
So...
... We should expect to see a flurry of patches from Cisco et al, sans back doors?
The head of America's Federal Communications Commission (FCC) wants to force telecoms operators to tighten network security in the wake of the Salt Typhoon revelations, and to submit an annual report detailing measures taken. Jessica Rosenworcel, outgoing chair of the US telecoms regulator, has proposed rules that would …
Does that mean an increase in the likelihood of Cisco Bricks as a bricked router is more secure than one that continues routing no matter what you do with it?
How many times is a back door the only way in once credentials have failed to be managed correctly?
No resetting to factory defaults as we all know that factory defaults are usually insecure.
It may be that the only way to sanely improve security is the improve the security of peoples use of technology rather than trying to improve the security of the technology itself.
I can count on one hand the number of times I have experienced viruses on my devices, and I remember installing and using Netscape.
I never knew what was so hard about avoiding online nasties. I still managed to download and install cracked software without being burned.I trawled for porn, and various free movies and books.
Avoiding the bad stuff was just like avoiding stepping in dog crap while walking in the dog park. It only takes a little situational awareness and a comprehension of how your can be attacked.
I think trying to secure against stupid, or developing for stupid, or trying to sell to stupid, or catering to stupid, or appealing to stupid, just creates more stupid.
"I think trying to secure against stupid, or developing for stupid, or trying to sell to stupid, or catering to stupid, or appealing to stupid, just creates more stupid.”
Hear, hear!
The number of times (including half an hour ago, f@#cking Roku!) I've been nearly reduced to tears because something was made to only be used by idiots (and therefore entirely alienating anyone who has even half a brain) is startling.
There seems and awful lot of disconnect in the US, particularly about how to go about addressing the myriad regulated industries and bringing a level of cyber maturity that would go a long way to help reduce or prevent this happening with the regularity it appears to be in the US.
Of course, there are an awful lot more targets to choose from by volume, however, as loathe as I am to say this, the EU has taken great steps in trying to bring about some order into CNI and other critical industries that would affect you and I and the rest of Joe Public.
I am surprised in the US, that given the reams of frameworks published by NIST, that they aren't deployed more universally and the basics of NIST CSF aren't more ubiquitous.
Food for thought and YMMV of course.