Jump to content





J-Hop

Light at the end of the chip shortage.....hope this is true....

Recommended Posts

2 hours ago, jpd80 said:

it would help immensely if leaders of critical infrastructure would get their act together and strengthen access to their sites. Two step authorisation is a pain but it seems to stop a lot of scammers in their tracks.

 

I work in Cybersecurity and the issue is just funding and getting people to buy off on it...heck I work for a branch of the DOD and its been a major challenge to get leadership to buy off on things. 

 

There are alot of things companies can start doing, but it all involves costs of support and IT is often viewed a non profit center and is starved of funding because of that. 

 

Its the old spend $100 to stop an attack that costs $1 for the attacker to do.

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, paintguy said:

Hard to separate out, as these nations appear to make little effort to stem these gangs. Add that to the fact that foreign companies in these countries operate as partnerships with approved local companies. Don't see that in the US. Gives the impression that in these "Iron Curtain" countries nothing happens without government knowledge. 

That may or may not be so as ransomware seems like a small time criminal endeavour in a dysfunctional political system where as  state sanctioned malicious acts tend to be more outright  crippling of infrastructure with no demand for payment 

Edited by jpd80

Share this post


Link to post
Share on other sites
2 hours ago, jpd80 said:

That may or may not be so as ransomware seems like a small time criminal endeavour in a dysfunctional political system where as  state sanctioned malicious acts tend to be more outright  crippling of infrastructure with no demand for payment 

Time to put pressure on the “dysfunctional political system” to crack down on the criminal endeavors.  They do it because they can get away with it.

Share this post


Link to post
Share on other sites
3 hours ago, slemke said:

Time to put pressure on the “dysfunctional political system” to crack down on the criminal endeavors.  They do it because they can get away with it.

Or, just make your computers more secure by a few simple things and then, the problem goes away….

Share this post


Link to post
Share on other sites
5 hours ago, slemke said:

Time to put pressure on the “dysfunctional political system” to crack down on the criminal endeavors.  They do it because they can get away with it.


HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

 

Oh man that's a good one. 
 

You can't expect the system to change anything when they don't even follow their own rules

Share this post


Link to post
Share on other sites
5 hours ago, jpd80 said:

Or, just make your computers more secure by a few simple things and then, the problem goes away….

Easier said than done.  Some of the problems are baked into the architecture.  The folks will just move on and find the next vulnerability.  It’s a never ending game of one up man ship.  As Silversvt stated, spend $100 to ward off an attack that cost $1.

 

In the end, it will be a combination of tighter computer security and government crackdown on the criminals.  As Fuzzy eloquently stated that’s not likely to happen in Russia, China, Iran, etc anytime soon.  Only if it benefits them will they do anything about it.

Share this post


Link to post
Share on other sites
13 minutes ago, slemke said:

Easier said than done.  Some of the problems are baked into the architecture.  The folks will just move on and find the next vulnerability.  It’s a never ending game of one up man ship.  As Silversvt stated, spend $100 to ward off an attack that cost $1.

 

In the end, it will be a combination of tighter computer security and government crackdown on the criminals.  As Fuzzy eloquently stated that’s not likely to happen in Russia, China, Iran, etc anytime soon.  Only if it benefits them will they do anything about it.

 

The issue is that too many people don't understand Risk assessment-You can tighten up your security based on the threat (educate your users on basic cybersecurity, etc) and cover 80-90% of the threat instead of chasing down 100%, which is impossible. Better to be good then perfect and the only thing you have to worry about are Black Swan style events then. 

 

But the bigger issue is that you need to get a baseline first and identify your weaknesses first. 

Share this post


Link to post
Share on other sites
7 minutes ago, silvrsvt said:

 

The issue is that too many people don't understand Risk assessment-You can tighten up your security based on the threat (educate your users on basic cybersecurity, etc) and cover 80-90% of the threat instead of chasing down 100%, which is impossible. Better to be good then perfect and the only thing you have to worry about are Black Swan style events then. 

 

But the bigger issue is that you need to get a baseline first and identify your weaknesses first. 

Also, the issue is larger companies and those with a lot to lose should be doubling down on security.

Share this post


Link to post
Share on other sites
18 hours ago, silvrsvt said:

 

I have a friend who sells stone to contractors and he was saying the same thing about masonry...they are about two months out from running out of things. 

 

Stuff that only took 2-3 days to get is easily doubling that now and selection is limited. 

 

This summer should be interesting on how shortages play out. 

 

All new home construction completion has stopped here because of lack of electrical wire. In a normal year over 2,000 homes are built in this area of Central FL. Now none. Big blow to local economy.

 

On a good note, Mullinax Ford has taken delivery of at least 100 new Fords in last 2 weeks and inventory has grown modestly. Mostly FSeries, Escape, and BS.

Share this post


Link to post
Share on other sites
1 hour ago, jpd80 said:

Also, the issue is larger companies and those with a lot to lose should be doubling down on security.

 

Local University of Florida Shands Hospital System was hacked couple weeks ago and everything is now done by paper and pencil until further notice. 

Share this post


Link to post
Share on other sites
1 hour ago, jpd80 said:

Also, the issue is larger companies and those with a lot to lose should be doubling down on security.


There are 3 basic levels of IT security.

 

Network (firewalls) - denies access and limits scope of access

System (OS) - denies entry if they do manage to get network access

Application - limits what they can do if they get into the system.

