The flip side i refer to isn't because of 0-interaction.. I refer instead to the fact that even the few that can, are locked out of possible defensive tooling. I agree that the others are (mostly) dumpster-fires..
-
-
Replying to @chrisrohlf @dinodaizovi
The question here would be if useful custom mitigations have ever been developed for an open platform..
0 replies 0 retweets 1 like -
Replying to @chrisrohlf @dinodaizovi
Totally agree that the approach has worked super well for protecting the masses. Totally feel like opening the kimono a little more to researchers is going to help going forward.
1 reply 0 retweets 1 like -
If it takes million dollar exploits to own your stuff, you’ve won. I can’t imagine third parties being able to do much to eliminate that particular risk... it’s a lot of dollars.
2 replies 1 retweet 10 likes -
Replying to @riskybusiness @haroonmeer and
I think we both agree that if it costs 1M to compromise you, you're doing pretty well. If an exploit costs 1M, that's just upfront cost, you can use it indefinitely so the cost-per-compromise could be tiny. Doesn't sound quite as impressive if unit cost of compromise was $6.
1 reply 0 retweets 6 likes -
Replying to @taviso @haroonmeer and
True, but mass compromises tend to rely on publicly available Nday exploits, not expensive 0day people don’t want to burn. Notpetya, Code Red, Nimda, slammer, blaster...
1 reply 0 retweets 0 likes -
Replying to @riskybusiness @haroonmeer and
Nobody is doing that with 0day, they would burn the exploit immediately. If you just paid $1M for it, you're not going to throw it around where someone can find it. You only need 100 successful operations to get the unit cost down to 10k, totally doable.
3 replies 0 retweets 6 likes -
Replying to @taviso @riskybusiness and
again... it doesn’t cost 1M if the required components are available on the market for 20% of 1M
2 replies 0 retweets 0 likes
I'm just using the figure Patrick used, I'm not claiming that's the cost. I'm just saying that upfront cost of developing or acquiring an exploit != cost of compromise.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.