Our Cyber Security is a Joke

[BBfanboy]

It seems like we can do nothing to stop bad actors on our most sensitive systems!

https://www.washingtonpost.com/world/na ... d9dfe7c2ea

[AW1Steve]

Oh it's no joke. And we can do a great deal to combat the problem. But WILL we? Before you answer that , ask yourself "How many people leave routers or other devices on "default settings? And how many people STILL use 1234 for a password?" The 1st and most important solution to any security , not just cyber is STOP BEING A LAZY #$%^^! Change your passwords , update your systems, and follow basic procedure. Anything beyond is gravy! (and commendable!)

[joey]

And the world becomes a bit more dangerous....

[JeffroK]

I work in a Defence Industry, we have painfull security requirements including not having data on server based storage.
It all depends how serious you are at being secure.

[MrKane]

ORIGINAL: AW1Steve

Oh it's no joke. And we can do a great deal to combat the problem. But WILL we? Before you answer that , ask yourself "How many people leave routers or other devices on "default settings? And how many people STILL use 1234 for a password?" The 1st and most important solution to any security , not just cyber is STOP BEING A LAZY #$%^^! Change your passwords , update your systems, and follow basic procedure. Anything beyond is gravy! (and commendable!)

password can save you against some kid playing hacker

90% routers in world is produced by Chinese companies belongs to Chinese ex-Military or ex-Intelligence officers.
Do you really think that password will help you ?

[MakeeLearn]

ORIGINAL: MrKane

ORIGINAL: AW1Steve

Oh it's no joke. And we can do a great deal to combat the problem. But WILL we? Before you answer that , ask yourself "How many people leave routers or other devices on "default settings? And how many people STILL use 1234 for a password?" The 1st and most important solution to any security , not just cyber is STOP BEING A LAZY #$%^^! Change your passwords , update your systems, and follow basic procedure. Anything beyond is gravy! (and commendable!)

password can save you against some kid playing hacker

90% routers in world is produced by Chinese companies belongs to Chinese ex-Military or ex-Intelligence officers.
Do you really think that password will help you ?

[AW1Steve]

ORIGINAL: MakeeLearn

ORIGINAL: MrKane

ORIGINAL: AW1Steve

Oh it's no joke. And we can do a great deal to combat the problem. But WILL we? Before you answer that , ask yourself "How many people leave routers or other devices on "default settings? And how many people STILL use 1234 for a password?" The 1st and most important solution to any security , not just cyber is STOP BEING A LAZY #$%^^! Change your passwords , update your systems, and follow basic procedure. Anything beyond is gravy! (and commendable!)

password can save you against some kid playing hacker

90% routers in world is produced by Chinese companies belongs to Chinese ex-Military or ex-Intelligence officers.
Do you really think that password will help you ?

Do you really think Chinese intelligence gives a rats annus about my family photo's or anything else I might have? I'm more concerned about the little jerk with a drug habit. I'd assume "Chinese Intelligence" isn't really interested in me. Or do you know something that I should know? [:D]

[Zorch]

ORIGINAL: BBfanboy

It seems like we can do nothing to stop bad actors on our most sensitive systems!

https://www.washingtonpost.com/world/na ... d9dfe7c2ea

We never hear about the times we break into their systems...if such instances exist.

[Lokasenna]

ORIGINAL: JeffroK

I work in a Defence Industry, we have painfull security requirements including not having data on server based storage.
It all depends how serious you are at being secure.

Obscene password requirements are actually bad for security. 8+ characters, 1+ capital, and 1+ non-letter character should be enough. Everybody should be able to memorize a password that meets those parameters and isn't a commonly guessed word.

There's a federal system that I have to log into every 3-6 months or so that resets the password every 3 months and disallows us from using any of the most recent 5 passwords. The requirements are 15+ characters, 2+ capitals, 2+ symbols, and 2+ numbers. Why?!? This system isn't even designed for regular use - it's just to check up on contract monitorings, which happen only 2 times per year. I'm not going to remember the password that I have to change literally every time I log in to the system, and can't use any of the ones that I used within the last 2.5 years.

What's that mean? That I have to write it down or keep it in an email somewhere. That is infinitely less secure than a password that I can just remember.

ORIGINAL: Zorch

ORIGINAL: BBfanboy

It seems like we can do nothing to stop bad actors on our most sensitive systems!

https://www.washingtonpost.com/world/na ... d9dfe7c2ea

We never hear about the times we break into their systems...if such instances exist.

