* Posts by Pim

2 publicly visible posts • joined 18 Jun 2018

A little phishing knowledge may be a dangerous thing

Pim

"The researchers say they're at a loss to explain this, allowing it's possible that survey responses about phishing experience may have been skewed by the experience of being phished. They also speculate that users who fell for the phishing scheme might overestimate their knowledge of phishing."

Mr. Dunning and Kruger might have an explanation for this mystery.

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

Pim

I'd like to add a couple observations:

- All industrial (medical) equipment should be on its own LAN, with remote access tightly controlled and monitored. By their very nature specialised equipment cannot be patched regularly and there should be no expectation of such. Browsing the internet on a machine running 3.11 is bad, controlling some ancient machine is just fine.

- Any "attack" that involves physical access to a plant is just security people looking for work. If I have physical access to your server room: I can switch off or destroy your stuff, even if it is running the latest OS with all security features enable. Their arduino is not more effective than a hammer with "0 lines of code".