silvrsvt Posted June 10, 2021 Share Posted June 10, 2021 2 hours ago, jpd80 said: it would help immensely if leaders of critical infrastructure would get their act together and strengthen access to their sites. Two step authorisation is a pain but it seems to stop a lot of scammers in their tracks. I work in Cybersecurity and the issue is just funding and getting people to buy off on it...heck I work for a branch of the DOD and its been a major challenge to get leadership to buy off on things. There are alot of things companies can start doing, but it all involves costs of support and IT is often viewed a non profit center and is starved of funding because of that. Its the old spend $100 to stop an attack that costs $1 for the attacker to do. 3 1 Quote Link to comment Share on other sites More sharing options...
jpd80 Posted June 11, 2021 Share Posted June 11, 2021 (edited) 3 hours ago, paintguy said: Hard to separate out, as these nations appear to make little effort to stem these gangs. Add that to the fact that foreign companies in these countries operate as partnerships with approved local companies. Don't see that in the US. Gives the impression that in these "Iron Curtain" countries nothing happens without government knowledge. That may or may not be so as ransomware seems like a small time criminal endeavour in a dysfunctional political system where as state sanctioned malicious acts tend to be more outright crippling of infrastructure with no demand for payment Edited June 11, 2021 by jpd80 Quote Link to comment Share on other sites More sharing options...
slemke Posted June 11, 2021 Share Posted June 11, 2021 2 hours ago, jpd80 said: That may or may not be so as ransomware seems like a small time criminal endeavour in a dysfunctional political system where as state sanctioned malicious acts tend to be more outright crippling of infrastructure with no demand for payment Time to put pressure on the “dysfunctional political system” to crack down on the criminal endeavors. They do it because they can get away with it. 1 Quote Link to comment Share on other sites More sharing options...
jpd80 Posted June 11, 2021 Share Posted June 11, 2021 3 hours ago, slemke said: Time to put pressure on the “dysfunctional political system” to crack down on the criminal endeavors. They do it because they can get away with it. Or, just make your computers more secure by a few simple things and then, the problem goes away…. Quote Link to comment Share on other sites More sharing options...
fuzzymoomoo Posted June 11, 2021 Share Posted June 11, 2021 5 hours ago, slemke said: Time to put pressure on the “dysfunctional political system” to crack down on the criminal endeavors. They do it because they can get away with it. HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA Oh man that's a good one. You can't expect the system to change anything when they don't even follow their own rules 1 Quote Link to comment Share on other sites More sharing options...
slemke Posted June 11, 2021 Share Posted June 11, 2021 5 hours ago, jpd80 said: Or, just make your computers more secure by a few simple things and then, the problem goes away…. Easier said than done. Some of the problems are baked into the architecture. The folks will just move on and find the next vulnerability. It’s a never ending game of one up man ship. As Silversvt stated, spend $100 to ward off an attack that cost $1. In the end, it will be a combination of tighter computer security and government crackdown on the criminals. As Fuzzy eloquently stated that’s not likely to happen in Russia, China, Iran, etc anytime soon. Only if it benefits them will they do anything about it. 1 Quote Link to comment Share on other sites More sharing options...
silvrsvt Posted June 11, 2021 Share Posted June 11, 2021 13 minutes ago, slemke said: Easier said than done. Some of the problems are baked into the architecture. The folks will just move on and find the next vulnerability. It’s a never ending game of one up man ship. As Silversvt stated, spend $100 to ward off an attack that cost $1. In the end, it will be a combination of tighter computer security and government crackdown on the criminals. As Fuzzy eloquently stated that’s not likely to happen in Russia, China, Iran, etc anytime soon. Only if it benefits them will they do anything about it. The issue is that too many people don't understand Risk assessment-You can tighten up your security based on the threat (educate your users on basic cybersecurity, etc) and cover 80-90% of the threat instead of chasing down 100%, which is impossible. Better to be good then perfect and the only thing you have to worry about are Black Swan style events then. But the bigger issue is that you need to get a baseline first and identify your weaknesses first. 2 Quote Link to comment Share on other sites More sharing options...
jpd80 Posted June 11, 2021 Share Posted June 11, 2021 7 minutes ago, silvrsvt said: The issue is that too many people don't understand Risk assessment-You can tighten up your security based on the threat (educate your users on basic cybersecurity, etc) and cover 80-90% of the threat instead of chasing down 100%, which is impossible. Better to be good then perfect and the only thing you have to worry about are Black Swan style events then. But the bigger issue is that you need to get a baseline first and identify your weaknesses first. Also, the issue is larger companies and those with a lot to lose should be doubling down on security. Quote Link to comment Share on other sites More sharing options...
