|
? This poll is closed. |
|||
|---|---|---|---|
| Yes |
|
44 | 35.20% |
| No |
|
81 | 64.80% |
| Total: | 125 votes | ||
|
https://twitter.com/madebyhistory/status/1338197952754544641?s=20 I realize the news cycle has long blown past Morocco and Western Sahara business five years ago but good article from a history professor at my alma mater
|
#
?
Dec 14, 2020 19:48
|
|
|
|
| # ? Jun 2, 2024 23:26 |
|
|
gently caress spreading it. I'm going once to get everything I can so I get all the suffering out of the way in a weekend.
|
|
#
?
Dec 14, 2020 19:54
|
|
|
RFC2324 posted:This vaccine is going to turn out horrible and decimate our medical community Our medical community is being decimated by the virus....seriously: https://www.thelancet.com/journals/lancet/article/PIIS0140-6736(20)32478-8/fulltext
|
|
#
?
Dec 14, 2020 20:10
|
|
|
lol https://twitter.com/dave_brown24/status/1338536436425961479?s=21 quote:Edward Nicolae Luttwak is a strategist and historian known for his works on grand strategy, geoeconomics, military history, and international relations. He is best known for being the author of ''Coup d'État: A Practical Handbook'.
|
|
#
?
Dec 14, 2020 20:16
|
|
|
It’s actually a really good book. Present irony notwithstanding. Edit: the Luttwak comment didn’t appear in the quote for someone.
|
|
#
?
Dec 14, 2020 20:16
|
|
|
WaPo reporting DHS also affected by the solarwinds supply chain attacks: https://www.washingtonpost.com/nati...4aff_story.html
|
|
#
?
Dec 14, 2020 20:37
|
|
|
Soylent Pudding posted:WaPo reporting DHS also affected by the solarwinds supply chain attacks: https://www.washingtonpost.com/nati...4aff_story.html Just finished grad cyber intel course yesterday when the news hit. Russian APTs are the best in the world with the quickest breakout time, followed by China who are couple hours behind. Basically nothing about this is surprising that it is Russia, how deep they got, and how unprepared the agencies were.
|
|
#
?
Dec 14, 2020 21:00
|
|
|
Meshka posted:Just finished grad cyber intel course yesterday when the news hit. Russian APTs are the best in the world with the quickest breakout time, followed by China who are couple hours behind. Basically nothing about this is surprising that it is Russia, how deep they got, and how unprepared the agencies were. So what can we actually do in response? Besides defensive securing of stuff. I mean in terms of giving the Russian Government a strong “gently caress off” message.
|
|
#
?
Dec 14, 2020 21:03
|
|
|
MazelTovCocktail posted:I mean in terms of giving the Russian Government a strong “gently caress off” message. lol
|
|
#
?
Dec 14, 2020 21:05
|
|
|
Well perhaps waiting until after the inauguration.
|
|
#
?
Dec 14, 2020 21:05
|
|
|
Meshka posted:Just finished grad cyber intel course yesterday when the news hit. Russian APTs are the best in the world with the quickest breakout time, followed by China who are couple hours behind. Basically nothing about this is surprising that it is Russia, how deep they got, and how unprepared the agencies were. The fun thing about supply chain attacks is that they hit even prepared agencies hard. That said between the notPetya and CCleaner attacks something like this was inevitable. Supply chain vulnerability awareness has been growing but not fast enough to head this off alas
|
|
#
?
Dec 14, 2020 21:18
|
|
|
MazelTovCocktail posted:So what can we actually do in response? Besides defensive securing of stuff. I mean in terms of giving the Russian Government a strong “gently caress off” message. I don’t think there is anything to do, but shore up defenses. It would be fair to assume that US does the same thing and this is the new way of doing espionage. If both sides do it, an over retaliation by one side is not good and will lead to future consequences.
|
|
#
?
Dec 14, 2020 21:24
|
|
|
Pornhub nuked all their user uploaded videos this morning. RIP jerkin' it, I guess.
|
|
#
?
Dec 14, 2020 21:30
|
|
|
The thing about offensive cyber is you have to assume your weapons only work once, so if you've got the capability to melt their power grid, blowing it on "sending a message" is less than prudent
|
|
#
?
Dec 14, 2020 21:31
|
|
Vincent Van Goatse posted:Pornhub nuked all their user uploaded videos this morning. RIP jerkin' it, I guess. shame on an IGA posted:The thing about offensive cyber is you have to assume your weapons only work once, so if you've got the capability to melt their power grid, blowing it on "sending a message" is less than prudent
|
|
|
#
?
