Post 2031216 by gen3sec@infosec.exchange
(DIR) More posts by gen3sec@infosec.exchange
(DIR) Post #1970535 by jerry@infosec.exchange
2018-12-14T01:44:52Z
0 likes, 1 repeats
My 2019 predictions: there will be big.breaches caused by avoidable stuff. The perimeter is still dead. The #infosec community will continue to eat itself.
(DIR) Post #1971594 by SandPaper@infosec.exchange
2018-12-14T02:31:02Z
0 likes, 0 repeats
@jerry I've seen this movie. Now you're just recycling content. d:
(DIR) Post #1982192 by iks@x0r.be
2018-12-14T13:16:20Z
0 likes, 1 repeats
@jerry When are we going to get a .breach TLD? target.breach, yahoo.breach, panera.breach, facebook.breach etc etc etc đ
(DIR) Post #2005018 by rysiek@mastodon.social
2018-12-15T10:56:52Z
0 likes, 3 repeats
@jerry I'll add to that: - breaches will continue to be blamed on "hackers" instead of dismal state of IT security - IoT and supply-chain attacks will spawn a bastard child of a problem when IoT vendors start providing (limited, incomplete) updates but fail to secure their infrastructure - more regulation (some for the better, some for worse) is going to come after GDPR trailblazed and showed it can work.#InfoSec #InfoSuck
(DIR) Post #2010300 by codesections@fosstodon.org
2018-12-15T16:14:36Z
0 likes, 0 repeats
@jerry just curious, what do you mean/have in mind by "eat itself"?
(DIR) Post #2011325 by thegibson@hackers.town
2018-12-15T17:05:32Z
0 likes, 1 repeats
@jerry The endpoint is the perimeter. regardless of where it resides. It's why endpoint agents to evaluate processes and detect and stop malicious activity is the only option. It's why I like Carbon Black, but there are plenty of other similar and good products.Establish perimeter security, and Arm you endpoints.Get SOC to the level of threathunting.We all know it's all about the layers.That said, the breaches will continue... regardless of what we do to prevent them... humans are crafty, there will always be new exploits, and we will forever be diligently working to stop these evolving threats.
(DIR) Post #2011402 by thegibson@hackers.town
2018-12-15T17:09:26Z
0 likes, 0 repeats
@jerry All that said...We will see in 2019, concerted state actor efforts to to target individuals and organizations that detect and dispatch their espionage efforts due to the lightweight reaction to the Kashoggi situation.Foreign intelligence is watching the US have a non-reaction, and right now are weighing if they can do that too... That's going to put people like us in a bad spot since we often act as an unwitting anti-espionage force.Good luck.
(DIR) Post #2011579 by thegibson@hackers.town
2018-12-15T17:18:23Z
0 likes, 0 repeats
@jerry Also... consolidation will erupt in 2019... all the new players will be bought.Blackberry kicked it off with Cyclance.Facebook will buy either Carbon Black, or Tanium.
(DIR) Post #2012486 by jerry@infosec.exchange
2018-12-15T18:29:09Z
0 likes, 0 repeats
@codesections I mean that the industry is consumed/self absorbed with fighting and arguments between people in the field over variety of topics
(DIR) Post #2012704 by bob@soc.freedombone.net
2018-12-15T18:37:53.000602Z
0 likes, 0 repeats
@thegibson @jerry Also maybe in 2019: new spectre vulnerabilities
(DIR) Post #2012705 by thegibson@hackers.town
2018-12-15T18:44:45Z
0 likes, 1 repeats
@bob @jerry SPECTRE AND MELTDOWN CANNOT BE PATCHED.Because of this, we will have undetectable exploits. attacks utilizing this methodology will rise to be more common as we tighten the leash with TTP based endpoint defense.
(DIR) Post #2012718 by thegibson@hackers.town
2018-12-15T18:45:59Z
0 likes, 0 repeats
@bob @jerry Also, BIRD will go out of business as the homeless continue to modify and co-opt the scooters with aftermarket boards.
