I hate the phrase "raising the bar", I've noticed people use it when they're pitching some low-quality mitigation that makes the attacker do some busy work but doesn't fundamentally prevent them from achieving their original goal. 
-
-
well yeah, if you raise costs on their end, you have partially succeeded. But I agree with you that if this is used as an excuse to stop working on further solutions, then it's bad.
-
This is about recurring costs (maintenance costs of your codebase) and non-recurring costs (develop the new workaround that is sold, cheaply, to script kiddies). If they pay a one-time cost and you pay ad infinitum, who wins?
End of conversation
New conversation -
-
-
If they know what they need to work around the defense, are they really a script kiddie? If they don't know why their tool stopped working, would finding out and getting a fix only cost $50?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Most mitigation's are essentially a financial or criminal bar because ultimately I can buy a beetle sized webcam & go to a company's HQ & learn their secrets, or rubber hose their CE, everything else is cost & risk reduction for attackers.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.