April 28, 2014
As you can see, the odds of a category 4 user being breached
on any given day is 1 in 50,000.
That is: under extremely lax, near-zero IT control—has admin password to
elevate, no perimeter firewall outbound restriction, no group policy, no
proxy server, no URL blocking, and OS auto-updates disabled.
Yeah, yeah... we're constantly bracing for the onslaught of the next wave of
victims. But, that's life... yawn...
|
New Victims
expected within... |
Next Yearly |
Next Day |
Internet users worldwide |
35,000,000,000
|
210,000,000
|
700,000
|
Internet users in the USA |
275,000,000 |
1,650,000
|
5,500
|
Ignore
the noise.
|
My industry is worse than the auto repair trade of the 80s and pretty
much just like the medical industry at the turn of the century. Vast
majority of the practitioners range from mediocre to fraudulent.
High fudgeability
+ ubiquity = charlatans aplenty
|
|
|
Sam C. Chan 2004,
on Technology |
|
Once in a great while, a real and
applicable issue comes along, and those garden variety mountebanks
hardly bat an eyelid, as they fundamentally lack comprehension. They
prefer instead, to hop on the bandwagon and milk the sensational talking
points all they can. My partial list of pertinent concepts:
- attacker's perspective: impetus, payoff vs. efforts threshold
- targeted attacks vs. random exploits vs. pranks
- exploiting technical vulnerabilities—naturally ineffective,
thus oft eschewed
- social engineering
- low-hanging fruits
- defense in depth—delay, alarm, discourage, isolate, preserve
- scenario applicability
- security in obscurity
- futility of brute force, both in offense and defense
- irrelevance of particular products—it's the nature of things,
stupid!
- invincibility is illusive (and needless in the first place)
- perils of promiscuous patching
- dearth of basic comprehension and perspectives
- don't conflate "authority"/publicity with knowledge
- perfect air-tight system of perpetual waste, deceptions & mutual
destructions (government, media, pundits, click revenue generators,
product vendors, consultants, IT directors, hobbyists and computer
handymen)
|