Posts by gdbassett@mastodon.social
(DIR) Post #AQIRXvkI5W9quIlBya by gdbassett@mastodon.social
2022-12-05T12:30:48Z
0 likes, 0 repeats
@tiago hey @hrbrmstr: LLM honeypot.
(DIR) Post #AQQshsVJFNPlmBOrvk by gdbassett@mastodon.social
2022-12-09T14:12:50Z
0 likes, 0 repeats
@tiago @manlius @complexsystems @networkscience @neuroscience Do we know the relationship between a) the complexity of the unobserved network,b) the number of measures, amount of data from those measures, and complexity of the model c) the accuracy of the reconstruction of the network?
(DIR) Post #AQQvz3rsY5Nvo3qGVk by gdbassett@mastodon.social
2022-12-09T14:49:35Z
0 likes, 0 repeats
@tiago @yaneerbaryam @manlius @complexsystems @networkscience @neuroscience Does the more/less entropic in terms of structure inherently imply more/less entropy in dynamics?
(DIR) Post #AQQwNu1iHAICWWHre4 by gdbassett@mastodon.social
2022-12-09T14:54:02Z
0 likes, 0 repeats
@tiago @yaneerbaryam @manlius @complexsystems @networkscience @neuroscience (To add context, I work in computer security. We regularly take whatever measurements of an information system are easiest, build models to predict outputs, and pat ourselves on the back. I wonder how looking at the information system as a complex network system can better our modeling of it.)
(DIR) Post #AQts3ahbeGT2Z9mNf6 by gdbassett@mastodon.social
2022-12-23T13:52:10Z
0 likes, 0 repeats
@tiago @kordinglab The lack of convenience with passwords _is_ the issue.Far more breaches have occurred due to password reuse (often associated with credentials stuffing) than from attacks on password managers.Cloud sync of passwords is a security-convenience trade-off, but for me personally, with it. And at the macro level, likely worth it as well.
(DIR) Post #AQtsr45PBkrVt7VC40 by gdbassett@mastodon.social
2022-12-23T14:01:08Z
0 likes, 0 repeats
@tiago @kordinglab While you should be applauded for sacrificing convenience for security, based on my experience cataloging breaches for the Data Beach Investigations Report you are likely the exception.
(DIR) Post #AQttDOxqFGkr0jcD3o by gdbassett@mastodon.social
2022-12-23T14:05:10Z
0 likes, 0 repeats
@tiago @kordinglab yeah, the security community if well aware of the LastPass breaches. Honestly we're appreciate their executive leadership being so forthcoming though we are waiting to hear more specifics about what fields are and aren't encrypted to pass judgement.
(DIR) Post #AQttZoKCdSxe2JlBFw by gdbassett@mastodon.social
2022-12-23T14:09:14Z
0 likes, 0 repeats
@tiago @kordinglab @nextcloud "running your own server" is an interesting thing. (I once thought MS should make a personal server for homes and still run a Synology.)On the one hand it would be highly beneficial for lots of people to have their own servers. On the other, it prevents those people from taking advantage of economics of scale that have been highly beneficial (think Gmail's ability to filter spam). And there is still the single point of failure in the software produced.
(DIR) Post #AQttoOACBY65F41xAG by gdbassett@mastodon.social
2022-12-23T14:11:50Z
0 likes, 0 repeats
@tiago @kordinglab assuming there are no vulnerabilities present in the software on every server (https://www.greynoise.io/blog/2022-a-look-back-on-a-year-of-mass-exploitation).
(DIR) Post #AQtuENpM3dFTjEg4Tw by gdbassett@mastodon.social
2022-12-23T14:16:32Z
0 likes, 0 repeats
@tiago @kordinglab @nextcloud in Microsoft's defense, they provide some of the best security on the planet these days. Local ISPs are reliant on the software provided them and often lack the robust operations necessary to handle common cyber threats. (What local ISPs is running a multi-person 24/7 dedicated soc.)
(DIR) Post #AQtuSAs51aSFbHWovw by gdbassett@mastodon.social
2022-12-23T14:19:02Z
0 likes, 0 repeats
@tiago @kordinglab but you don't need to get all the passwords at once, just before security response occurs. And that's tends to be a race between the attackers scripting and a small orgs ops.
(DIR) Post #AQtvBX7DAVOpcWEbvE by gdbassett@mastodon.social
2022-12-23T14:27:15Z
0 likes, 0 repeats
@tiago @kordinglab @nextcloud Ultimately you have to pick your poison. All software is made somewhere. https://mastodon.social/@dcoderlt@ohai.social/109547448673528370
(DIR) Post #AQtvXelLPt7ti0YWJs by gdbassett@mastodon.social
2022-12-23T14:31:14Z
0 likes, 0 repeats
@tiago @kordinglab Attackers tend to be economically driven. A rising issue is to take critical vulnerabilities, automate their exploitation, and then sell the access.In our 2022 report (page 31, figure 43), from honeypot data, we observed a type of attacker sales funnel from scanning for hosts to executing an exploit.
(DIR) Post #AQtvxvCEwFyACrezGS by gdbassett@mastodon.social
2022-12-23T14:33:01Z
0 likes, 0 repeats
@tiago @kordinglab Again, this is not to say this would apply to you. I have no doubt you'd secure and patch your servers and services with alacrity. (Many security folks do as well.) My concern is the broader population.
(DIR) Post #AQtwaR3cvbzI1fzpNQ by gdbassett@mastodon.social
2022-12-23T14:42:53Z
0 likes, 0 repeats
@tiago @kordinglab Thankfully there isn't a single centralized password manager. There's lastpass, 1Password, bitwarden, the password managers in browsers, in OSs, and many others.And it's definitely a balance (and one that isn't settled in the security community). For example, a common solution is to use 1password and sync the vault through something like dropbox.
(DIR) Post #AQtxY0fEBhNfXizVCa by gdbassett@mastodon.social
2022-12-23T14:48:07Z
0 likes, 0 repeats
@tiago @kordinglab Here's @fsmontenegro, a friend and one of the best security analysts in the world, pontificating on how the security community sees the lastpass incident: https://infosec.exchange/@fsmontenegro/109563471808329552.
(DIR) Post #ATTul4px6jSONgoJMm by gdbassett@mastodon.social
2023-03-10T18:56:14Z
0 likes, 0 repeats
@kairyssdal The question I have is if it pushes a cross-party solution, does that give rise to other cross-party solutions between moderates, diluting the power of the extremes.
(DIR) Post #AWHhg1OeAs8GZFJZUu by gdbassett@mastodon.social
2023-06-02T15:03:06Z
0 likes, 0 repeats