this post was submitted on 20 Jul 2024
120 points (96.9% liked)

Pulse of Truth

400 readers
34 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 10 months ago
MODERATORS
krogoth@infosec.pub
120
The CrowdStrike debacle may have accidentally provided cybercriminals and countries like China a more detailed road map to disrupt US critical infrastructure (David E. Sanger/New York Times) (www.techmeme.com)
submitted 1 month ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub
16 comments fedilink hide all child comments
 

David E. Sanger / New York Times: The CrowdStrike debacle may have accidentally provided cybercriminals and countries like China a more detailed road map to disrupt US critical infrastructure  —  With each cascade of digital disaster, new vulnerabilities emerge.  The latest chaos wasn't caused by an adversary …

top 16 comments
sorted by: hot top controversial new old
[–] homesweethomeMrL@lemmy.world 31 points 1 month ago (1 children)

Yeah “target Windows”.

[–] Blaster_M@lemmy.world 11 points 1 month ago* (last edited 1 month ago) (2 children)

Worse... target CrowdStrike or any other security monitoring system... which means being able to get in anything, Windows, Linux, MacOS... not that they don't already do that. Because they definitely do.

[–] Spiralvortexisalie@lemmy.world 4 points 1 month ago (1 children)

It had already been done see: SolarWinds

Somehow they are still in business

[–] Blaster_M@lemmy.world 4 points 1 month ago* (last edited 1 month ago)

My point exactly. What good is a dozen docker containers nested in four VMs if you can slap all of it aside with the giant ROOT SHELL hand because you hacked into the remote monitoring software to take control of the system.

The remote management system is now the weaket link in the system's security chain.

[–] homesweethomeMrL@lemmy.world 1 points 1 month ago (1 children)

If it’s specifically allowed, yes. Windows is swiss cheese with tons of contaminants in.

[–] Blaster_M@lemmy.world 4 points 1 month ago (1 children)

Any remote monitoring software is a swiss cheese opening into your system.

[–] homesweethomeMrL@lemmy.world 1 points 1 month ago

Not necessarily. Proper permissions and lack of system bugs are ok to monitor, it doesn’t mean the system is less secure.

[–] kaffiene@lemmy.world 9 points 1 month ago

Why the fuck does the writer think that state actors weren't already aware of these vectors?

[–] cerement@slrpnk.net 8 points 1 month ago

we’ll do all their work for them, they just need to sit back and take credit the next time we shoot ourselves in the foot …

[–] finley@lemm.ee 6 points 1 month ago

Oh, great

[–] CMDR_Horn@lemmy.world 6 points 1 month ago (1 children)

What do you mean “may have”

[–] dumbass@leminal.space 1 points 1 month ago

Depends on if they already knew this information or not.

[–] ByteOnBikes@slrpnk.net 2 points 1 month ago (1 children)

I mean, isn't this also a problem in other Western countries? Australia got it bad.

[–] Frozengyro@lemmy.world 3 points 1 month ago

Yes, but only country that matters is US /s

Also, they are likely the primary targets (certainly not the only ones) for bad actors.

[–] Happywop@lemmy.world 2 points 1 month ago

way to go a**holes!

[–] OppositeOfOxymoron@infosec.pub 1 points 1 month ago

Uh, between SolarWinds and XZ and the supply chain attacks being conducted by the NSA that were revealed by Snowden... They already know.