Conversation

Notices

1. Embed this notice
   Bob Lord 🔐 :donor: (boblord@infosec.exchange)'s status on Friday, 29-Nov-2024 04:51:08 JST Bob Lord 🔐 :donor:

   “𝗔𝗹𝗹 𝗶𝘁 𝘁𝗮𝗸𝗲𝘀 𝗶𝘀 𝗼𝗻𝗲 𝗰𝗹𝗶𝗰𝗸”. How many times have you heard someone say that? How often have 𝙮𝙤𝙪 said it?

   Take a step back and ask yourself if this is 𝘳𝘦𝘢𝘭𝘭𝘺 how the hacks happen in 2024. Just one click? Really? If that were true, we'd be asking these questions:

   • Embed this notice
     Wendy Nather (wendynather@infosec.exchange)'s status on Friday, 29-Nov-2024 04:51:07 JST Wendy Nather

     in reply to

     @boblord

   • Embed this notice
     Bob Lord 🔐 :donor: (boblord@infosec.exchange)'s status on Friday, 29-Nov-2024 04:51:08 JST Bob Lord 🔐 :donor:

     in reply to

     1️⃣ How was the enterprise laptop fleet misconfigured to make this possible?
     2️⃣ What products were so dangerous that a single click led to arbitrary code execution? (Think about the specific make/model of browser, mail client, OS, or other software.)

     Now, here’s the real question: Why are we training and blaming users for these failures if the true issues lie in 𝘀𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝘂𝗻𝘀𝗮𝗳𝗲𝘁𝘆 and 𝗽𝗼𝗼𝗿 𝗻𝗲𝘁𝘄𝗼𝗿𝗸 𝗮𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲?

   • Embed this notice
     Bob Lord 🔐 :donor: (boblord@infosec.exchange)'s status on Friday, 29-Nov-2024 04:51:08 JST Bob Lord 🔐 :donor:

     in reply to

     Why is our plan to train users to avoid the built-in dangers of software and software deployments instead of 𝘀𝗵𝗶𝗳𝘁𝗶𝗻𝗴 𝘁𝗵𝗲 𝗯𝘂𝗿𝗱𝗲𝗻 𝗼𝗳 𝘀𝘁𝗮𝘆𝗶𝗻𝗴 𝗰𝘆𝗯𝗲𝗿 𝘀𝗮𝗳𝗲 to those who can best affect change?