 10, 2025 at 6:49 PM
Last week I announced that we're finally killing off RC4 in the Windows Kerberos stack.
This has been a long time coming, so much so that we've been working on it for more than a decade, albeit off and on as we sometimes had to target other more pressing issues.
What does this mean?
This has been a long time coming, so much so that we've been working on it for more than a decade, albeit off and on as we sometimes had to target other more pressing issues.
What does this mean?
Reposted by Tristan Watkins
Interesting stuff. A chart of UK based Google searches.
The blue line is searches in the last 7 days for "VPN", the red "Age Verification".
So the Online Safety Act 2023 is achieving it's aim of keeping people safe then ๐
The blue line is searches in the last 7 days for "VPN", the red "Age Verification".
So the Online Safety Act 2023 is achieving it's aim of keeping people safe then ๐
July 25, 2025 at 10:51 AM
Interesting stuff. A chart of UK based Google searches.
The blue line is searches in the last 7 days for "VPN", the red "Age Verification".
So the Online Safety Act 2023 is achieving it's aim of keeping people safe then ๐
The blue line is searches in the last 7 days for "VPN", the red "Age Verification".
So the Online Safety Act 2023 is achieving it's aim of keeping people safe then ๐
Reposted by Tristan Watkins
Web browser history leaks have plagued users for 25 years. After 15 years of research and pushback, a real fix is coming! ๐
I'm beyond excitedโthis issue sparked my Ph.D. journey! Itโs amazing to see progress at last. ๐ blog.lukaszolejnik.com/fixing-web-b...
I'm beyond excitedโthis issue sparked my Ph.D. journey! Itโs amazing to see progress at last. ๐ blog.lukaszolejnik.com/fixing-web-b...
April 1, 2025 at 11:13 AM
Web browser history leaks have plagued users for 25 years. After 15 years of research and pushback, a real fix is coming! ๐
I'm beyond excitedโthis issue sparked my Ph.D. journey! Itโs amazing to see progress at last. ๐ blog.lukaszolejnik.com/fixing-web-b...
I'm beyond excitedโthis issue sparked my Ph.D. journey! Itโs amazing to see progress at last. ๐ blog.lukaszolejnik.com/fixing-web-b...
Reposted by Tristan Watkins
Apple will soon support end-to-end (E2E) encrypted RCS messaging with Android users ๐ www.theverge.com/news/629620/...
Apple will soon support encrypted RCS messaging with Android users
Building bridges without blue bubbles.
www.theverge.com
March 14, 2025 at 9:58 AM
Apple will soon support end-to-end (E2E) encrypted RCS messaging with Android users ๐ www.theverge.com/news/629620/...
Wow. I can't believe it's live. I waited forever for Azure Code Signing (earlier name of this) to emerge in preview after the deprecation of the Device Guard Signing Service left us needing this, but then it never came for years and I eventually lost sight of it. Glad it's here at last I guess.
March 12, 2025 at 5:55 PM
Wow. I can't believe it's live. I waited forever for Azure Code Signing (earlier name of this) to emerge in preview after the deprecation of the Device Guard Signing Service left us needing this, but then it never came for years and I eventually lost sight of it. Glad it's here at last I guess.
Reposted by Tristan Watkins
We did a thing!
DES (not even 3DES) has been a pain in our necks for years, but we couldn't remove it for compat reasons. It required special config to use so it's not dangerous out of the box, but it's still just...ugh, DES.
Anyway, we said enough is enough and now the code is getting deleted.
DES (not even 3DES) has been a pain in our necks for years, but we couldn't remove it for compat reasons. It required special config to use so it's not dangerous out of the box, but it's still just...ugh, DES.
Anyway, we said enough is enough and now the code is getting deleted.
Removal of DES in Kerberos for Windows Server and Client | Microsoft Community Hub
To enhance security and protect against cyber threats, the Data Encryption Standard (DES) encryption algorithm will be intentionally removed from...
techcommunity.microsoft.com
February 28, 2025 at 3:56 PM
We did a thing!
