Hi!
On Fri, 25 Jun 2021 18:56:36 +0300, "Alex K." may
have written:
> Ah ... and one more thing. Gladly, it is not our (network folks) life's
> complicated. It's system/DBA/and security folks, lifes. But I don't want
> to get cocky. We got SDN :-)
Yet. Probably.
Ransomware gangs /do/ target
In my humble opinion, the hidden assumption beneath this question seems to
be incorrect. Ransomware is not a single event, with assumed similarity to
the kind of failures, we regulary see at our network world.
The key abstruct differences, might be summed up as follows:
A. First and foremost,
> Finding vulnerabilities and how to exploit them to run malware
> in closed source code is nigh on impossible.
which explains why it never happens
randy
---
ra...@psg.com
`gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com`
signatures are back, thanks to dmarc header butchery
On Sun, 27 Jun 2021 at 08:53, Jakob Heitz (jheitz) via NANOG
wrote:
> Finding vulnerabilities and how to exploit them to run malware
> in closed source code is nigh on impossible.
I'm not entirely sure if I understood this statement right.
Of course you are aware that every closed source
Finding vulnerabilities and how to exploit them to run malware
in closed source code is nigh on impossible.
Anyone can read open source code.
What is possible is to analyze patches to figure out what was fixed
and then to attack those that didn't apply the patches.
Even easier is old releases.
On 6/25/21 11:59 PM, Valdis Klētnieks wrote:
On Thu, 24 Jun 2021 14:55:12 -0700, JoeSox said:
It gets tricky when 'your' company will lose money $$$ while you wait a
month to restore from your cloud backups.
If that's a concern, you've *already* totally screwed the pooch regarding DR
On Thu, 24 Jun 2021 14:55:12 -0700, JoeSox said:
> It gets tricky when 'your' company will lose money $$$ while you wait a
> month to restore from your cloud backups.
If that's a concern, you've *already* totally screwed the pooch regarding DR
planning.
pgphow4jPrnvf.pgp
Description: PGP
On Fri, 2021-06-25 at 15:18 -0700, Michael Thomas wrote:
> On 6/25/21 8:39 AM, Karl Auer wrote:
> > We need to start building systems that are not seamless, that are
> > not highly interchangeable, that are not fully interconnected, and
> > we have to include our human systems in that approach.
>
On 6/25/21 8:39 AM, Karl Auer wrote:
On Fri, 2021-06-25 at 10:05 -0400, Tom Beecher wrote:
Everything can be broken, and nothing will ever be 100% secure. If
you strive to make sure the cost to break in is massively larger than
the value of what could be extracted, you'll generally be ahead
fre. 25. jun. 2021 21.33 skrev Aaron C. de Bruyn via NANOG :
> On Fri, Jun 25, 2021 at 10:43 AM Tom Beecher wrote:
>
>> Incompetent insurance companies combined with incompetent IT staff and
>>> under-funded IT departments are the nexus of the problem.
>>>
>>
>> Nah, it's even simpler. It's just
On Fri, Jun 25, 2021 at 10:43 AM Tom Beecher wrote:
> Incompetent insurance companies combined with incompetent IT staff and
>> under-funded IT departments are the nexus of the problem.
>>
>
> Nah, it's even simpler. It's just dollars all around. Always is.
>
Agreed.
> From this company's
>
> Incompetent insurance companies combined with incompetent IT staff and
> under-funded IT departments are the nexus of the problem.
>
Nah, it's even simpler. It's just dollars all around. Always is.
>From this company's point of view, the cost to RECOVER from the problems is
so much smaller
On 6/25/21 5:25 AM, Jim wrote:
On Thu, Jun 24, 2021 at 5:41 PM Brandon Svec via NANOG wrote:
I think a big problem may be that the ransom is actually very cost effective
and probably the lowest line item cost in many of these situations where large
revenue streams are interrupted and
On Fri, 2021-06-25 at 10:05 -0400, Tom Beecher wrote:
> Everything can be broken, and nothing will ever be 100% secure. If
> you strive to make sure the cost to break in is massively larger than
> the value of what could be extracted, you'll generally be ahead of
> the game.
Easy to say.
IMHO
> The goal is to make your business very difficult to hack that it is no
> longer economically viable for terrorists to attack it in the first place.
>
> That’s the best insurance you can give to your business.
