Let's roll the 3d6 dice on today's security drama: Ah, 15, that's LG allegedly hacked, source code stolen by Maze ransomware gang Maze ransomware masterminds claim to have stolen source code from LG after hacking into the electronics giant. Researchers at security outfit Cyble clocked screenshots of files, apparently swiped from LG's internal network, posted on the malware gang's website, where the miscreants boast about their victims. "Soon you’ll be …
“ Was the Register's reply that it's obvious that they don't?”
Is it only companies that randomly haven’t been hacked yet that obviously take security seriously?
LG could have taken it seriously but one of their trusted partners had a lapse. There could be many other reasons including an employee who is meant to have that access.
Jumping to conclusions gets people killed.
@Jan 0
That's a new keyboard you owe me.
At least someone knows what they company was called before marketing re-branded it Life's Good to make it more palatable to European markets that don't get all this luck and 8's thing that is common in the far east.
Clint Eastwood also springs to mind "So, Do you feel lucky Punk ?!" and I guess that applies to both sides in this game of Chicken, but who will prevail ? Personally, I say don't pay the scumbags.
Conversely, though if it does get released, then I'm wondering if any of the code will contain keys or backdoor accounts that would be very interesting from a security perspective for all the Internet of Tat that is not upgradeable.
Hopefully after a couple of leaks like this, companies of such devices will see that upgrade ability is a key requirement for any device in the 2020's and beyond.
So from a consumer perspective, we win in both scenarios.
LG open-sources their phones and appliances, 3rd party support comes to life, and their hardware works however people want it to.
OK, reality is more like LG asking everyone to install a sketchy unsigned Windows driver to patch firmware vulnerabilities as they're disclosed. The driver will have vulnerabilities too.
They are not untraceable. They are, however, not in the same country as LG HQ, therefor law enforcement cannot do anything locally and international cooperation on that front is nearly non-existant.
So being a criminal on the Internet is basically without consequence, as long as you don't attack anything in the country where you reside.
Lets see
1) Nothing was 'stolen'
2) Good companies have nothing to hide, and can cope with embarrassment
3) External code reviews do no harm - at least not to LG who have super low market share in the mobile market and have admitted to noncompetitive agreements signed with suppliers, but not disclosed to the relevant authorities.
4) Blackmail is not a problem if you have done nothing wrong
5) It's a company not a person - so hopefully nude selfies are not on the company server
6) Whatever happened occurred on an approved and signed off risk plan - indicating management accepted the risk anyway.
7) May use of lessons learnt - and move on to be better. PR will do the cleaning.
why rolling 3d6 is used in this context (the 'd' in 3d6 actually stands for 'dice' so the headline makes little sense anyway).
Surely that must be a reference to generating character traits in the D&D game system?
A determination of success or failure in such a system would be a 1d20 roll, which is also the same roll as 'a saving throw', which is scored against the appropriate aforementioned character trait. In this case it would make more sense as a saving throw against a spell or magical attack rather than a physical one, but there is no saving throw against the Maze spell... at least not in the first round following a successful cast. In later editions, there's a roll against the victim's intelligence once per round for every subsequent round, up to 10. But in plain old AD&D, the victim was trapped for a period simply determined by their intelligence.
Am I missing something?
They'll leak the sourcecode and device signing certificates for my 2018 model TV. Then I can go about resolving the numerous software issues it has.
UI blocking on network events, Random reboots, Forgets Freeview channels once a week, frequently needs reconnecting to my wifi, Forgets it has a soundbar attached.....sometimes won't come out of standby without a cold reboot.
From a hardware perspective it's still all fine, and between the required reboots it performs well, but we are still pretty much ready to scrap it because its stability gets worse with every software update LG have pushed to it.
Lucky-Goldstar? It's Lucky if I can go one day without the thing crashing, I won't touch another device from LG.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
