BlackBerry uncovers China-backed hacking campaign

I stand corrected about Apple, it uses a proprietary hybrid version of UNIX with which Apple has modified and placed its own user interface.
 
There's a mountain of problems that come with attempting security compliance in government, OS be damned. There are folks in charge of each system that can literally write an Acceptance Of Risk to continue operating either un-patched or configured in a "less secure" manner. There are companies like Purism that are trying to bridge the hardware gap together with software, but i don't think there's any one platform out there yet that gives a good enough "out of the box" solution without administrator intervention. There's no replacing the admin who configures the system as secure as they can.

If someone wants to, they're going to get in. In the case of nation-state actors like China, they'll do it faster and better than the basement nerd. It's only a matter of when.
 
AWP said:
I stand corrected about Apple, it uses a proprietary hybrid version of UNIX with which Apple has modified and placed its own user interface.
Click to expand...
I still trust Apple servers to be better protected than most though. And thankfully last I knew, they weren't giving up the encryption info to Uncle Sam and other countries.
 
professional_nerd said:
That's a pretty bold assumption. Why do you consider them better protected than most?
Click to expand...

Having been to one of their server facilities before and many briefings on all things tech. Plus as a civilian I have appreciated them not handing out the encryption code to DOJ and other law enforcement agencies.
 
BloodStripe said:
Having been to one of their server facilities before and many briefings on all things tech. Plus as a civilian I have appreciated them not handing out the encryption code to DOJ and other law enforcement agencies.
Click to expand...
Maybe in the physical security portion of things, but I don't know of anyone doing anything particularly earth-shattering as far as technical security is concerned. It's a fairly level field when it comes to who is targeted. Success for someone who breaches security isn't really measured in headlines either, but more of what is done for long periods of time without being discovered. Not handing over encryption codes to DOJ etc might be fine for publicity, but that doesn't mean it hasn't been cracked by other means.

I guess what I'm saying is that I have doubts any time there's a claim of great protection. It allows people to relax their own security protocols (password management/changes, implementing MFA, basic awareness) because a platform claims better security than the competition. That's been wrong more than it's been right with platforms providing mass services.
 
professional_nerd said:
Maybe in the physical security portion of things, but I don't know of anyone doing anything particularly earth-shattering as far as technical security is concerned. It's a fairly level field when it comes to who is targeted. Success for someone who breaches security isn't really measured in headlines either, but more of what is done for long periods of time without being discovered. Not handing over encryption codes to DOJ etc might be fine for publicity, but that doesn't mean it hasn't been cracked by other means.

I guess what I'm saying is that I have doubts any time there's a claim of great protection. It allows people to relax their own security protocols (password management/changes, implementing MFA, basic awareness) because a platform claims better security than the competition. That's been wrong more than it's been right with platforms providing mass services.
Click to expand...

Everyone is always looking for access, whether it's physical or cyber. Most of the briefings I attended centered around upcoming technologies and how they could be deployed or new vulnerabilities and how to exploit them. Physical security is of equal importance, if not greater, than cyber protection. A lot more damage can be done to a whole network if you have direct physical access and can do as you please.
 
BloodStripe said:
Everyone is always looking for access, whether it's physical or cyber. Most of the briefings I attended centered around upcoming technologies and how they could be deployed or new vulnerabilities and how to exploit them. Physical security is of equal importance, if not greater, than cyber protection. A lot more damage can be done to a whole network if you have direct physical access and can do as you please.
Click to expand...
Oh, no doubt. I had a business for a while where that was my main focus (physical security pen testing). It's hard to impress upon people the importance of those things, especially when you tell them the cost, lmao. But, it's a fight we have to keep fighting, unfortunately.
 

Similar threads

TYW27
Cyber War and America’s Response
2
Replies
39
Views
3K
pardus
pardus
QC
Georgian Websites Forced Offline
Replies
1
Views
1K
car
car
QC
A sniper's tale
Replies
1
Views
3K
Snake Doctor
S
Crusader74
This Should Stir Up some Interesing Debates...
Replies
16
Views
5K
RetPara
RetPara
Sdiver
Unit 731...The Asian Auschwitz
Replies
7
Views
3K
RackMaster
RackMaster
Back
Top