Cybersecurity

7194 readers

72 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Unending ransomware attacks are a symptom, not the illness (www.theregister.com)

submitted 3 days ago by floofloof@lemmy.ca to c/cybersecurity@sh.itjust.works

8 comments fedilink hide all child comments

top 8 comments

sorted by: hot top controversial new old

[–] Onomatopoeia@lemmy.cafe 11 points 3 days ago

If security were at the front of development efforts, this would be far less of an issue. I've said it since the 90's.

Tcp/IP was intentionally released without encryption with the argument that routing hardware lacked the necessary performance to handle it (which wasn't incorrect, just misleading).

Windows at least was originally built as a single-user system on a disconnected computer. Though Window NT and it's children have no excuse for not having stronger security models from the start (especially since it's essentially a fork of DEC Alpha).

[–] x00z@lemmy.world 3 points 3 days ago (3 children)

It should be highly illegal to pay the ransomware gangs. And it shouldn't even be possible to move the money for it around.

[–] mindbleach@sh.itjust.works 3 points 3 days ago

Jail the victims! Fucking brilliant!

Fuck out.

[–] untakenusername@sh.itjust.works 4 points 3 days ago (1 children)

while that would probably fix this problem, it would only work if it could be enforced. which it couldn't be, because crypto exists

[–] x00z@lemmy.world 1 points 3 days ago (1 children)

Well but their money should be accountable somewhere. You'd have to commit fraud to hide it.

[–] untakenusername@sh.itjust.works 2 points 3 days ago (1 children)

what I'm imagining is that the attackers could make their wallet address public, and tell the company that they would fix everything or whatever if a sum of money magically appeared in their account. If the owner of the company privately held some crypto, they could pay them off the books and go around the law you were proposing.

[–] x00z@lemmy.world 1 points 3 days ago

I feel you but it would be very suspicious for the CEO to magically find the correct decryption key when the whole company is offline. The more employees you have the harder it will be to do it silently. Plus it would stop most companies from doing so. So the few that would still do it are just dumb. Some countries already have this law afaik.

[–] Brylant@discuss.online 1 points 3 days ago

Ok glowie