I have the example of negatively sampling attempts with instrumentation as part of the patch. That won’t measure successful attempts but could approximate volume. I’ll be the first to say it’s not perfect and I don’t have a perfect suggestion
-
-
Replying to @dwizzzleMSFT
We don't measure severity by number of compromises anymore, and competent attackers aren't just blindly running autopwn. If for some reason you just want a guesstimate for how many kiddies there are, then that's much easier but doesn't seem useful.
1 reply 5 retweets 17 likes -
Replying to @taviso
If you think measuring widespread attacks is not valuable I dunno what to tell you
1 reply 0 retweets 0 likes -
Replying to @dwizzzleMSFT
I said "we don't measure severity by number of compromises", how do you get to "measuring widespread attacks is not valuable" from that?
1 reply 0 retweets 2 likes -
-
Replying to @dwizzzleMSFT
I meant isn't useful in this context - how many kiddies there are doesn't have any relationship to how bad things would have been if we didn't invest the effort into cleaning up rowhammer, but the instrumentation only measures how many kiddies there are.
1 reply 0 retweets 6 likes -
Replying to @taviso @dwizzzleMSFT
Give me a guesstimate how much it would cost to turn speckhammer into a profitable professional azure compromise - $1M? You need staff, dev, ops, etc and it's risky. But once you patched it, seems really hard to recoup that. Instrumentation only measures opportunistic attempts.
1 reply 0 retweets 2 likes -
Replying to @taviso
agree measurement has tons of limitations and also agree with costs. So let’s not measure anything?
1 reply 0 retweets 0 likes -
Replying to @dwizzzleMSFT
I want the data as much as you do, I just don't see how to get it. Is the popemobile useless because nobody has tried to shoot it? No, that doesn't prove the threat was overblown, if it wasn't there, someone could have tried...right?
2 replies 0 retweets 5 likes -
Replying to @taviso
If you think I’m arguing for not patching, I’m not. I’m saying it is clear not everyone is going to do everything and there will be some prioritization in defense. Seems like investing in research in this space is a good idea to help. I don’t believe partial data is worthless.
1 reply 0 retweets 0 likes
No, I think you're arguing that there is some relationship between existence of targeted attacks and prevalence of opportunistic attacks. Is that accurate?
-
-
Replying to @taviso
No I’m just saying data on opportunistic attack’s is useful.
1 reply 0 retweets 0 likes -
Replying to @dwizzzleMSFT
Well, we agree on that. I don't think it would tell us anything about whether a vuln would have been used in targeted attacks though, that's not what you're interested in?
1 reply 0 retweets 1 like - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.