What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-08 10:00:00 | Happy 20th Birthday TaoSecurity Blog (lien direct) |  Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you BloggerBlogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security content that was born at the same time, or earlier. Bruce Schneier's Schneier on Security is the main one that comes to mind. If not for the wonderful Internet Archive, many blogs from the early days would be lost.StatisticsIn my 15 year post I included some statistics, so here are a few, current as of the evening of 7 January: I think it's cool to see almost 29 million "all time" views, but that's not the whole story.Here are the so-called "all time" statistics: It turns out that Blogger only started capturing these numbers in January 2011. That means I've had almost 29 million views in the last 12 years. I don't know what happened on 20 April 2022, when I had almost 1.5 million views?Top Ten Posts Since January 2011 |
Ransomware Studies Guideline | Solardwinds | ★★ |
|
2021-02-18 10:53:39 | Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem (lien direct) |  PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of the defender. The entire security ecosystem bears the costs, and in some cases even those who see tangible benefit may suffer costs exceeding those benefits.The ReasonLimitations of scaling are the reason why digital offense capabilities are currently net negative.Consider the case of an actor developing a digital offense capability, and publishing it to the general public. From the target side, limitations on scaling prevent complete mitigation or remediation of the vulnerability.The situation is much different from the offense perspective.Any actor may leverage the offense capability against any Internet-connected target on the planet. The actor can scale that capability across the entire range of vulnerable or exposed targets.The ThreeOnly three sets of actors are able to possibly leverage an offense capability for defensive purposes.First, the organization responsible for developing and maintaining the vulnerable or exposed asset can determine if there is a remedy for the new offense capability. (This is typically a "vendor," but could be a noncommercial entity. As a shorthand, I will use "vendor.") The vendor can try to develop and deploy a patch or mitigation method.Second, major consumers of the vulnerable or exposed asset can take similar steps, usually by implementing the vendor's patch or mitigation.Third, the security one percent can take some defensive measures, either by implementing the vendor's patch or mitigation, or by developing and acting upon detection and response processes.The combination of the actions by these three sets of actors will not completely remediate the digital offense capability. The gap can be small, or it can be exceptionally large, hence the net negative cost to the digital ecosystem. |
Ransomware Threat |
1
We have: 2 articles.
We have: 2 articles.
To see everything:
Our RSS (filtrered)
