Alex loves repeating this, but there are two problems with his observation. 1/ The reality is that the distribution of effort lines up *really* closely with his pyramid. The volume of discussion doesn't reflect that, because phishing isn't news. https://twitter.com/Kym_Possible/status/1187414505287864321 …
-
-
I've heard his talk a few times and it hasn't come off to me like we should drop worrying about 0-days in exchange for worrying about run of the mill attacks, so I'd say we're all in agreement with you. The concern is that naiive security orgs ignore their most real/likely threat
-
Right, but it just doesn't seem like a realistic concern, what security org is hiring side-channel researchers? Malware is predominantly what naive orgs worry about, no?
- 4 more replies
New conversation -
-
-
#phishing causes harm to real people. -
Right, lots of things cause harm to real people. The point is we should be working on all those problems, agreed?
- 1 more reply
New conversation -
-
-
Tavis, the issue is that as an industry we can, but the targets have tight budgets for security and often the efforts are focused by CIOs on whatever clever hack is getting press instead of the basics which their orgs are failing at. It's really bad out here.
-
I just don't buy it. What CIO is hiring academics for CPU side-channel attack research before throwing resources at malware, phishing or abuse?
- 1 more reply
New conversation -
-
-
Also, researchers’ provable exploits are one of security’s key design critiques
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The way I view it is every group or individual has their own risk and threat model. Our job as researchers is to find exploits. It is up to the consumer or organization to determine if the risk is relevent to their threat model.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.