Listening to cybersecurity people freak out over Mythos is so tiring.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech@infosec.exchange It's awesome everyone focuses on new exploits and zero-day attacks while their company's leaders will just blithely follow any link in an e-mail sent to them.
-
@malwaretech I think you underestimate how ancient some of us are. I'm definitely older than anything my mobile provider owns, cos I'm older than the industry.
Indeed, all us fossils live here on Mastodon, it's the only social media we can still stand.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech excellent point.
A lot of infrastructure runs outdated software.
But thankfully, most of these systems are not connected to the internet.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech Can I quote you on that?
-
@malwaretech@infosec.exchange It's awesome everyone focuses on new exploits and zero-day attacks while their company's leaders will just blithely follow any link in an e-mail sent to them.
@steff @malwaretech And all six hundred AWS instances have port 22/tcpb exposed on public IP addresses, and use password authentication.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech That's the new meta strategy man. When the execs ask "What are you doing to protect against mythos?!" Just pull out the OWASP top ten.
-
@malwaretech excellent point.
A lot of infrastructure runs outdated software.
But thankfully, most of these systems are not connected to the internet.
@Wouter @malwaretech If only that were true.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech I think you're right about the hype level but I think there is something to the idea that all of the places which were gambling on obscurity as their primary defense are probably going to find that strategy looks even worse.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech The Internet being held together by string and bubble gum is not far from the truth.
-
P pixelate@tweesecake.social shared this topic
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech so true
-
@Wouter @malwaretech If only that were true.
@drwho @malwaretech
That is a problem from a cybersecurity standpoint. -
@drwho @malwaretech
That is a problem from a cybersecurity standpoint.@Wouter @malwaretech No kidding. The entire community has been lamenting this for two decades now.
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
Fuck Mythos and marketing bullshit, but AI that immensely reduces time-to-exploit is real. Companies are not prepared for it.
-
@eliasp @malwaretech
Most like yes, but either way focus is getting stronger on supply chains.Hopefully, it’ll get companies depending on open source scratching their heads abut this and get them more involved into open source.
Then again, corporate involvement may not always be the best influence for open source, time will tell and fingers crossed…
@sancla @eliasp @malwaretech it will get lots of companies drop some of their open source tools/libraries for proprietary ones, where they can then shift the blame onto some other company when things go south.
-
@malwaretech until recently, all ATMs ran a crazy version of Windows XP and now they run a crazy "IoT" version of Windows 11. Instead, of, say, something like SELinux. Something halfway sane.
@mossyfoot @malwaretech As recently as this week, I used an ATM which had that "please activate Windows" watermark visible in the corner of the screen. (At least the other bank AFAIK uses Linux for its ATMs, replacing the OS/2 they used previously.)
-
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
@malwaretech be fair! We secured BGP with lots of crypto, but then left an XSS exploit in the crypto control panel allowing your entire network to get de-routed with one mis-click. https://mxsasha.eu/posts/ripe-ncc-rpki-exploit-chain/
-
@mossyfoot @malwaretech As recently as this week, I used an ATM which had that "please activate Windows" watermark visible in the corner of the screen. (At least the other bank AFAIK uses Linux for its ATMs, replacing the OS/2 they used previously.)
@cesarb @malwaretech oh wow. I haven't seen an OS/2 warp machine in a long time.
-
Indeed, all us fossils live here on Mastodon, it's the only social media we can still stand.
@darwinwoodka @nav @malwaretech
Indeed, 'tis true.
-
@gsuberland @floe @malwaretech And two days later the hired tiger team launched a full vulnerability scan against it … because … tiger team manager did not communicate. Banking system down for a few days…
@ErikBussink @gsuberland @floe @malwaretech
"We're being scanned, Captain."
"Shut it down. Shut it all down."
🫡
-
@darwinwoodka @nav @malwaretech
Indeed, 'tis true.
@IAmDannyBoling @darwinwoodka @nav @malwaretech
One of my classmates in high school borrowed his dad's "portable" phone now and then. It looked like this one:
