alexlongterm's comments

Don't think twice. Keep backups and encrypt your laptops if you care about any of your data and your laptop travels beyond your desk and a locked safe.

^^^ this. In fact in the US the IRS will flag abnormally high salaries for small businesses (millions per individual) if no or very few dividends are paid out because income tax is less favorable to the government in the total amount the IRS receives when looking at multi million dollar salaries. Beyond the first $110kish FICA stops making a dent as social security caps out. I'm sure there are possible loopholes for very wealthy individuals but this article doesn't detail them and I'm not familiar with them either. This is the opposite of other places like Sweden where high income tax and low business taxes make dividends very favorable, and the tax authorities there will question paying dividends at too low of income levels.

On the same topic of CSRF prevention, we also recently wrote about the dangers of using Content Types for security -- https://medium.com/@longtermsec/chrome-just-hardened-the-nav...

Having worked in IR in various capacities in the past, I'd like to point out that many intrusions are not shared publicly. There are definitely targeted intrusions that begin with XSS or CSRF, you just don't hear about them.

As for the majority of hacks being something else I full on agree. I think phishing for credentials and malware installs, and leaked credentials in recent years, makes up the majority of intrusions. Many of those are opportunistic though and not necessarily targeted

We wrote a guide for google suite admins on how to lock down their domain. Oauth and phishing are major threats and google could do much more here https://medium.com/@longtermsec/more-tips-for-securing-your-...