October 2, 2016 at 6:43 am
Comments posted to this topic are about the item Coming Attacks
October 3, 2016 at 2:49 am
Steve Jones - SSC Editor (10/2/2016)
...if the criminals don't fundamentally ruin our trust...
This thought leads me to believe that the criminal elements have a huge need for stability which puts them as the opposition to groups like Anonymous. Ignoring the "are Anonymous freedom fighters or simply criminals" debate for a moment, but considering the almost impossible scenario of people abandoning the Internet, and especially the World Wide Web, are we leading to a future where the criminal element move into digital protection rackets? Is Ransomware just a childish, streetcorneresque version of it too?
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
October 3, 2016 at 2:54 am
Gary Varga (10/3/2016)
...are we leading to a future where the criminal element move into digital protection rackets? ...
"Nice website. Shame if anything were to...happen...to it..." :Whistling:
Thomas Rushton
blog: https://thelonedba.wordpress.com
October 3, 2016 at 3:03 am
ThomasRushton (10/3/2016)
Gary Varga (10/3/2016)
...are we leading to a future where the criminal element move into digital protection rackets? ..."Nice website. Shame if anything were to...happen...to it..." :Whistling:
It has been tried before yet I suspect that criminals have little to lose in trying again.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
October 3, 2016 at 6:51 am
99.99 percent of the internet is fragile. Why?
Nobody wants to spend the money and pass the laws make security seriously. We have millions of unpatched computers, consumer gear with default admin passwords, systems that shouldn't be connected to the internet that are, and almost all the software is written with unsafe programming languages and hodge-podge operating systems.
October 3, 2016 at 7:25 am
The Internet is a wonderful, collaborative resource, and will be for a long time if the criminals don't fundamentally ruin our trust in it.
Also, put this all into the perspective of cloud computing. The Internet is a wonderful platform for public information exchange and collaboration... if that's what you're essentially needing to do. However, over time corporations and governments have leveraged this network platform for running their enterprise infrastructure, even using it for internal applications and databases that should never be accessed by the public. Not only are these enterprises vulnerable to things like intentional denial of service attacks, but they have to compete for bandwidth with children streaming episodes of Scooby Doo.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
October 3, 2016 at 8:29 am
Its a balance of risks. Private VPNs were very expensive and I would bet more likely to fail than the public network.
Additionally the risks on a private network are more likely to affect just you.
412-977-3526 call/text
October 3, 2016 at 8:40 am
robert.sterbal 56890 (10/3/2016)
Its a balance of risks. Private VPNs were very expensive and I would bet more likely to fail than the public network.Additionally the risks on a private network are more likely to affect just you.
It depends on the organization, but it seems a targeted attack is less likely than simply being collateral damage in a political or state sponsored attack against the broader public internet.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
October 3, 2016 at 8:43 am
Most large scale attacks require a change of business, and insurable risk.
A glitch at a vendor isn't typically an insurable risk.
412-977-3526 call/text
October 3, 2016 at 9:57 am
Eric M Russell (10/3/2016)
...have to compete for bandwidth with children streaming episodes of Scooby Doo.
Scooby Doo wins every time!!!
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
October 3, 2016 at 10:21 am
chrisn-585491 (10/3/2016)
99.99 percent of the internet is fragile. Why?Nobody wants to spend the money and pass the laws make security seriously. We have millions of unpatched computers, consumer gear with default admin passwords, systems that shouldn't be connected to the internet that are, and almost all the software is written with unsafe programming languages and hodge-podge operating systems.
I think it's a mix. There are fundamentally broken elements, and some not so broken. There are also new things we learn constantly. Systems we considered safe yesterday (TLS, OpenSSL, etc.) are not today.
The updates, the decision to make changes, rewrite, or learn more, are hard ones. Even knowing what is the best way is hard. Not to mention, that if we all wrote the same way, say we all used a best practice today, then any flaw means that every single system is vulnerable.
Don't get me wrong, I think we need to update and patch systems, and as much as the auto Windows updates annoy me, I think it's a better way. I just wish MS had more accountability for issues, and perhaps more focus on secure systems.
Not picking on MS, all other vendors have issues as well.
October 3, 2016 at 11:07 am
Steve Jones - SSC Editor (10/3/2016)
chrisn-585491 (10/3/2016)
99.99 percent of the internet is fragile. Why?Nobody wants to spend the money and pass the laws make security seriously. We have millions of unpatched computers, consumer gear with default admin passwords, systems that shouldn't be connected to the internet that are, and almost all the software is written with unsafe programming languages and hodge-podge operating systems.
I think it's a mix. There are fundamentally broken elements, and some not so broken. There are also new things we learn constantly. Systems we considered safe yesterday (TLS, OpenSSL, etc.) are not today.
The updates, the decision to make changes, rewrite, or learn more, are hard ones. Even knowing what is the best way is hard. Not to mention, that if we all wrote the same way, say we all used a best practice today, then any flaw means that every single system is vulnerable.
Don't get me wrong, I think we need to update and patch systems, and as much as the auto Windows updates annoy me, I think it's a better way. I just wish MS had more accountability for issues, and perhaps more focus on secure systems.
Not picking on MS, all other vendors have issues as well.
One of the problems that they're finding now, that is adding to the headaches of trying to secure the Internet, is devices which were once secure, but no longer, or that were never secure to begin with, which manufacturers have either abandoned or never update.
A prime example of that is the recent DDoS attack against Krebsonsecurity.com, which apparently utilized vast numbers of default configured webcams (!!!) to propagate the attack. The issue with the rush to the "Internet-of-Things" is that the manufacturers roll out a device with often little or no security, hard-coded (!!!) admin passwords (and sometimes even back-door admin access) and then never release any sort of update to secure them when a vulnerability is found...
Which, really, comes around to "why in the H*LL does my refrigerator need to be on the internet in the first place?" So I can remotely check my groceries? MAKE A FRICKIN' LIST before you go shopping!
Worse, it's only going to get worse and I really doubt it will ever get better...
October 3, 2016 at 11:10 am
Eric M Russell (10/3/2016)
The Internet is a wonderful, collaborative resource, and will be for a long time if the criminals don't fundamentally ruin our trust in it.
Also, put this all into the perspective of cloud computing. The Internet is a wonderful platform for public information exchange and collaboration... if that's what you're essentially needing to do. However, over time corporations and governments have leveraged this network platform for running their enterprise infrastructure, even using it for internal applications and databases that should never be accessed by the public. Not only are these enterprises vulnerable to things like intentional denial of service attacks, but they have to compete for bandwidth with children streaming episodes of Scooby Doo.
Agree that many companies have misused the Internet in that they haven't taken adequate security precautions. I wish that everyone would focus more on better OS, network, app, etc. security.
The DDOS stuff always happens, and arguably, cloud providers are better suited to deal with this. Most of the corporate network staff I know has no idea how to properly manage QoS, much less dealing with DDOS attacks.
Bandwidth concerns aren't really an issue. The cloud providers don't have single pipes. Large companies doing streaming are doing so with CDNs, separate pipes, and more from cloud providers. We are always competing for bandwidth at times. That's the nature of business and customers.
October 3, 2016 at 11:12 am
Eric M Russell (10/3/2016)
robert.sterbal 56890 (10/3/2016)
Its a balance of risks. Private VPNs were very expensive and I would bet more likely to fail than the public network.Additionally the risks on a private network are more likely to affect just you.
It depends on the organization, but it seems a targeted attack is less likely than simply being collateral damage in a political or state sponsored attack against the broader public internet.
Yes and no. It changes the nature of attacks. Telcos can get hacked, and having private lines means attackers can focus in a particular area. A company might be driven to even less security with supposedly private lines.
Having things on the public internet can mean more noise that makes it hard to focus, but also harder to defend.
There isn't a good solution here, or at least, no perfect solution.
October 3, 2016 at 11:18 am
jasona.work (10/3/2016)
Which, really, comes around to "why in the H*LL does my refrigerator need to be on the internet in the first place?" So I can remotely check my groceries? MAKE A FRICKIN' LIST before you go shopping!
Worse, it's only going to get worse and I really doubt it will ever get better...
I am sure things will get worse. Apart from criminals, we have bored and smart people that are vandals, just wanting to cause trouble, or experiment, for fun.
I dislike you, or anyone, making a decision about what is good or bad. Plenty of people do want some devices attached to a network. Turn the oven off, change the heat, etc. Some people want to do this remotely, or double check. I'll admit I think locking my car doors remotely was dumb.
Until I was in a hurry at the airport, got on the shuttle and couldn't remember if I'd locked anything. I appreciated it then.
What I'd wish for is a minimal security framework that we mandate for devices sold. I can't do anything about what you build, but I'd want routers and fridges, and webcams to require a certain level of authentication. And mandate a way to update, preferably physical, that ensures we can secure these when we find issues.
I'd also require that any EOL produce must release the source code as open source for patching by users. I would be not asking this to be public domain for anyone to use in their own product, but open source, with the original vendor retaining copyright control over how the code can be used. They just can't maintain closed source if they won't patch the system.
Edit : clarified open source v public domain. Reworded.
Viewing 15 posts - 1 through 15 (of 23 total)
You must be logged in to reply to this topic. Login to reply