|
Cyberinsurance is a scam, largely because most cyberinsurance plans have stuff in fine print that actually requires to do some basic infosec stuff otherwise they won't pay out. Also: Most companies Disaster Recovery plans are never tested, if they exist at all. Part of why it was laughable when Pompeo was discussing outlawing paying raonsomware, as it would likely impact American business interests more than it would harm ransomware groups Source: I do Infosec consulting for Incident Response and Security Engineering
|
# ¿ Jan 18, 2021 05:57 |
|
|
# ¿ May 14, 2024 15:17 |
|
CyberPingu posted:Even with basic infosec stuff they sometimes don't pay out. Some companies won't pay out if info was stolen or downtime occured via a phishing attack. Yup, I've had a couple clients this happened to. Was not a pretty sight.
|
# ¿ Jan 18, 2021 15:19 |
|
Delta-Wye posted:if good guys aren't allowed to access public-but-unpublished URLs, only bad guys are going to be accessing those pages This is party of why a lot of Ethical Hackers, including me, push hard against anti-hacking laws that are overly broad. We work a lot with the EFF and others on that. Blue Footed Booby posted:Not to mention that applying for access to the information shows he knew access was restricted, and that anything he came up with after being rejected wasn't intended. Yup, that's the line. If you tell the group they have a vuln and demonstrate it, that's the limit of your responsible disclosure. If you exploit it, you may be setting yourself up for legal charges. There's still a lot of legal grey areas in ethical hacking, so you have to be careful. If you don't know what you are touching, stop while you are ahead. Its important too that you have access to a good lawyer who can help you review your responsible disclosures as well to protect yourself. CommieGIR fucked around with this message at 21:56 on Jan 26, 2021 |
# ¿ Jan 26, 2021 21:53 |