And yet, so often their system is vulnerable owing to ineptness, cluelessness,
On Fri, Jun 25, 2021 at 5:28 AM Jim wrote:
> Big problem that with organizations' existing Disaster Recovery DR methods
> --
> the time and cost to recovery from any event including downtime will
> be some amount.. likely a high one,
> and criminals' ransom demands will presumably be set as high
I agree with you that 100% secure is not achievable.
The goal is to make your business very difficult to hack that it is no longer
economically viable for terrorists to attack it in the first place.
That’s the best insurance you can give to your business.
Jean
s?
>
> Jean
>
> -Original Message-
> From: NANOG On Behalf Of Jim
> Sent: June 25, 2021 8:26 AM
> To: Brandon Svec
> Cc: nanog@nanog.org
> Subject: Re: Can somebody explain these ransomwear attacks?
>
> On Thu, Jun 24, 2021 at 5:41 PM Brandon Svec via NA
Cc: nanog@nanog.org
Subject: Re: Can somebody explain these ransomwear attacks?
On Thu, Jun 24, 2021 at 5:41 PM Brandon Svec via NANOG wrote:
>
> I think a big problem may be that the ransom is actually very cost effective
> and probably the lowest line item cost in many of these situat
On Thu, Jun 24, 2021 at 5:41 PM Brandon Svec via NANOG wrote:
>
> I think a big problem may be that the ransom is actually very cost effective
> and probably the lowest line item cost in many of these situations where
> large revenue streams are interrupted and time=money (and maybe also health
T: June 24, 2021 5:59 PM
TO: JoeSox
CC: nanog@nanog.org
SUBJECT: Re: Can somebody explain these ransomwear attacks?
On 6/24/21 2:55 PM, JoeSox wrote:
It gets tricky when 'your' company will lose money $$$ while you
wait a month to restore from your cloud backups.
So Executives roll the d
.
Jean
From: NANOG On Behalf Of Michael
Thomas
Sent: June 24, 2021 5:59 PM
To: JoeSox
Cc: nanog@nanog.org
Subject: Re: Can somebody explain these ransomwear attacks?
On 6/24/21 2:55 PM, JoeSox wrote:
It gets tricky when 'your' company will lose money $$$ while you wait a month
On 6/25/21 12:15 AM, Michael Thomas wrote:
On 6/24/21 4:57 PM, Karl Auer wrote:
Ransomwear - the latest fashion idea.
"Pay me money or I will continue to wear these clothes"
I reckon I could make a killing just by stepping out in a knee-length
macrame skirt...
Lol. Thanks, I knew that
On 6/24/21 4:57 PM, Karl Auer wrote:
Ransomwear - the latest fashion idea.
"Pay me money or I will continue to wear these clothes"
I reckon I could make a killing just by stepping out in a knee-length
macrame skirt...
Lol. Thanks, I knew that didn't look right. Maybe with a crop top to
Ransomwear - the latest fashion idea.
"Pay me money or I will continue to wear these clothes"
I reckon I could make a killing just by stepping out in a knee-length
macrame skirt...
Regards, K.
--
~~~
Karl Auer
On 6/24/21 3:08 PM, Shane Ronan wrote:
A lot of the payments for Ransomware come from Insurance Companies
under "Business Interruption Insurance". It in fact may be more cost
effective to pay the ransom, than to pay for continued business
interruption.
Of course along with paying the
I think a big problem may be that the ransom is actually very cost effective
and probably the lowest line item cost in many of these situations where large
revenue streams are interrupted and time=money (and maybe also health or life).
The original thought that it should be handled like
A lot of the payments for Ransomware come from Insurance Companies under
"Business Interruption Insurance". It in fact may be more cost effective to
pay the ransom, than to pay for continued business interruption.
Of course along with paying the ransom, a full forensic audit of the
On 6/24/21 2:55 PM, JoeSox wrote:
It gets tricky when 'your' company will lose money $$$ while you wait
a month to restore from your cloud backups.
So Executives roll the dice to see if service can be restored quickly
as possible keeping shareholders and customers happy as possible.
But if
It gets tricky when 'your' company will lose money $$$ while you wait a
month to restore from your cloud backups.
So Executives roll the dice to see if service can be restored quickly as
possible keeping shareholders and customers happy as possible.
On Thu, Jun 24, 2021 at 2:44 PM Michael Thomas
30 matches
Mail list logo