Default settings can be a systemic security risk. Wyden’s letter says Windows’ legacy RC4 support let attackers Kerberoast their way to privileged accounts after a contractor downloaded malware from a Bing search. Treating insecure defaults as an unfair practice would push vendors to ship safer baselines for critical infrastructure.
— Making vendors legally accountable for insecure defaults reframes cybersecurity from user hygiene to product safety, with consequences for Big Tech oversight and hospital resilience.
msmash
2025.09.10
100% relevant
Wyden’s FTC referral naming RC4-on-by-default in Windows exploited in the 2024 Ascension breach after a Bing-served malicious link.
← Back to All Ideas