Attackers fool humans into clicking on URL's leading to malware downloads, or with embedded or attached malware in emails.
Then when the payload has been installed on the victim's computer. The next step is to spread and also to get control of as many machines as possible in on the same and neighbouring networks. With the eventual goal of command and control.
When unimpeeded, these attacks now take 5-10 minutes.
From here they lay low, for months.. Then the shit really hit the fan when they take the domain controller infrastructure through a GOLDEN TICKET using KERBEROASTING attacks. Then Kansas is going bye bye. You better pray your competent IT leadership has taken steps to make IDENTIFY, DETECT, PROTECT, RESPOND, RECOVER dimensions (NIST framework) a reality across the technologies your company relies on.
MITRE defines a generic framework for hacking attacks:
- INITIAL ACCESS
- EXECUTION
- PERSISTENCE
- PRIVILEGE ESCALATION
- DEFENSE EVATION
- CREDENTIAL ACCESS
- DISCOVERY
- LATERAL MOVEMENT
- COLLECTION
- COMMAND AND CONTROL
- EXFILTRATION
- IMPACT
From here I recommend you read the MITRE ATTACK framework, great reading!
It is done in every possible way. The dumbest form your defenses will allow in is what you get. Can absolutely be done via downloads yes. Because they perform an impersonation attack on you, or use a supplier as an attack vector, and by impersonating a trusted user, they get you to open a file or similar.
Better finetune your email security, because humans are a hard problem. Loads of awareness, phishing drills and information sec training is needed.
Interesting article, but I would say this is squarely from the perspective of the less technical people involved: lawyers, prosecutors, management types, apart a little bit from Art who knows about the steps in unencryption and so forth—interesting, none the less.
My opinion about it is that many companies don't understand their systems (and yes, I do blame Microsoft, Apple and for that matter Salesforce or Oracle). However, many people don't understand their microwave ovens, myself included, so perhaps it's unrealistic to start that conversation and perhaps focus on the pragmatists, like Art.
> There is a widely held belief that because math is involved, algorithms are automatically neutral.
> This widespread misconception allows bias to go unchecked, and allows companies and organizations to avoid responsibility by hiding behind algorithms.
I think the wording of this casts a shadow on what mathematics is. Opaque accounting or opaque algorithms, it doesn't matter what the underlying hidden components are. But the belief that the words "algorithms" or ever "smart" would hide things says more to me about people in management than it says about people who discover algorithms.
Mathematics can of course be weaponised, but a bigger problem is ignorance towards mathematics. After all, many things can be weaponised. I think the text on Tijmen Schep's websites have a good message, but I do think one should slow down when it comes to compassion fatigue. One way that I use to do this is to ask questions about concrete resources: What are things we need? What are the things we want? And are we progressing to improve people's living conditions?
For the most part, the answer to the last question is yes. It's important to realise this. There is a good book written about our progress as a society by I think an Estonian author, or another Eastern country. I wonder what it is called again.
From what I can tell, this is intraspecies competition.
In Southern Africa, we have a situation whereby not all woodpecker species can peck the holes from start to end.
The ones who start the holes look similar to the ones in the article, but they are black, white and yellow with red flecks [1]. Then there is a smaller orange, white and black one that either steals the former's nest or uses an old hole, after which it proceeds to do some interior decoration and expansion. This rather fashionable bird is also the emblem of the University of Johannesburg. [2] [3]
There are some other woodpecker species, but these two are quite common in places where I have lived and although I am not an ethologist, I believe the comment about their interaction is accurate. The Crested Barbet is somewhat bigger than the Hoopoe, so it would be interesting to know the full picture behind their symbiosis.
I’ve always love seeing both of those birds in my garden. The barbet, with his squat sturdy frame and bright colours, especially.
I’ve never read about their interaction though, and neither of links that you’ve provided appear to explicitly connect the two species. All I know, and can find, is that they both like to nest in holes in trees. Do you have any info to backup this story?
I could find that the Bennet's Woodpecker does have the behaviour of re-using or stealing holes. On Wikipedia it's only very briefly mentioned, but the large Robertson's book may have something on it. [1]
Still looking for more information on what kind of holes the Hoopoe uses or makes; perhaps I was rather thinking of the Bennet's.
That server should be on a UPS. Some people like to use an old laptop as a server at home, and that's even more ideal as it has a built in battery, often allowing the machine to stay alive for an hour or so before dying.
That's why there were those "illegal" t-shirts with the RSA algorithm printed out in Perl.
But I have a more pragmatic approach. If nuclear launch codes were written out on t-shirts I wouldn't be happy about it either. I think the real problem is ignorance. The US's main role after 1945, and the role of the UN, was and is to prevent another world war. Whether by virtue or by ignorance they have been successful, with the notable exception of a partial world war in the Middle East.
Having said that, the problem is ignorance towards technology and knowledge and resentment towards talent or individual ability. It's more general fear towards things they cannot understand, or rather, things they understand that they cannot subvert. But, I don't like to reduce myself to a protagonist's syndrome and I can more or less understand why the US government does what they do.
The only real node of certainty in the whole equation is that individual freedom is where the line should be drawn. And unfortunately for the obnoxious prescriptive types, any human can invent cryptography on their own whilst living in a cave.
> If nuclear launch codes were written out on t-shirts I wouldn't be happy about it either.
If the government only found out that its nuclear launch codes were leaked because it saw them written on someone's t-shirt, I would be unhappy about the government, not the t-shirt.
Also, if the government decided to ban the t-shirts rather than changing the codes, I would be even more unhappy.
I've heard a lot recently about Jane Street. Do you know a lot about them? I was curious to know their background in more detail and generally what kind of company it is, or the general attitude or atmosphere of the place. Also, why do you mention them specifically in the context of FP?
Also, why do you mention them specifically in the context of FP?
They are mostly famous in tech circles for one day one of their interns Yaron Minsky saying, hey let's rewrite everything in OCaml. And they did, and were wildly successful, and he's the CTO now. They bet big on FP and it happened to be an excellent fit for their problem domain.
