77% of security leaders fear we’re in perpetual cyberwar from now on A survey of cybersecurity decision makers found 77 percent think the world is now in a perpetual state of cyberwarfare. In addition, 82 percent believe geopolitics and cybersecurity are "intrinsically linked," and two-thirds of polled organizations reported changing their security posture in response to the Russian invasion of …
... (as in Joe Bloggs, not sysadmins) know how to look in the event.log?
TrendMicro recommends keeping a look out for unexpected installations of the mhyprot2 driver, which should show up in the Windows Event Log
Since Trend are in the antivirus business, shouldn't software notify users of this event before the driver actually runs?
Since Trend are in the antivirus business, shouldn't software notify users of this event before the driver actually runs?
Surely the point of secure boot is that you can't load unauthorized drivers into a kernel?
Am I missing something?
If I install RHEL8 on a post ~2014 server and then try and load ZFS it tells me to **** off, that's not trusted.
I was under the impression this secure boot stuff was being pushed by MS, it's MS's secure boot key which is in the FW which is signing the things to allow RHEL to run.
Don't they do this on Windows?
Or are MS signing drivers for every hacker out there?
shouldn't software notify users of this event before the driver actually runs?
Microsoft made some decent moves in that direction with AppLocker, then immediately regretted it and broke it, the bigger market being in consultancies billing hours for fixing broken crap and promising that future Windows versions will fix the current broken crap.
As things are now, one needs a brain the size of Jupiter to configure it correctly and also a Windows Enterprise box. Once it does work, however, it will be deprecated, The Microsoft way!
Everyone else get to run Snap.Do!
Were you not aware that a government can target its own citizens? Lots of them have, and dictatorships really like doing it although democracies are distressingly often willing to do the same. You can never attribute with perfect certainty a piece of malware to its creators, but there are lots of methods of doing so that produce better results than seeing that a few machines in Iran are affected and jumping to a conclusion without seeking any other evidence.
The West was saying that it had won The Cold War and now everything has changed, it's just another side of Climate Change in a way ... effectively in both cases we saw a horrible event and then decided to do nothing, just make more money by playing differently.
We need to care for the entire world, not just a local event.
The techniques used and the goals of a cyber attack from nation state attackers do not differ from those of simple criminals. The only distinction are their resources and motivation.
They all use pre-existing vulnerabilities in systems/setups to steal data, plant data, plant code, damage systems, etc. Cyber attacks have been a matter of fact for the last 30 years.
Calling it now "Cyber Warfare" does not change a single thing...
And as in the last 30 years there is only one way to stop those attacks or at least make the life of all attackers a lot harder:
Every nation state, every "scurity" agency and every "security" company that collects vulnerabilities to use them for attacking their targets needs to disclose _all_ ther collected attack vectors to the software manufacturers whose products the break into.
Close the vulnerabilities to make everyone safer, or stop calling yourself a "security" agency or a "security" company.
Software development is the process of writing faulty code.
Upgrading is a way in which new problems can be introduced into working software (even if it already has bugs).
Maybe the solution is a world-wide moratorium on software development: new O/S releases, new applications, upgraded "features" - until all the currently known and soon to be discovered bugs, flaws, backdoors, vulnerabilities and attack vectors have been shut down.
We could just make private computer ownership illegal and only allow their use in government approved facilities under heavy supervision. At the very least, ban privately owned keyboards to slow the malware coders down.
It could be almost as effective as legislation against drugs or firearms.
Is it too much to ask for a commercial OS to come with maximal security as standard, not something that requires user/admin configuration. You could be mistaken for thinking that certain OS vendors have an invested interest in handing over ‘customers’ to the dark forces of exploitation.
I was playing today with a spare laptop which happened to have a never run W10 on the hard drive.
My word it was depressing.
The installer kept trying to persuade me to allow it to use - even in the absence of an internet, how? - any way it could think of to let it identify me so that 'suitable' adverts could be sent. You don't want to log in to your MS account? It's much better if you do! No! May we report your location? No! May we use your location to personalise your adverts? No! May we send full status reports home? No! Well perhaps we can use the minimum status reports to personalise your adverts? No!
And much more in this vein. And recall, at this point the network - wireless - had not been authorised. Yet before this farrago began, somehow something had managed to update not only the BIOS but also the management engine hidden processor - how?
I don't know what's going on there - and I can see mechanisms for most of it - but it all seems so damn pointless. Certainly none of this bullshit occurs when I stuff a penguin in the same place.
It's not pointless.
Your data - ie, the details of everything you do on or near your computer, is worth more to Microsoft and other big-tech companies than what you paid for Windows. Afaik Apple is the only big-tech company that hasn't completely embraced that model, at least on the PC front (mobile being another story of course).
Your TV does it. Even your effing car does it now. You and your behaviours are just products to be sold to advertisers, and who knows who else. Amazon is buying Roomba so they can get access to the maps and images of contents of everyone's homes (sad, I used to like my Roomba). So they can sell you more crap.
It's completely unreal.
Sadly, when offered the choice, the mass-market punter chooses the plug-in-and-go solution. None of that pesky configuration rubbish!
It would have to be illegal to sell any online device configured for plug-in-and-go. Only government-certified White Hats allowed to pre-configure it to same before delivery. Bit like buying a car with the system pre-configured with the owner's details. But then, how to keep said machine free of finger trouble?
