top | item 27555922

(no title)

qyi | 4 years ago

The standard business solution to solve security issues - for example like having all your database in a public folder - is to get a guy to implement "security" (whatever that means) who is 40 years old and is really confident he knows what he is doing. He will go configure some firewalls and stuff that has absolutely nothing to do with preventing any real risk aside from automated attacks. Every time someone still gets the files from some 90's vuln, everyone is surprised that some sooper dooper hacker wizard was able to own their fortune 500 company.

> The least deployed solutions post-attack included web scanning (40%), endpoint detection and response (EDR) and extended detection and response (XDR) technologies (38%), antivirus software (38%), mobile and SMS security solutions (36%), and managed security services provider (MSSP) or managed detection and response (MDR) provider (34%). Only 3% of respondents said they did not make any new security investments after a ransomware attack.

uh huh. uh huh. uh huh. uh huh.

Meanwhile, for example, earlier today: a web search for "cat /etc/passwd" blocks my IP. What even is the point of this article? _Of course_ if you don't patch they will just hack you again. _Of course_ if your company follows terrible 90's practices, it will get owned again.

discuss

albertgoeswoof|4 years ago

Did you choose 40 year old because it’s too old, or because it’s too young? I genuinely can’t tell

qyi|4 years ago

The essential point is that he's 40 and still doesn't know what he's doing (a common problem in any technical field).

YuriNiyazov|4 years ago

So, what age must one be to supervise implementing security practices at an organization?