Hacker Read

afavour · 2024-01-11 11:16:47

> You're offering hypothetical, worst-case whataboutisms

Otherwise known as “security”, yes

reply

DanBC | karma 56529 | avg karma 2.13 · | 2014-08-15 16:43:46+00:00

> I don't understand what would make someone think that possibly-compromised security is worse than no security.

False sense of security - you think your communications are secure but they're not.

reply

panda-giddiness | karma 863 | avg karma 6.49 · | 2021-01-05 20:57:07+00:00

> How is that the most reasonable approach?

The reasonable approach is to be overly cautious. A false sense of security is worse than no security at all.

reply

crankylinuxuser | karma 1209 | avg karma 0.79 · | 2018-11-19 16:53:12+00:00

> if the security culture is weak-to-completely-non-existant, they'll likely be ignored?

---->

> if the security culture is weak-to-completely-non-existant, they'll likely not even be budgeted or done.

reply

beefhash | karma 6083 | avg karma 7.35 · | 2019-02-26 16:40:50+00:00

> If security is a concern

At the risk of being presumptuous... When is security ever not a concern?

reply

johnchristopher | karma 10080 | avg karma 1.96 · | 2021-11-05 05:58:45

> I'd bet it's secure enough against anything that is not the NSA / equivalent foreign agencies. Now would I bet against those big players? Certainly not.

Which is another shortcut that boils down to saying "nothing is secure".

I have a beef with broad statements like that :].

reply

JohnFen | karma 30257 | avg karma 1.9 · | 2023-05-09 11:57:55

> How safe/secure are you feeling?

I don't think I'd feel (or be) much less safe/secure if an antagonistic nation developed such a thing and mine didn't. I would certainly feel less safe and secure if my nation had this capability regardless of whether or not others did.

reply

insanitybit | karma 4243 | avg karma 2.69 · | 2023-09-29 12:33:31

> When you consider the potential implications, and possible scenarios, from a security perspective you have to assume that they're not just "possible" but a reality.

No you don't. You definitely don't want to assume otherwise and you spend the time derisking and investigating, but if you have zero evidence to support the situation you don't just consider it the case anyways.

reply

eigenspace | karma 2950 | avg karma 3.48 · | 2023-07-04 14:41:45

> the security argument is moot anyways

Sorry, I’m missing something, what security concerns are you referring to?

reply

lima | karma 8270 | avg karma 4.8 · | 2021-08-12 04:33:46

> It is an interesting attack but is the above goal ever achievable? To protect against adversaries from the inside.

Achievable in any circumstances? No. Within a well-defined threat model, definitely.

reply

dataflow | karma 18671 | avg karma 5.13 · | 2023-09-14 01:09:35

> Playing devils advocate for a moment. How else do you test the robustness of the human process to prevent bad actors? Don’t you need someone to attempt to introduce a security hole to know that you are robust to this kind of attack?

How do you test that the White House perimeters are secure, or that the president is adequately protected by the Secret Service?

reply

hollerith | karma 6663 | avg karma 1.52 · | 2021-08-29 11:21:13

>the worst vulnerability I can imagine is the USG having unfettered access

You cannot imagine any other party it would be worse to be vulnerable to?

reply

pdknsk | karma 4113 | avg karma 11.79 · | 2013-07-21 23:44:16+00:00

>> It's about a security breach.

Well, you're very much mistaken. It's not about a security breach at all. If you read carefully, you'll notice it's merely about a "security threat".

:)

reply

ucaetano | karma 7928 | avg karma 3.92 · | 2018-10-11 15:46:25+00:00

> its potential to compromise security?

It's a bingo.

reply

sshine | karma 4878 | avg karma 2.83 · | 2023-07-04 09:12:39

> are people actually safe?

Inevitably: Safe against what?

Nation-states? No.

Your mom, your school, your church, and your work place? Sure.

reply

wyager | karma 8769 | avg karma 1.68 · | 2018-03-24 18:46:13+00:00

> I still have reasonable security.

Backdoored “security” is in no way reasonable. It’s essentially not security at all.

reply

carterehsmith | karma 502 | avg karma 1.06 · | 2019-09-06 21:02:52+00:00

>> We always have to assume worst case for security vulnerabilities, it's kind of the whole job of being a security researcher to determine what could have happened.

Many people will be annoyed by this "assume the worst" drama.

For example, drinking too much water, if we assume the worst, can kill you.

Also, walking around can kill you, if we assume the worst.

Also, just being around can kill you, if we assume the worst, hey, you could die of a stroke.

So, how is this "assume the worst" statement useful?

reply

dpedu | karma 1201 | avg karma 2.82 · | 2020-08-13 20:50:49+00:00

> No. Not in my experience.

Then your experience comes from somewhere with little concern for security.

reply

palata | karma 3339 | avg karma 1.4 · | 2022-11-25 19:28:41

> As someone who is rather distrustful of the real motives of the security in general

Do you mind elaborating on that?

reply

vatueil | karma 1108 | avg karma 4.36 · | 2018-04-19 20:30:13+00:00

> But a nefarious state (fascist, communist, dictatorial) will always use ‘safety’, ‘security’ as a concern and an argument to block and jail.

So what? Are there not valid reasons to bring up "safety" and "security"?

Unless you're claiming we're dealing with a "nefarious state", this statement doesn't carry any weight. For that matter even nefarious states may have valid safety concerns, including preventing orbital debris.

reply