Can somebody explain these ransomwear attacks?

• Previous message (by thread): Can somebody explain these ransomwear attacks?
• Next message (by thread): Can somebody explain these ransomwear attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 27 Jun 2021 at 08:53, Jakob Heitz (jheitz) via NANOG
<nanog at nanog.org> wrote:

> Finding vulnerabilities and how to exploit them to run malware
> in closed source code is nigh on impossible.

I'm not entirely sure if I understood this statement right.

Of course you are aware that every closed source project is breached
by bored hobbyists given the slightest motivation. Ref: pwn2own or
entirety of infosec history.
We have no historic knowledge of how to build software that is robust
enough to withstand an attack from someone motivated by boredom. We
have a lot of finger pointing about 'code it right' and a lot of
religious rituals which somehow are needed for infosec to succeed, and
it still never does.

Now let's assume there are some better motivations than boredom, and
we must assume the quality of attacks is higher than what we see in
things like pwn2own.

How many dollars must the defender use per dollar used by the
attacker? And is this leverage difference higher than the cost of
realised risk?

-- 
  ++ytti

• Previous message (by thread): Can somebody explain these ransomwear attacks?
• Next message (by thread): Can somebody explain these ransomwear attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]