FordBuyer Posted June 11, 2021 Share Posted June 11, 2021 18 hours ago, silvrsvt said: I have a friend who sells stone to contractors and he was saying the same thing about masonry...they are about two months out from running out of things. Stuff that only took 2-3 days to get is easily doubling that now and selection is limited. This summer should be interesting on how shortages play out. All new home construction completion has stopped here because of lack of electrical wire. In a normal year over 2,000 homes are built in this area of Central FL. Now none. Big blow to local economy. On a good note, Mullinax Ford has taken delivery of at least 100 new Fords in last 2 weeks and inventory has grown modestly. Mostly FSeries, Escape, and BS. Quote Link to comment Share on other sites More sharing options...
FordBuyer Posted June 11, 2021 Share Posted June 11, 2021 1 hour ago, jpd80 said: Also, the issue is larger companies and those with a lot to lose should be doubling down on security. Local University of Florida Shands Hospital System was hacked couple weeks ago and everything is now done by paper and pencil until further notice. 1 Quote Link to comment Share on other sites More sharing options...
akirby Posted June 11, 2021 Share Posted June 11, 2021 1 hour ago, jpd80 said: Also, the issue is larger companies and those with a lot to lose should be doubling down on security. There are 3 basic levels of IT security. Network (firewalls) - denies access and limits scope of access System (OS) - denies entry if they do manage to get network access Application - limits what they can do if they get into the system. Seems to me infrastructure controllers would be fairly static. I would have a clean copy of the app on standby (powered down/off the network) so that you could effectively just wipe any compromised systems and start over (hopefully after identifying and fixing the vulnerability). This is pretty easy to do in the cloud but can also be done with hardware. It can also be done with transaction processing systems with a lot of real time data updates but it’s much harder. The question isn’t can they get in. The question is when they get in what are you going to do about it. 3 Quote Link to comment Share on other sites More sharing options...
jpd80 Posted June 11, 2021 Share Posted June 11, 2021 9 minutes ago, akirby said: There are 3 basic levels of IT security. Network (firewalls) - denies access and limits scope of access System (OS) - denies entry if they do manage to get network access Application - limits what they can do if they get into the system. Seems to me infrastructure controllers would be fairly static. I would have a clean copy of the app on standby (powered down/off the network) so that you could effectively just wipe any compromised systems and start over (hopefully after identifying and fixing the vulnerability). This is pretty easy to do in the cloud but can also be done with hardware. It can also be done with transaction processing systems with a lot of real time data updates but it’s much harder. The question isn’t can they get in. The question is when they get in what are you going to do about it. Perhaps critical infrastructure should not be linked to the internet but to its own intranet with no actual connection to the outside world but the problem remains with need for remote login for employees. 3 Quote Link to comment Share on other sites More sharing options...
jcartwright99 Posted June 11, 2021 Share Posted June 11, 2021 46 minutes ago, akirby said: There are 3 basic levels of IT security. Network (firewalls) - denies access and limits scope of access System (OS) - denies entry if they do manage to get network access Application - limits what they can do if they get into the system. Seems to me infrastructure controllers would be fairly static. I would have a clean copy of the app on standby (powered down/off the network) so that you could effectively just wipe any compromised systems and start over (hopefully after identifying and fixing the vulnerability). This is pretty easy to do in the cloud but can also be done with hardware. It can also be done with transaction processing systems with a lot of real time data updates but it’s much harder. The question isn’t can they get in. The question is when they get in what are you going to do about it. You can't forget people. Education is key. You can have the most secure infrastructure in place but a phone call or email to a gullible employee can be your weakest link. We have an security team that randomly "tests" people. You fail a few of those tests, you get no bonus. If you get fooled again, out of the job. You would be surprised on how many of these hacks are not buy exploiting infrastructure security, more exploiting the weakness of employees. It's all over once they are in. 5 Quote Link to comment Share on other sites More sharing options...
