Alex loves repeating this, but there are two problems with his observation. 1/ The reality is that the distribution of effort lines up *really* closely with his pyramid. The volume of discussion doesn't reflect that, because phishing isn't news. https://twitter.com/Kym_Possible/status/1187414505287864321 …
-
This Tweet is unavailable.Show this thread
-
2/ Measuring impact by directly affected users is naive. Commercial exploits are used in surgical strikes against specific targets. Influencing an election, stealing financial results, etc. can impact *one* user directly, but *indirectly* many.
2 replies 11 retweets 88 likesShow this thread -
We *can* work on more than one problem simultaneously, we don't have to drop everything and work on problems one at a time (I think this is a form of relative privation). Clearly, exploits cause real harm to real people, and we *should* be working on them.
5 replies 6 retweets 76 likesShow this thread -
Replying to @taviso
I've heard his talk a few times and it hasn't come off to me like we should drop worrying about 0-days in exchange for worrying about run of the mill attacks, so I'd say we're all in agreement with you. The concern is that naiive security orgs ignore their most real/likely threat
2 replies 0 retweets 3 likes -
Replying to @ucsenoi
Right, but it just doesn't seem like a realistic concern, what security org is hiring side-channel researchers? Malware is predominantly what naive orgs worry about, no?
2 replies 0 retweets 2 likes -
i *guess* the message alex is trying to relay is: 1. coverage of research emphasize these rather exotic attacks to be the new real threats while run of the mill tactics don't see a drop in success rates. phishing is still super effective. ransomware is a thriving "business".
2 replies 0 retweets 0 likes -
Right, few of us are going to read new articles about phishing, it's already well understood, documented... and boring. So long as the distribution of effort is about right, why does it matter?
3 replies 0 retweets 0 likes -
i honestly don't think distribution of effort is anywhere close to about right.
1 reply 0 retweets 0 likes
What percentage of people should be working on side-channel research? I would guess maybe a few dozen people are working on it, where as hundreds of thousands are working on abuse, operations, phishing, malware, etc. How much lower can we go?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.