The virus that affected Iran's centrifuges ~2010 (? it was in Obama's first term IIRC) is widely believed to have been the work of the US intelligence services.

[MakeeLearn]

ORIGINAL: AW1Steve

ORIGINAL: MakeeLearn

ORIGINAL: MrKane




password can save you against some kid playing hacker

90% routers in world is produced by Chinese companies belongs to Chinese ex-Military or ex-Intelligence officers.
Do you really think that password will help you ?

Do you really think Chinese intelligence gives a rats annus about my family photo's or anything else I might have? I'm more concerned about the little jerk with a drug habit. I'd assume "Chinese Intelligence" isn't really interested in me. Or do you know something that I should know? [:D]

I thought we were talking about espionage. Have you had a problem with drug addicts stealing family photos and selling them to support their habit? Or do they use the photos in the drug making process.

Do you really think Chinese intelligence gives a rats annus

Since in China "rats annus" sells for $5.00 a pound, yes they do!

In high level "Breaching", passwords would be the least of problems - getting in or keeping out.
I would not be suprized if the "unnamed contractor" was a Chinese company.

US Government IT Providers Source 51 Percent of Parts From China, Raising National Security Concerns
https://www.theepochtimes.com/u-s-gov-i ... 00557.html

[inqistor]

ORIGINAL: Lokasenna

Obscene password requirements are actually bad for security. 8+ characters, 1+ capital, and 1+ non-letter character should be enough. Everybody should be able to memorize a password that meets those parameters and isn't a commonly guessed word.

I suspect, that most breaking is made by automatic search engines, so the longer, the better:
https://xkcd.com/936/

[Alfred]

This is an article in today's press which lists the top 100 passwords involved in known security breaches.
 
http://www.abc.net.au/news/2018-06-11/chart-of-the-day-top-100-passwords/9844886
 
Very few words are on the list (other than really silly ones like "password").  Instead notice just how prevalent is the use of passwords comprised solely of sequential qwerty keyboard keystrokes.  People too lazy to even jumble p the keystrokes out of sequential order. Even on the few occasions when a numeric character is included, it is invariably only at the end or start of the password.
 
Alfred

[Lecivius]

I don't know if the term 'lazy', is always consistently accurate. I work in IT, and the level of sheer blatant stupidity I face daily simply boggles the mind. And not just the 1st level paper pushers (which is bad enough, I talk to people in charge every day that should never have graduated High School), but even the IT security types. Sometimes I wonder if senior management can even spell IT.

Two weeks ago, security (Based in India. There are some SMART folks there, but why does EVERYTHING in the IT world have to come from there?!?[:@] ) sent out an email, with a GD hyperlink in it everyone had to use to get some software uploaded. It just SCREAMED fish, but they sent it like it was nothing at all to be concerned about. And then a week later I get a little CBT blurb I am required to complete about fish emails, social engineering, yadda yadda yadda.

Two different major server manufacturers off-shored hardware manufacture to China in the late 90's. Within 2 years not only are cheap knock-off's of these servers popping up all over Asia, but back door code was found in them [X(]. Industrial espionage on a global scale. Can anyone here say who those 2 companies were? After all, this impacted everyone who plugged in a server from these 2 global network companies from 1999 to 2008. All swept under the rug. And the factories? Production moved to Malaysia [8|]

My own son. A pretty smart kid, with a paranoid dad harping at him all the time about how folks can get into his life. Yet he downloads apps on his phone all the time. Goes to coffee shops to do homework on his laptop. Is always using his smartphone to do things. <Captain Binghamton's voice> I could just scream.

Unless and until our so called Leaders Of Industry (whatever industry you are talking about) pulls their head out, education becomes something more than lip service, AND people quit being cheap and lazy, security will just be lip service.

[Lokasenna]

He'll learn the first time he gets burned.

Or he won't.

[rustysi]

I'm usually good with password creation. In addition I don't put personal info out on the web. No phone numbers, no birth dates, no SSN, don't bank on the web. Bills go snail mail. Don't even have cell service. No Facebook or any such. Any site that insists on certain info, I just make something up. Doesn't mean that my info hasn't been betrayed, just don't think it was by me. VA lost my info, and so did my employer. So I'm screwed either way.

[Orm]

What security? [&:]

[rustysi]

ORIGINAL: Orm

What security? [&:]

Zackly.[:D]