nanog mailing list archives
Re: Can somebody explain these ransomwear attacks?
From: Saku Ytti <saku () ytti fi>
Date: Sun, 27 Jun 2021 10:35:39 +0300
On Sun, 27 Jun 2021 at 08:53, Jakob Heitz (jheitz) via NANOG <nanog () nanog org> wrote:
Finding vulnerabilities and how to exploit them to run malware in closed source code is nigh on impossible.
I'm not entirely sure if I understood this statement right. Of course you are aware that every closed source project is breached by bored hobbyists given the slightest motivation. Ref: pwn2own or entirety of infosec history. We have no historic knowledge of how to build software that is robust enough to withstand an attack from someone motivated by boredom. We have a lot of finger pointing about 'code it right' and a lot of religious rituals which somehow are needed for infosec to succeed, and it still never does. Now let's assume there are some better motivations than boredom, and we must assume the quality of attacks is higher than what we see in things like pwn2own. How many dollars must the defender use per dollar used by the attacker? And is this leverage difference higher than the cost of realised risk? -- ++ytti
Current thread:
- RE: Can somebody explain these ransomwear attacks?, (continued)
- RE: Can somebody explain these ransomwear attacks? Jean St-Laurent via NANOG (Jun 25)
- Re: Can somebody explain these ransomwear attacks? Don Gould (Jun 25)
- Re: Can somebody explain these ransomwear attacks? Valdis Klētnieks (Jun 26)
- Re: Can somebody explain these ransomwear attacks? Michael Thomas (Jun 26)
- OT: Re: Can somebody explain these ransomwear attacks? Karl Auer (Jun 24)
- Re: OT: Re: Can somebody explain these ransomwear attacks? Michael Thomas (Jun 24)
- Re: OT: Re: Can somebody explain these ransomwear attacks? scott (Jun 24)
- Re: OT: Re: Can somebody explain these ransomwear attacks? Michael Thomas (Jun 24)
- Re: Can somebody explain these ransomwear attacks? Alex K. (Jun 28)
- Re: Can somebody explain these ransomwear attacks? Mike Meredith via NANOG (Jun 28)
- Re: Can somebody explain these ransomwear attacks? Jakob Heitz (jheitz) via NANOG (Jun 26)
- Re: Can somebody explain these ransomwear attacks? Saku Ytti (Jun 27)
- Re: Can somebody explain these ransomwear attacks? Randy Bush (Jun 27)