Dec 14, 2020 21:33
|
|
|
MazelTovCocktail posted:So what can we actually do in response? Besides defensive securing of stuff. I mean in terms of giving the Russian Government a strong “gently caress off” message. The reality is: You are going to get hacked. Its inevitable, and no we shouldn't talk physical retaliation over it. Lessons learned, patch, cleanup, and train.
|
|
#
?
Dec 14, 2020 21:37
|
|
|
Can someone explain what exactly happened, to whom, and what it means? Everything I've seen linked is a little too technical for my dumb brain.
|
|
#
?
Dec 14, 2020 21:39
|
|
|
Hot Karl Marx posted:https://twitter.com/realDonaldTrump/status/266038556504494082?ref_src=twsrc%5Etfw even a broken clock...
|
|
#
?
Dec 14, 2020 21:41
|
|
|
That Works posted:This is amazing and terrible. 
|
|
#
?
Dec 14, 2020 21:44
|
|
|
A Bad Poster posted:Can someone explain what exactly happened, to whom, and what it means? Everything I've seen linked is a little too technical for my dumb brain. https://mobile.twitter.com/KimZetter/status/1338389130951061504
|
|
#
?
Dec 14, 2020 21:45
|
|
|
Between this: Solarwinds is a fairly old company with some bad practices in exposing certain devices (common in Enterprise), one way or another an attacker managed to gain access to the build server (the box that takes your code, compiles it, and then signs the compiled package to be deployed), and slipped in a compromise. The compromise modified a DLL in Solarwinds, and allowed the attacker access to any Solarwinds box that applied the patch, which allowed them to deploy another DLL that looks like a Windows native DLL, that allowed the attacker to send "Jobs" to the compromised system to execute recon and attacks against the system and network. Solarwinds is a Network Monitoring tool used heavily in Fortune 500s and Government. TL;DR: They poisoned the watering hole that is used by A LOT of IT departments, and it spready itself under a legitimate application with a signed certificate saying it was "valid"
|
|
#
?
Dec 14, 2020 21:51
|
|
|
Meshka posted:I don’t think there is anything to do, but shore up defenses. It would be fair to assume that US does the same thing and this is the new way of doing espionage. If both sides do it, an over retaliation by one side is not good and will lead to future consequences. Fair enough.
|
|
#
?
Dec 14, 2020 21:51
|
|
|
CommieGIR posted:Between this: one way or another https://twitter.com/vinodsparrow/status/1338431183588188160 https://twitter.com/Viss/status/1338575536793083906?s=20
|
|
#
?
Dec 14, 2020 21:53
|
|
|
CommieGIR posted:The reality is: You are going to get hacked. Its inevitable, and no we shouldn't talk physical retaliation over it. I studied this in grad school and those lessons are far from learned. Everyone should have an interest in best practices for cybersecurity and there should be a minimum level of understanding. Unfortunately, due to the complexity of the subject actual professionals are rare and expensive, and everyone vastly underestimates their need and exposure. Companies want to try using traditional marketing for this but it is insufficient to break through the complexity wall and I believe a more basic approach of supporting mandatory cybersecurity classes in schools is necessary.
|
|
#
?
Dec 14, 2020 21:58
|
|
|
A Bad Poster posted:Can someone explain what exactly happened, to whom, and what it means? Everything I've seen linked is a little too technical for my dumb brain. It's the BOFH except at the international espionage level
|
|
#
?
Dec 14, 2020 21:58
|
|
|
lightpole posted:I studied this in grad school and those lessons are far from learned. Everyone should have an interest in best practices for cybersecurity and there should be a minimum level of understanding. Unfortunately, due to the complexity of the subject actual professionals are rare and expensive, and everyone vastly underestimates their need and exposure. Companies want to try using traditional marketing for this but it is insufficient to break through the complexity wall and I believe a more basic approach of supporting mandatory cybersecurity classes in schools is necessary. Yup. So many enterprise IT systems are GENERATIONS of tech debt and old growth, its impossible to really secure without burning down the stuff that makes the money. You can secure it better, but the best infosec strategy is to make sure you've got good, offline backups and monitor, log, and practice.
|
|
#
?
Dec 14, 2020 22:01
|
|
|
I have a lot of thoughts on the subject and not much time to give my Ted talk. The short, short, short version is we have about three (human) generations of IT technology never designed with security in mind now globally interconnected. Security is still seen as an optional upgrade strongly encouraged to be purchased by the end user. So you don't get economies of scale because no one has the incentive to remove generations of poor design choices and rearchitect our digital infrastructure in a secure way. Basically the public only sees the wildfires but the actual issue is the decades of abysmal digital forest ecosystem management.
|
|
#
?