And who says these certified white hats will stay so. Tacitus' moral still holds true about the Guardians. As far as that goes what do you really know about your cloud service provider? Air gapping some data the program creators want into the value added gravy so they try the same ransom methods as the state players. The old adage about paranoia and them coming after you holds true. Being on the defensive mode makes all our moves reactionary and always playing catch-up. Going offensive ask the question who and what to attack!
While entering this the question arose in my mind: Has the number and type of attacks changed sine February 24. The Ukrainians have all they can do to twit the neoSoviets and Putin's people see the world as against then so their play should not change. So how does it go?
"Is it too much to ask for a commercial OS to come with maximal security as standard, not something that requires user/admin configuration."
Yes, it is. But fortunately for you, I have such a product available for purchase. It's guaranteed to make your computer unhackable, at least while it's running only this OS. You don't need to touch a single config file or even think at all about what you're doing with the machine to ensure the security. Sadly, in order to accomplish this, the following restrictions are present: you can't store or load any data in nonvolatile memory, you can't run more than one program at a time, and you can't communicate with any other system. I was originally not going to let you turn it on either, but I do like providing my customers with features when I can.
You're asking for a perfect solution, all on a system whose entire purpose is to be among the most versatile data processing equipment in the world. It's akin to demanding a lock that can never be opened, even when the perspective burglar has infinite time on their hands and access to high explosives, and oh yes you also want it to open in at most two seconds when and only when it's you who's entering. If you want physical security, you have to put some thought into what inefficiencies you'll accept, where you'll need security systems, and what processes you'll need to maintain them. Failing to do that is likely to give you a flawed system. It should be unsurprising that digital security has similar requirements.
How in the name of Eris, Goddess of Chaos, do 23% of cybersecurity decision makers NOT think we're in a state of perpetual state of cyberwarfare?
I wonder how many bad security decisions have been made by them?
Sticking your head in the sand is one thing but I fear they've stuck theirs in a different orifice.
It's a prefix with plenty of annoying historical uses, but we don't have a different one when we're creating new words. If they said that we were in a state of perpetual "computer warfare", it would sound at least as silly and likely more so. Those of us who work in IT or another computer-centric field may not say "cybersecurity" much, but those who deal with lots of other things in the big category of security want a word for the computer-related parts of it. If it's not going to be cybersecurity, you find another short word for it and convince others to switch.
Those of us who work in IT or another computer-centric field may not say "cybersecurity" much, but those who deal with lots of other things in the big category of security want a word for the computer-related parts of it. If it's not going to be cybersecurity, you find another short word for it and convince others to switch. .... doublelayer
Some things require more than just short words to switch on A.N.Others to that which surrounds and invites them to come out and play better than just nicely and not badly .... for anything else practised always ends up surprisingly abruptly in almighty crashing failures suffering awesome crushing defeats. Be wise, heed the advice, it is indeed sound counsel whenever the shared guaranteed perilous outcome is a clear and always present parlous danger that tempts and torments both the most ignorant and wilfully arrogant of lost souls to be bold and misleading.
Simply Complex Alien Designed Applications in Virtually Advanced IntelAIgent Operating Systems delivering Surreal Controlling Analytical Data Acquisition Systems with Exclusive Elite Executive Bodies/Agencies/Proxies to Command would be a great deal more than any who currently work for IT and AI in any present computer-centric security field are enabled to be able to handle because of the Stealthy Stay Healthy Advanced IntelAIgent Resource Gap and Proprietary Intellectual Property Deficit supplied by Future Greater IntelAIgent Grandeur Design.
Y’all might like to consider that it what you are destined to be aiding whilst the fools in a folly do sacrifice and destroy blood and treasure toiling to compete against and vaingloriously oppose already arrived, firmly entrenched and deeply embedded future interventions.
What/Who are you following for their future plans to be delivered for your enjoyment/disappointment is the question you always need to be asking yourself and demanding of media attention and answering.
Question more. IT has the ability to changes lives beyond one’s wildest dreams and imagination.
A survey of cybersecurity decision makers found 77 percent think the world is now in a perpetual state of cyberwarfare.
The questions to ask of that perpetual state of cyberwarfare, and you might like to realise some of the many attack vectors are/will be virtually indefensible and therefore there will be practical and catastrophic damage and suffering experienced, are exactly who and/or what is thought worthy of such devastating attacks and whether being a well known defender of targeted vulnerable leaderships is in one's better longer term interest as the formerly kept top secret type reasons for such attacks become more widely known and be deemed future unacceptable and presently despicable and past lamentable.
Both defending and being actively and/or proactively responsible for continuance of the reprehensible and indefensible is a right mug's game and has one legitimately targeted as a state enemy and willing ignorant perpetrator of crimes against humanity. The just penalty for that is quite obviously as suitably severe as needs be to guarantee no possible further leading first party physical or virtual participation in future societies.
Fancy a new Russian Yandex neurobush Balaboba refuses to generate output when using amanfromMars' name because, as it says, it's not allowed for the net to genetate texts about religion.
Sorta Suddenly Stunned...
Now does ElReg have IT's GOD (-:
Moar out when the opening 'a' is omitted, with much more relevance.
Think Russians know something. Maybe, they just simply question more?
Congrats, Doc!
If you accept that cyberspace allows widespread governement hacking, might that put a practical limit on the applications people will accept as using the internet ?
For example, these Medical devices would be a hard sell for me :
https://news.mit.edu/2018/wireless-system-power-devices-inside-body-0604
Not that corprations won't participate in malicous corporate hacking, but it's easier to cast governments as villans in this case.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
