"the Biden administration on Tuesday announced a 100-day plan to improve [,,] cybersecurity"
Is it me, or are we suddenly no longer hearing about the importance of backdooring encryption ?
Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day flaw that won't be patched until next month. On Tuesday, IT software supplier Ivanti, the parent of …
Find me an AG that's not calling for it, and I'll find you an elephant with donkey ears.
EVERY AG has called for it since Janet Reno (Bill Clinton). And the only reason that it started then was because civilian encryption really was not a thing until then.
This is NOT a partisan issue. If you make it one, then sooner or later, the other part will be in charge & force-feed you the Kool-aid.
So, you're not only wrong, you're dangerously wrong.
Wait until the next terrorist attack, the FBI will trot out the same arguments it has used for 25 years. I'm surprised we haven't heard it about the Jan. 6 insurrection yet, but I wouldn't rule that out. Identifying who was there by all the photos/video posted everywhere has been the easy part, proving advance planning will be a lot harder since a lot of it will have taken place via encrypted messaging. Even if incriminating stuff wasn't deleted before they were eventually arrested, the FBI may have trouble gaining access to seized devices or messaging apps may have a second level of encryption.
Now that they have reportedly flipped a founding member of the Oath Keepers they'll no doubt get plenty of insider details from the group that provided "security" for Roger Stone on the 6th. But if the FBI found something they wanted to back up his claims with electronic evidence, they'll only have the flipper's end of encrypted communications - and that assumes he hadn't deleted it prior to his decision to flip. If for example he fingered Roger Stone or Rudy Guliani as having been involved in planning that day, and the FBI thinks hard evidence proving it is hiding behind encryption or devices they can't break, we'll be treated to another round of "we need backdoors for law enforcement".
While there is no mechanism to prevent zero days, Secure VPN had patched severe vulnerabilities years ago and they were still being exploited today because some companies (and, possibly, governments) ignored the warnings and the patches.
Too many companies and governments are unwilling to devote time and money to security. As a result, its happened again and will happen again in the future.
I wonder how many intelligence agencies knew of this vulnerability? I assume Pulse Secure VPN is on all their target lists. The second attack against Europe might have been Russia but, given its history, it could also have been the NSA.
for companies to put the blame on powerfull state-sponsored actors in order to deflect attention from their crap security. Just take a look a SolarWinds "Russia did it" justification that conveniently hides the fact they were using hilariously weak passwords and never bothered to have adequate security controls in place (I am fully aware this is not a reason to hack their systems). I'm not saying Russian hackers did not do it, but going straight to Kremlin each time this happens becomes tiresome after a while.
>but going straight to the Kremlin each time this happens becomes tiresome after a while.
Its also subtly pushing the idea of a opaque nest of villianry that is all knowing, all seeing, all capable and ready to instantly exploit any and every vulnderability. Leaving aside the notion that if you leave the door open then literally anyone and anything will walk in, state sponsored or not, the idea that government in other countries is signiifcantly more capable and competent than governemtn in our own country is plain ludicrous.
There's ample evidence to suggest that spooks -- the vairous intelliegence agencies -- live in a world entirely of their own invention. A cyber version of "Spy vs Spy", perhaps?
"Coincidentally, the Biden administration on Tuesday announced a 100-day plan to improve the cybersecurity of US electric infrastructure, part of its broader commitment to shore up cybersecurity across multiple sectors."
Suddenly we will all be safer because the government is here to help. /s