Dec 14, 2020 22:05
|
|
|
Soylent Pudding posted:I have a lot of thoughts on the subject and not much time to give my Ted talk. The short, short, short version is we have about three (human) generations of IT technology never designed with security in mind now globally interconnected. Security is still seen as an optional upgrade strongly encouraged to be purchased by the end user. So you don't get economies of scale because no one has the incentive to remove generations of poor design choices and rearchitect our digital infrastructure in a secure way. Basically the public only sees the wildfires but the actual issue is the decades of abysmal digital forest ecosystem management. Yep, organizations are also as strong as their weakest link which is the idiot who always open the email attachment. Groups doing it are also very good, government or criminal. Russians and Chinese put a lot of resources in offensive operations and criminal groups are now organized into franchises where you can buy all the tools to do a ransomware attack for a % of payout
|
|
#
?
Dec 14, 2020 22:28
|
|
|
MazelTovCocktail posted:Also for people who want to deep dive into the data. There is no deep dive, I'm waiting for somebody to god drat publish something
|
|
#
?
Dec 14, 2020 22:47
|
|
|
Dumb poo poo like this is why your password has to be random hieroglyphics and a mating call from an ancient and extinct language, plus a capital and lowercase letter.
|
|
#
?
Dec 14, 2020 22:48
|
|
|
Woofer posted:Dumb poo poo like this is why your password has to be random hieroglyphics and a mating call from an ancient and extinct language, plus a capital and lowercase letter. Look at this scrub who doesn’t have to use numbers and special characters.  I swear 1Pass is the only thing that makes this tolerable...until some app doesn’t allow for logging on an app or website instead of typing it in. Worse a website that doesn’t support copy and paste or auto fill. Also I feel the guy who came up with a lot of password recommendations said using three unique words (or some variation) and not requiring people to constantly change them (which for a long time was a reason for some truly truly lovely passwords).
|
|
#
?
Dec 14, 2020 22:55
|
|
|
Man, fuuuuuuuck Dan Crenshaw.
|
|
#
?
Dec 14, 2020 22:55
|
|
|
I run InfoSec, particularly AppSec for a major tech firm. AMA about how today is going. (No we don't have SolarWinds and it loving owns.) This was essentially a Zero-day type attack, while it wasn't due to any inherent insecurity in the Solarwinds/Orion application, it might as well fuckin been. To the average company, there was no way to mitigate this from happening, unless you were running an internal blue/red team on all of the applications you used and had some pretty gnarly contractual provisions to do the same on your vendors. There's a reason why the attackers explicitly avoided the IP ranges of certain companies when deploying this sort of attack. To the point of the Russians/Chinese being the "best" that's simply not true. They're the fastest to blow their exploits for sure, and they are able to quickly and thoroughly exploit open networks, but the rating of "best" goes to either the US or Israelis due to the fact that they're able to exploit, compromise, and operating within systems for years without blowing their load like this. The Russian model, and the derivative Chinese methodology is to breach hard and fast to shame or cause an adverse reaction on the target, most other nation-state actors (and honestly, there are really maybe 5 at that level) are more low and slow about it.
|
|
#
?
Dec 14, 2020 22:59
|
|
|
So what's these folks angle, besides just creating propaganda for internal consumption? https://twitter.com/koi529/status/1338566044055646213 Is that just it?
|
|
#
?
Dec 14, 2020 23:07
|
|
|
Pine Cone Jones posted:So what's these folks angle, besides just creating propaganda for internal consumption? Yes. "They tried to vote for Trump who totally won and were rejected! Fraud!"
|
|
#
?
Dec 14, 2020 23:09
|
|
|
Pine Cone Jones posted:So what's these folks angle, besides just creating propaganda for internal consumption? They didn't though. No map is backing this up?
|
|
#
?
Dec 14, 2020 23:10
|
|
|
That's because it's a random twitter dipshit.
|
|
#
?
Dec 14, 2020 23:12
|
|
|
Pine Cone Jones posted:So what's these folks angle, besides just creating propaganda for internal consumption? Doing a song and dance for GOP voters to keep the faith.
|
|
#
?
Dec 14, 2020 23:12
|
|
|
Immanentized posted:They didn't though. No map is backing this up? Yeah, it's just a trump internal propaganda piece, there's no reality to it.
|
|
#
?
Dec 14, 2020 23:12
|
|
|
|
| # ? Jun 2, 2024 23:26 |
|
|
lightpole posted:Last time I saw my Dr I told him I didn't want the flu shot cause I didn't want autism. He said it was too late. 
|
|
#
?
Dec 14, 2020 23:19
|
|