DES (not even 3DES) has been a pain in our necks for years, but we couldn't remove it for compat reasons. It required special config to use so it's not dangerous out of the box, but it's still just...ugh, DES.
Anyway, we said enough is enough and now the code is getting deleted.
DES (not even 3DES) has been a pain in our necks for years, but we couldn't remove it for compat reasons. It required special config to use so it's not dangerous out of the box, but it's still just...ugh, DES.
Anyway, we said enough is enough and now the code is getting deleted.
My AI GRC content is up now. Think of it as:
> a broad, global view of AI legislation and compliance with a UK filter
> a broad view of current AI risk for 2025
> a deep inspection of what it means to get ready to bring generative AI capabilities to your own data
www.advania.co.uk/ai-governance/
> a broad, global view of AI legislation and compliance with a UK filter
> a broad view of current AI risk for 2025
> a deep inspection of what it means to get ready to bring generative AI capabilities to your own data
www.advania.co.uk/ai-governance/
What to consider for governing the use of AI in your organisation
Discover what you need to consider for effective and responsible AI governance across your organisation with the guidance of our experts.
www.advania.co.uk
February 28, 2025 at 8:21 AM
My AI GRC content is up now. Think of it as:
> a broad, global view of AI legislation and compliance with a UK filter
> a broad view of current AI risk for 2025
> a deep inspection of what it means to get ready to bring generative AI capabilities to your own data
www.advania.co.uk/ai-governance/
> a broad, global view of AI legislation and compliance with a UK filter
> a broad view of current AI risk for 2025
> a deep inspection of what it means to get ready to bring generative AI capabilities to your own data
www.advania.co.uk/ai-governance/
Reposted by Tristan Watkins
Reposted by Tristan Watkins
NEW: Multiple researchers โ independent and crypto monitoring firms โ are accusing North Korean hackers of stealing $1.4 billion in crypto from Bybit.
Attribution is based on link to previous hacks and "characteristic pattern" of laundering the funds.
techcrunch.com/2025/02/24/r...
Attribution is based on link to previous hacks and "characteristic pattern" of laundering the funds.
techcrunch.com/2025/02/24/r...
Researchers accuse North Korea of $1.4 billion Bybit crypto heist | TechCrunch
North Korea is behind the massive crypto hack, according to several blockchain monitoring firms and a well-known researcher
techcrunch.com
February 24, 2025 at 4:55 PM
NEW: Multiple researchers โ independent and crypto monitoring firms โ are accusing North Korean hackers of stealing $1.4 billion in crypto from Bybit.
Attribution is based on link to previous hacks and "characteristic pattern" of laundering the funds.
techcrunch.com/2025/02/24/r...
Attribution is based on link to previous hacks and "characteristic pattern" of laundering the funds.
techcrunch.com/2025/02/24/r...
Reposted by Tristan Watkins
Microsoft's big quantum gamble pays off: they were harder to build (and about as hard to understand!) but Microsoft's topological qubits are more effective, easier to control - and will probably help design their own replacements.
Microsoft Makes Quantum Computing Breakthrough With New Chip
Microsoftโs breakthrough with the first topological qubits and its own quantum chip, Majorana 1, could outpace Googleโs brute force approach.
thenewstack.io
February 19, 2025 at 4:06 PM
Microsoft's big quantum gamble pays off: they were harder to build (and about as hard to understand!) but Microsoft's topological qubits are more effective, easier to control - and will probably help design their own replacements.
New post on contemporary AI risks for 2025: some old, some new. Includes my take on DeepSeek, Shadow AI, Data Sovereignty, Agents, risks from new modes, SLMs, and safety technologies. Some on generative AI on your own data as well, but going deeper on that soon. www.advania.co.uk/insights/blo...
Whatโs changed in AI risk?
