undefined | Better HN

0 pointsfollie2d ago0 comments

This has nothing to do with the reality of computer security. Not getting hacked requires doing everything right and some luck. Hacking requires some luck or doing one thing right.

0 comments

dathinab2d ago

The problem is to hack something you need to know the what, where, who.

Companies have a very visible what, where, who in most cases.

Hacker don't, and take extra steps to obscure it (e.g. jump hosts, bot nets etc.).

Now if it's idk. a spear phishing campaign or similar "hacking back" by giving them trapped data or reverse social engineering attacks might work.

But if it's a technical security vulnerability some one found by scanning and sneaked into using multi-country jump hosts and cleaned up behind them. Then you have little chances to find them and to do so likely requires getting information from telcoms which require judge orders to be handed over, and from multiple countries, too.

follieOP2d ago

Sure though I would view that as a separate problem with the idea of asking anyone to target attackers.. Everyone is an equally good psychic some believe they are better than others.

OutOfHere2d ago

Extending your logic, highly debatable as it is, a firm should first of all be hacking itself constantly via red teaming. This will help it discover and perhaps fix issues that external hackers can otherwise exploit. This self-offense is a means of defense.

follieOP1d ago

Every company that meets modern regulations runs scanners that identify some attacks against themselves. The scanners sold to them stop there because it is liability to do anything beyond that. You don't have to be a genius to use Telegram instead of Teams you'll simply be fired for taking risks with better tools for the job than organizations and governments want to be acceptable and routine if you are in a Western regulated industry.

Announce a change that is believable and all the corporate software will change to match the utility that is no longer a liability.

whatevaa2d ago

It applies to more things than computer security. Best defense is offense is a very old and broad say.

dathinab2d ago

it's also why Germany started WW1 and what made it easy to put all the blame on them (after WW1, WW2 is a different thing)

and also is related to common war crimes iff in a conflict combatants frequently hide as civilians (as a defense by offense will sooner or later lead to attacking random civilians due to mistaking them for hidden combatants)

so I would take that saying with a bit of salt

conductr2d ago

Guerrilla warfare strategies undercut old saying like this and are essentially what these hacker groups represent

j / k navigate · click thread line to collapse

0 comments

dathinab2d ago

The problem is to hack something you need to know the what, where, who.

Companies have a very visible what, where, who in most cases.

Hacker don't, and take extra steps to obscure it (e.g. jump hosts, bot nets etc.).

Now if it's idk. a spear phishing campaign or similar "hacking back" by giving them trapped data or reverse social engineering attacks might work.

follieOP2d ago

Sure though I would view that as a separate problem with the idea of asking anyone to target attackers.. Everyone is an equally good psychic some believe they are better than others.

OutOfHere2d ago

follieOP1d ago

Announce a change that is believable and all the corporate software will change to match the utility that is no longer a liability.

whatevaa2d ago

It applies to more things than computer security. Best defense is offense is a very old and broad say.

dathinab2d ago

it's also why Germany started WW1 and what made it easy to put all the blame on them (after WW1, WW2 is a different thing)

so I would take that saying with a bit of salt

conductr2d ago

Guerrilla warfare strategies undercut old saying like this and are essentially what these hacker groups represent

j / k navigate · click thread line to collapse