Dude your gettin’ a hack (Dell)

Ha. They all have em. This one is interesting because it’s been there for 12 years worth of models.
 
One day, computers will be as secure as the telephone network ;)
 
GeorgeC said:
One day, computers will be as secure as the telephone network ;)
Click to expand...

The problem with that way of thinking is it isn’t about your security.

Your (old school) phone couldn’t be used by nation-states as a distributed attack fleet of hundreds of thousands of devices.

The really bad people couldn’t care less about your data. They want your processor and your network connection. You’re meaningless to them.

(Unless you’re storing logins or other access data that allow them to move laterally and then up the food chain.)
 
Yes, patch your Dell, but the problem doesn't begin to address the security issues in computers. They are fundamentally insecure because at the basic level, the people running systems don't understand what the software does. There are so many holes, it's almost like the systems were built to be insecure.

Don't believe me? Let me set up a website for you to visit...
 
once you get to a certain level of security, the user becomes the weak link. It doesn't matter how secure the system is if you can compromise the user.
 
Bob Noel said:
once you get to a certain level of security, the user becomes the weak link. It doesn't matter how secure the system is if you can compromise the user.
Click to expand...

Sure but again that’s not the type of threat seen today.

You can’t compromise hundreds of thousands of users and convince them to all learn how to make a network attack simultaneously.

“Hey y’all. Run this script.” LOL.

Or even to log into something and watch and wait for months for the correct conditions to do something, which was a significantly complex set of rules (and done very well) in the SolarWinds attack.

(It knew to stay quiet if it found itself running on a long list of large tech company and security company networks.)

You’re focused on the wrong scenario. Almost none of the significant attacks target individuals anymore. They target systems.
 
denverpilot said:
You’re focused on the wrong scenario. Almost none of the significant attacks target individuals anymore. They target systems.
Click to expand...
Sorta.

The goal is to get data or extract money.

The stuff being done on behalf of nation-states is targeting data, which can be exploited to find weaknesses in national physical defense systems (or software systems that would allow physical damage to be done) or to gain a competitive advantage. SolarWinds fell into that category. As do exploits that target the USG or major US contractors. "Competitive advantage" means anything from stealing intellectual property to build cheaper competing systems to giving the US (and other countries) a black eye for security in order to convince people that your products are superior. (Of course with folks like Boeing that produce flawed systems that cause plane accidents, exploits really can only make it worse).

"Money" generally covers getting enough data to create ransomware attacks (those will target individuals as well as organizations), extortion, and the like, and they may include use of data to kidnap or otherwise cause individual harm so great that someone is willing to pay some kind of ransom.

And yes, data can be used to exploit other systems.

But it is accurate to say that systems are targeted because they contain the data to be exploited. And they can be used to disrupt entire economies or factories.
 
You forgot political blackmail material. A number of recent attacks didn’t want money or defense data, they wanted the darker secrets. Ultimately they were targeting blackmail material for power/leverage over an entity.
 
Bob Noel said:
once you get to a certain level of security, the user becomes the weak link. It doesn't matter how secure the system is if you can compromise the user.
Click to expand...

True. And we are nowhere near that level of security.

If you want to scare yourself into unplugging the network from the wall, go take a good, systems based course on cybersecurity. The number of ways to gain access to a system will make you want to quit technology forever.
 
bflynn said:
True. And we are nowhere near that level of security.

If you want to scare yourself into unplugging the network from the wall, go take a good, systems based course on cybersecurity. The number of ways to gain access to a system will make you want to quit technology forever.
Click to expand...

Or ask for a mid six figures salary if anyone wants you to be in charge of it.

When it finally happens you can exit to a nice island beach. Because it’s an impossible task.
 
You must log in or register to reply here.
Back
Top