(DIR) Post #2013353 by Shamar@mastodon.social
2018-12-15T19:26:39Z
0 likes, 0 repeats
@thegibson @jerry > the breach will continue...I don't think so.I mean, yes... they will in 2019... 2020... 2030...But we CAN do better.
(DIR) Post #2016876 by duck57@mastodon.social
2018-12-15T22:54:20Z
0 likes, 0 repeats
@thegibson @bob @jerry Next yearâs syllabus for Mr. Steve Gibson and the Security Now podcast
(DIR) Post #2016887 by thegibson@hackers.town
2018-12-15T22:54:57Z
0 likes, 0 repeats
@duck57 @bob @jerry Maybe I should start one.
(DIR) Post #2031216 by gen3sec@infosec.exchange
2018-12-16T14:27:30Z
0 likes, 0 repeats
@Shamar @TheGibson @jerry we use CarbonBlack and I love it. That will change immediately if Facebook purchases them đ
(DIR) Post #2031217 by jerry@infosec.exchange
2018-12-16T16:04:27Z
0 likes, 0 repeats
@gen3sec @Shamar @TheGibson I highly doubt FB will buy CB. If FB buys someone, itâll be for their IR/consulting service, not product.
(DIR) Post #2031627 by thegibson@hackers.town
2018-12-16T16:27:51Z
0 likes, 0 repeats
@jerry @gen3sec @Shamar My money has actually been on Mandiant/Fireeye... I just keep going back to CB because it's my greatest fear...Want a funny bit of trivia?
(DIR) Post #2032107 by thegibson@hackers.town
2018-12-16T16:50:51Z
0 likes, 0 repeats
@jerry @gen3sec @Shamar Everybody knows that Blackberry bought Cylance... They run Carbon Black internally though... :)
(DIR) Post #2033127 by gen3sec@infosec.exchange
2018-12-16T17:49:16Z
0 likes, 0 repeats
@TheGibson @jerry @Shamar I think those are very solid beta, especially, fire eye.
(DIR) Post #2033146 by gen3sec@infosec.exchange
2018-12-16T17:49:23Z
0 likes, 0 repeats
@TheGibson @jerry @Shamar that is funny
(DIR) Post #2038228 by FlyingLawyer@infosec.exchange
2018-12-16T22:37:36Z
0 likes, 1 repeats
@jerry I'll give you a bold one. 2019 is the year the USA will get an omnibus federal privacy statute. It will inevitably include some #infosec-related provisions. It'll be fueled by the data companies that didn't get a chance to influence the CCPA. It will solve some problems (e.g. breach notification patchwork). It will create some new ones. It won't be anywhere near as bad as CCPA or GDPR.
(DIR) Post #2050599 by jerry@infosec.exchange
2018-12-17T11:46:41Z
0 likes, 0 repeats
@FlyingLawyer I predict a federal privacy omnibus bill that extends copyright length, funds 12 bridges, solidifies the ability to collect and sell personal data without consent, mandates breach notification timeframes, partially funds the border wall, and compels tech support for legal interception and decryption.
(DIR) Post #2082599 by FlyingLawyer@infosec.exchange
2018-12-18T18:46:38Z
0 likes, 0 repeats
@jerry I doubt the last one. With you on the rest.
(DIR) Post #2085059 by jerry@infosec.exchange
2018-12-18T20:48:33Z
0 likes, 0 repeats
@FlyingLawyer other than lobbyists, thereâs pretty much no one in government these days that are opposed to the this. All it will take is one âillegal aliens are hiding their whereabouts and heinous crimes using encrypted phonesâ and we go full Australia
(DIR) Post #2086223 by FlyingLawyer@infosec.exchange
2018-12-18T21:44:13Z
0 likes, 0 repeats
@jerry That's possible, but I think legislators that shopped the idea around with their constituents would be surprised by the backlash. There are other important voices that I think would pretty strongly oppose it, like academia and tech companies (not in their capacity to lobby formally, but in their capacity to influence their fan bases' opinions).