Jump to content

Most chip companies show signs of active compromise

justpoet
By justpoet
in Tech News
 Share
Posted
On 4/6/2021 at 12:14 AM, arkscout said:

 

What This Really, Probably, and With Malice, Means:

While this is pretty astonishing to most, this is actually normal across all industry. Definitely not OK, but pretty standard. While RDP and other ports are definite targets as there are many vulnerabilities linked to almost any protocol on any port. I need to look through this whole article, but my first thoughts here is to tell everyone to slow down and take a breath. Open ports, even unpatched vulnerability does NOT mean active compromise. If left open long enough, there will most definitely at least be indexing/scanning and it will be noticed, but that doesn't mean anything open is hacked. There are a lot of steps AFTER finding an open port one has to go through to even get to anything worth while. Most of these companies with open ports like this are paying for very expensive teams that either know full well they are open and are monitoring, don't know and will know before it's terrible, or... don't know and are about to have a really bad day. Anyway... in secuirty there is not always fire where there is smoke.

That said, this is a great conversation and the pressure needs to be put on companies to strengthen security. It is too easy to lock ports down, employ strong vulnerability/patch management, and enforce secure coding practice... but that ease costs a lot of money they might not have, or don't want to spend on something that "generates no revenue".

So hey. Check out Shodan or Greynoise if you are really interested. My go to news source is the guys over at Security Affairs, they do great work.

One way to think about the “generates no revenue” thing is that it may not produce profit, but it negates negative income that may be outlandishly large.   Risk is worth money and therefore managing it is too.  Companies can get completely destroyed by hacks.   Fire was a real danger that could beggar an owner. The early sprinkler systems were not government mandated.  They were simply such an obviously good idea that they became the law.  That the law is badly lagging in internet communication is well known.

Not a pro, not even very good.  I’m just old and have time currently.  Assuming I know a lot about computers can be a mistake.

 

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
13 minutes ago, Tellos said:

Parts yes but not the government and not the number of larger heavily populated cities. Parts of the US are super rural. Again this is syaing because parts of a state are not technological hubs none of it is. 

Nothing tier III or lower and sometimes not higher either.  It depends.

Not a pro, not even very good.  I’m just old and have time currently.  Assuming I know a lot about computers can be a mistake.

 

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×