Discover how the AI risk landscape has evolved over the past few years in our expert blog. Learn how to protect your organisation from AI-related threats and ensure compliance.
www.advania.co.uk
February 14, 2025 at 3:19 PM
New post on contemporary AI risks for 2025: some old, some new. Includes my take on DeepSeek, Shadow AI, Data Sovereignty, Agents, risks from new modes, SLMs, and safety technologies. Some on generative AI on your own data as well, but going deeper on that soon. www.advania.co.uk/insights/blo...
Reposted by Tristan Watkins
Apple has been secretly ordered to create an encryption back door for UK spying. If implemented, the secret order would give the UK access to encrypted backups belonging to any user โ not just Brits ๐ฒ www.theverge.com/news/608145/...
Apple ordered to open encrypted user accounts globally to UK spying
If implemented, the secret order would give the UK access to encrypted backups belonging to any user โ not just Brits.
www.theverge.com
February 7, 2025 at 11:35 AM
Apple has been secretly ordered to create an encryption back door for UK spying. If implemented, the secret order would give the UK access to encrypted backups belonging to any user โ not just Brits ๐ฒ www.theverge.com/news/608145/...
Veeam releases update to fix updater which you can fix with the compromised updater (YOLO) www.veeam.com/kb4712
KB4712: CVE-2025-23114
A vulnerability impacting the Veeam Updater component used by the proxy appliance within Veeam Backup for AWS, Veeam Backup for Google Cloud, Veeam Backup for Microsoft Azure, Veeam Backup for Nutanix...
www.veeam.com
February 5, 2025 at 5:35 PM
Veeam releases update to fix updater which you can fix with the compromised updater (YOLO) www.veeam.com/kb4712
Wasn't sure which news events the top point here was referencing for a minute
-USAID breached by cryptomining gang
-Tata deals with ransomware attack
-Wave of Twitter account hacks
-DeepSeek dealing with week-long DDoS attacks
-AWS Redshift has new secure defaults
-OAuth 2.0 Security guide becomes an RFC
-New FUNNULL group
-AngelSense GPS tracker leaks user data
-Tata deals with ransomware attack
-Wave of Twitter account hacks
-DeepSeek dealing with week-long DDoS attacks
-AWS Redshift has new secure defaults
-OAuth 2.0 Security guide becomes an RFC
-New FUNNULL group
-AngelSense GPS tracker leaks user data
February 3, 2025 at 11:42 AM
Wasn't sure which news events the top point here was referencing for a minute
FWIW, in the December shipmas post about o3 they said o3-mini was scheduled for release in January, but I take your broader point
January 31, 2025 at 5:10 PM
FWIW, in the December shipmas post about o3 they said o3-mini was scheduled for release in January, but I take your broader point
At least they had the endurance for it
Mizuno USA says hackers stayed in its network for two months
Mizuno USA says hackers stayed in its network for two months
โMizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024.
www.bleepingcomputer.com
January 31, 2025 at 3:23 PM
At least they had the endurance for it
I'm kicking off a set of related new content on AI governance, risk and compliance with this first post, which compares/contrasts AI regulation and compliance needs in the UK, EU and America. www.advania.co.uk/insights/blo...
How AI legislation and compliance in the UK compares with the rest of the world
Explore AI compliance and legislation in the UK, EU, and US with insights from Tristan Watkins. Understand the key differences and implications for your AI projects.
www.advania.co.uk
January 31, 2025 at 2:27 PM
I'm kicking off a set of related new content on AI governance, risk and compliance with this first post, which compares/contrasts AI regulation and compliance needs in the UK, EU and America. www.advania.co.uk/insights/blo...
This looks like quite a difficult problem to solve, with scarcely anyone willing to chuck their hat in the ring. It's being actively exploited up to RCE, and numerous bug reports are either Open or Won't Fix devco.re/blog/2025/01...