BarneyFord Posted June 11, 2021 Share Posted June 11, 2021 9 minutes ago, jcartwright99 said: You can't forget people. Education is key. You can have the most secure infrastructure in place but a phone call or email to a gullible employee can be your weakest link. We have an security team that randomly "tests" people. You fail a few of those tests, you get no bonus. If you get fooled again, out of the job. You would be surprised on how many of these hacks are not buy exploiting infrastructure security, more exploiting the weakness of employees. It's all over once they are in. Our weakest link was managers. Doing stupid stuff with emails. Everyone else did the training too but complied. 1 Quote Link to comment Share on other sites More sharing options...
silvrsvt Posted June 11, 2021 Share Posted June 11, 2021 15 minutes ago, jcartwright99 said: You can't forget people. Education is key. You can have the most secure infrastructure in place but a phone call or email to a gullible employee can be your weakest link. We have an security team that randomly "tests" people. You fail a few of those tests, you get no bonus. If you get fooled again, out of the job. You would be surprised on how many of these hacks are not buy exploiting infrastructure security, more exploiting the weakness of employees. It's all over once they are in. At another job I worked at, we had a plugin for Outlook that you could report phishing emails with. They used to send out fake emails to test employees everyone once in a while. The site I was at did pretty well, but I'd also used to brief new employees and gave Phishing email and other security classes to the people there. Plus we had just under 100 employees, so it was simpler to keep track of them and alot of them (they where assemblers for electronics) didn't even use their emails at their terminals LOL. 1 Quote Link to comment Share on other sites More sharing options...
rmc523 Posted June 12, 2021 Share Posted June 12, 2021 15 hours ago, fuzzymoomoo said: HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA Oh man that's a good one. You can't expect the system to change anything when they don't even follow their own rules "Do as I say, not as I do" 1 Quote Link to comment Share on other sites More sharing options...
akirby Posted June 12, 2021 Share Posted June 12, 2021 Back in the 90s my buddy saw a developer was surfing porn in the office (on the router). It wasn’t a big deal back then so he just went to him and said no big deal just don’t do it any more. He denied it. My buddy said look we know it was you (by the IP address) but he continued to deny it. He said you can’t prove it! My buddy called his boss and said fire him. For surfing porn? No for being an idiot. 3 Quote Link to comment Share on other sites More sharing options...
Harley Lover Posted June 13, 2021 Share Posted June 13, 2021 Quote Link to comment Share on other sites More sharing options...
rmc523 Posted June 13, 2021 Share Posted June 13, 2021 38 minutes ago, Harley Lover said: Bah humbug lol. There's clearly not much more news on the topic. Quote Link to comment Share on other sites More sharing options...
mgoelectric Posted June 18, 2021 Share Posted June 18, 2021 On 6/11/2021 at 2:30 AM, jpd80 said: Or, just make your computers more secure by a few simple things and then, the problem goes away…. Those days have long past. If you're an interesting target, you have to do many, many complicated things to properly secure yourself. Quote Link to comment Share on other sites More sharing options...
paintguy Posted June 19, 2021 Share Posted June 19, 2021 (edited) On 6/11/2021 at 7:34 AM, jpd80 said: Local University of Florida Shands Hospital System was hacked couple weeks ago and everything is now done by paper and pencil until further notice. Edited June 19, 2021 by paintguy 1 Quote Link to comment Share on other sites More sharing options...
jpd80 Posted June 19, 2021 Share Posted June 19, 2021 27 minutes ago, paintguy said: On 6/11/2021 at 7:34 AM, jpd80 said: Local University of Florida Shands Hospital System was hacked couple weeks ago and everything is now done by paper and pencil until further notice. OMG, are you serious?? Quote Link to comment Share on other sites More sharing options...
FordBuyer Posted June 20, 2021 Share Posted June 20, 2021 In Farley's most recent statement, he said he doesn't expect the chip shortage to significantly improve until 2022 and even then Ford is NOT going back to the old business model of over producing and then offering big rebates to move product. However, I will believe that when I see it. Old habits are hard to break. Ford though is enjoying the higher transaction prices. 1 Quote Link to comment Share on other sites More sharing options...
Harley Lover Posted June 20, 2021 Share Posted June 20, 2021 4 hours ago, FordBuyer said: In Farley's most recent statement, he said he doesn't expect the chip shortage to significantly improve until 2022 and even then Ford is NOT going back to the old business model of over producing and then offering big rebates to move product. However, I will believe that when I see it. Old habits are hard to break. Ford though is enjoying the higher transaction prices. Ford do not operate in a bubble. To the extent that they are obligated to compete for a sale, they will return to (big) rebates. To the extent that the product offering is unique, perhaps they can mitigate their participation. 1 Quote Link to comment Share on other sites More sharing options...
HotRunrGuy Posted June 20, 2021 Share Posted June 20, 2021 4 hours ago, FordBuyer said: Ford though is enjoying the higher transaction prices. As has been explained many times, Ford does not sell direct, they sell their products to their dealers. So, other than the elimination of rebates and PCO's, how is Ford directly benefiting from higher ATP's? Isn't it the dealerships that are benefiting from selling at MSRP or adding ADM's? Or is Ford raising the invoice prices that the dealers pay for the vehicle? HRG Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.