Listening to cybersecurity people freak out over Mythos is so tiring.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech Not to mention that this isn't new...LLMs have been able to do this since day one. And small models found the same vulnerabilities in FreeBSD ¯\_(ツ)_/¯
Also, from what I understand Mythos couldn't actually make an exploit for that bug, sooooooo big marketing stink imho.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech
You don't need mythos if your employees (or politicians) click shady links in their messaging apps -
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech I liked the days when we were panicking about China listening in on all our telephone calls / scooping up our mobile data.
Now we just talk directly to some American company's AI and ask them to diagnose our medical problems that we're too embarrassed to see a real doctor for.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech now now, don't be raggin' on my local water treatment plant, they're much more up to date than that. they run Windows Vista.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech I truly don't understand it. CISOs and managers are jizzing themselves from snake oil is not new but form technical people I'd expect more.
-
@malwaretech now now, don't be raggin' on my local water treatment plant, they're much more up to date than that. they run Windows Vista.
@malwaretech (don't ask about the Windows NT4 machine in the PLC cabinet. nobody knows what it does but we're all too scared to turn it off in case the 5GB Maxtor hard drive in there dies during spinup)
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech I think you underestimate how ancient some of us are. I'm definitely older than anything my mobile provider owns, cos I'm older than the industry.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech my rule of thumb is AI is applied to those things that the powers that be don't actually give a shit about, and have only pretended to up until this point.
If the powers that be actually gave a shit about security models wouldn't have any low hanging fruit to exploit for the headlines -
@malwaretech (don't ask about the Windows NT4 machine in the PLC cabinet. nobody knows what it does but we're all too scared to turn it off in case the 5GB Maxtor hard drive in there dies during spinup)
@gsuberland @malwaretech it's scary 'cause it's true 🫣
-
@gsuberland @malwaretech it's scary 'cause it's true 🫣
@floe @malwaretech it's based on real events
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
"Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench"
(Gene Spafford)
-
@floe @malwaretech it's based on real events
@floe @malwaretech you know it's great when you walk into the place and someone immediately hands you a piece of paper with both the IP address and MAC address of this thing and says "do not send ANYTHING to this machine, we are terrified of breaking it"
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech My current workplace has Windows 9x machines still in active use. And they're on a network with Internet access. Same with the XP ones. And by the looks of it, there will be HUNDREDS of W10 machines that will be in use well after October this year (in the EU, so we're still covered).
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech can we also talk about how card payments are basically handing your wallet to the store and trusting them to only take what they're owed? -
@sancla but instead of investing in the maintainers of OpenSource projects, so they can work on security, instead of focusing on building more resilient infrastructure, the capital made available to improve security will be put into deploying AI-driven endpoint security and DLP tools and to hire "security experts" whose sole skill is tokenmaxxing and role-playing as cyberdefense-pro!
@eliasp @malwaretech
Most like yes, but either way focus is getting stronger on supply chains.Hopefully, it’ll get companies depending on open source scratching their heads abut this and get them more involved into open source.
Then again, corporate involvement may not always be the best influence for open source, time will tell and fingers crossed…
-
@malwaretech I don’t care, if this puts security back on the agenda, I’ll take it…
@sancla @malwaretech This is like the dozen or so times before it when dudes in the C-suite have gone all-in on some hype technology, product, or cyberattack instead of doing basic things like vulnerability and patch management. This kind of “agenda” we don’t need.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech I work in a large company that was hacked last year. Many modern systems were compromised. The RS6000 box and several of our ancient mainframes were untouched and weren't even turned off during the lockdown or recovery. Gave them a quick once over and they kept ticking like it was 1999.
-
@floe @malwaretech you know it's great when you walk into the place and someone immediately hands you a piece of paper with both the IP address and MAC address of this thing and says "do not send ANYTHING to this machine, we are terrified of breaking it"
@gsuberland @floe @malwaretech And two days later the hired tiger team launched a full vulnerability scan against it … because … tiger team manager did not communicate. Banking system down for a few days…
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech until recently, all ATMs ran a crazy version of Windows XP and now they run a crazy "IoT" version of Windows 11. Instead, of, say, something like SELinux. Something halfway sane.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech I think it would be kinda cool.