WorstFit: Unveiling Hidden Transformers in Windows ANSI! | DEVCORE ๆดๅคซๅฏ็พ
The research unveils a new attack surface in Windows by exploiting Best-Fit, an internal charset conversion feature. Through our work, we successfully transformed this feature into several practical a...
devco.re
January 28, 2025 at 11:04 AM
This looks like quite a difficult problem to solve, with scarcely anyone willing to chuck their hat in the ring. It's being actively exploited up to RCE, and numerous bug reports are either Open or Won't Fix devco.re/blog/2025/01...
This is brilliant beierle.win/2024-12-20-W...
FWIW, requiring signed WDAC policies would be a strong mitigation, but that's a big barrier to policy change, and quite far beyond what most organisations are ready for.
FWIW, requiring signed WDAC policies would be a strong mitigation, but that's a big barrier to policy change, and quite far beyond what most organisations are ready for.
Weaponizing WDAC: Killing the Dreams of EDR
beierle.win
January 21, 2025 at 5:44 PM
This is brilliant beierle.win/2024-12-20-W...
FWIW, requiring signed WDAC policies would be a strong mitigation, but that's a big barrier to policy change, and quite far beyond what most organisations are ready for.
FWIW, requiring signed WDAC policies would be a strong mitigation, but that's a big barrier to policy change, and quite far beyond what most organisations are ready for.
AI is getting real. Literally. AI is creating new types of matter. Quite real. Microsoft Research have open sourced these two matter discovery/generation and matter simulations tools, which significantly exceed human capability in the space www.microsoft.com/en-us/resear...
Rethinking materials innovation with AI
Microsoft researchers introduce MatterGen, a model that can discover new materials tailored to specific needsโlike efficient solar cells or CO2 recyclingโadvancing progress beyond trial-and-error expe...
www.microsoft.com
January 17, 2025 at 1:44 PM
AI is getting real. Literally. AI is creating new types of matter. Quite real. Microsoft Research have open sourced these two matter discovery/generation and matter simulations tools, which significantly exceed human capability in the space www.microsoft.com/en-us/resear...
Reposted by Tristan Watkins
Today at NCSC we published two blogs on our position regarding passkeys - the first is below (links to the second) - they are our future, not perfect but getting better..
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
Passkeys: they're not perfect but they're getting better
Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.
www.ncsc.gov.uk
January 15, 2025 at 9:58 AM
Today at NCSC we published two blogs on our position regarding passkeys - the first is below (links to the second) - they are our future, not perfect but getting better..
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
Understood. You could start here: github.com/microsoft/ke.... We normally build with Azure AI Search which includes services like Document Intelligence
GitHub - microsoft/kernel-memory: RAG architecture: index and query any data using LLM and natural language, track sources, show citations, asynchronous memory patterns.
RAG architecture: index and query any data using LLM and natural language, track sources, show citations, asynchronous memory patterns. - microsoft/kernel-memory
github.com
January 13, 2025 at 6:30 PM
Understood. You could start here: github.com/microsoft/ke.... We normally build with Azure AI Search which includes services like Document Intelligence
Finding the right chunk size (and the related delimiter(s) to parse on) can take some experimentation. Ultimately there is a whole art to this that is common to the world of traditional indexing technologies, but your data may submit well to something cheap/cheerful like this
January 13, 2025 at 6:20 PM
Finding the right chunk size (and the related delimiter(s) to parse on) can take some experimentation. Ultimately there is a whole art to this that is common to the world of traditional indexing technologies, but your data may submit well to something cheap/cheerful like this
There are frameworks/services to help with it if you have the appetite to dive in. Otherwise you can find delimiters to parse on (I find HTML is more reliable than MD), treat each as your chunk, verify those chunks will fit with your embeddings service, then store those embeddings in your vector DB
January 13, 2025 at 6:17 PM
There are frameworks/services to help with it if you have the appetite to dive in. Otherwise you can find delimiters to parse on (I find HTML is more reliable than MD), treat each as your chunk, verify those chunks will fit with your embeddings service, then store those embeddings in your vector DB