 

Seems to me infrastructure controllers would be fairly static.  I would have a clean copy of the app on standby (powered down/off the network) so that you could effectively just wipe any compromised systems and start over (hopefully after identifying and fixing the vulnerability).  This is pretty easy to do in the cloud but can also be done with hardware.

 

It can also be done with transaction processing systems with a lot of real time data updates but it’s much harder.

 

The question isn’t can they get in.  The question is when they get in what are you going to do about it.

Share this post


Link to post
Share on other sites
9 minutes ago, akirby said:


There are 3 basic levels of IT security.

 

Network (firewalls) - denies access and limits scope of access

System (OS) - denies entry if they do manage to get network access

Application - limits what they can do if they get into the system.

 

Seems to me infrastructure controllers would be fairly static.  I would have a clean copy of the app on standby (powered down/off the network) so that you could effectively just wipe any compromised systems and start over (hopefully after identifying and fixing the vulnerability).  This is pretty easy to do in the cloud but can also be done with hardware.

 

It can also be done with transaction processing systems with a lot of real time data updates but it’s much harder.

 

The question isn’t can they get in.  The question is when they get in what are you going to do about it.

Perhaps critical infrastructure should not be linked to the internet but to its own intranet with no actual

connection to the outside world but the problem remains with need for remote login for employees.

Share this post


Link to post
Share on other sites
46 minutes ago, akirby said:


There are 3 basic levels of IT security.

 

Network (firewalls) - denies access and limits scope of access

System (OS) - denies entry if they do manage to get network access

Application - limits what they can do if they get into the system.

 

Seems to me infrastructure controllers would be fairly static.  I would have a clean copy of the app on standby (powered down/off the network) so that you could effectively just wipe any compromised systems and start over (hopefully after identifying and fixing the vulnerability).  This is pretty easy to do in the cloud but can also be done with hardware.

 

It can also be done with transaction processing systems with a lot of real time data updates but it’s much harder.

 

The question isn’t can they get in.  The question is when they get in what are you going to do about it.

 

You can't forget people. Education is key. You can have the most secure infrastructure in place but a phone call or email to a gullible employee can be your weakest link. We have an security team that randomly "tests" people. You fail a few of those tests, you get no bonus. If you get fooled again, out of the job.

 

You would be surprised on how many of these hacks are not buy exploiting infrastructure security, more exploiting the weakness of employees. It's all over once they are in.

Share this post


Link to post
Share on other sites
9 minutes ago, jcartwright99 said:

 

You can't forget people. Education is key. You can have the most secure infrastructure in place but a phone call or email to a gullible employee can be your weakest link. We have an security team that randomly "tests" people. You fail a few of those tests, you get no bonus. If you get fooled again, out of the job.

 

You would be surprised on how many of these hacks are not buy exploiting infrastructure security, more exploiting the weakness of employees. It's all over once they are in.

Our weakest link was managers.  Doing stupid stuff with emails.  Everyone else did the training too but complied.  

Share this post


Link to post
Share on other sites
15 minutes ago, jcartwright99 said:

 

You can't forget people. Education is key. You can have the most secure infrastructure in place but a phone call or email to a gullible employee can be your weakest link. We have an security team that randomly "tests" people. You fail a few of those tests, you get no bonus. If you get fooled again, out of the job.

 

You would be surprised on how many of these hacks are not buy exploiting infrastructure security, more exploiting the weakness of employees. It's all over once they are in.

 

At another job I worked at, we had a plugin for Outlook that you could report phishing emails with. They used to send out fake emails to test employees everyone once in a while. The site I was at did pretty well, but I'd also used to brief new employees and gave Phishing email and other security classes to the people there. Plus we had just under 100 employees, so it was simpler to keep track of them and alot of them (they where assemblers for electronics) didn't even use their emails at their terminals LOL. 

Share this post


Link to post
Share on other sites
15 hours ago, fuzzymoomoo said:


HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

 

Oh man that's a good one. 
 

You can't expect the system to change anything when they don't even follow their own rules

 

"Do as I say, not as I do"

Share this post


Link to post
Share on other sites

 Back in the 90s my buddy saw a developer was surfing porn in the office (on the router).  It wasn’t a big deal back then so he just went to him and said no big deal just don’t do it any more.  He denied it.  My buddy said look we know it was you (by the IP address) but he continued to deny it.  He said you can’t prove it!

 

My buddy called his boss and said fire him.   For surfing porn?  No for being an idiot.

Share this post


Link to post
Share on other sites
38 minutes ago, Harley Lover said:

 

Bah humbug lol.

 

There's clearly not much more news on the topic.

Share this post


Link to post
Share on other sites
On 6/11/2021 at 2:30 AM, jpd80 said:

 Or, just make your computers more secure by a few simple things and then, the problem goes away….

Those days have long past. If you're an interesting target, you have to do many, many complicated things to properly secure yourself.

Share this post


Link to post
Share on other sites
  On 6/11/2021 at 7:34 AM, jpd80 said:

 

Local University of Florida Shands Hospital System was hacked couple weeks ago and everything is now done by paper and pencil until further notice. 

  •  

computer.jpg

Edited by paintguy

Share this post


Link to post
Share on other sites
27 minutes ago, paintguy said:
  On 6/11/2021 at 7:34 AM, jpd80 said:

 

Local University of Florida Shands Hospital System was hacked couple weeks ago and everything is now done by paper and pencil until further notice. 

  •  

 

OMG, are you serious??

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×