_sideffect@lemmy.world
on 23 Jan 2024 00:30
nextcollapse
360m Myspace accounts?
Oh no!
Car@lemmy.dbzer0.com
on 23 Jan 2024 02:43
nextcollapse
Someday, our immortal cyber personas, born from black box AI-created manifestations of our real selves, will be so disappointed in us.
It’s almost not even possible to not have an online presence somewhere liable for compromise and abuse these days. That is unless you were born and kept off the grid by some weird cult.
alex_02@infosec.pub
on 23 Jan 2024 16:11
nextcollapse
So basically, some data hoarder decided to collect data breaches and somehow that is a cause for alarm even though that is normal behavior by a lot of us who collect data like this since they become useful to us in our projects?
MSgtRedFox@infosec.pub
on 24 Jan 2024 03:31
nextcollapse
This reminds me of the movie hackers.
Is it possible the authors or site isn’t super familiar with cyber security, or the research side?
I’m mean, it’s cyber news, but how is this much different from have I been pwnd?
An I missing something, or was this just a click bait title to scare people?
Edit: so if this was for legit purposes, it should have been secured, otherwise it just contributes it assists with threat actors. I’m guessing this is why the community is upset.
haveibeenpwned does not publish data. They provide a service of checking whether you are part of breached data. They operate as a trustworthy middleman without disclosure or sharing of data to third parties.
If you mean they also collect data like that, then yes. But what they do with it is very different from a leak.
MSgtRedFox@infosec.pub
on 04 Feb 2024 02:40
collapse
Makes sense.
demesisx@infosec.pub
on 24 Jan 2024 15:59
collapse
Reposted comment:
I have a solution:
governments should heavily fine companies that are subject to data breaches.
If it cost them real money (proportional to their market cap, the amount of customers affected, and/or the severity of the breach) to allow a data breach, I’m betting they’d shore up those holes REALLLLLLLLLL QUICK.
ursakhiin@beehaw.org
on 24 Jan 2024 17:08
collapse
While I agree that this should happen when negligence is found, don’t be fooled into thinking that will prevent breaches entirely.
As long as things are available online there will be data breaches. Many of them will be a result of negligence. Some of them will be the result of zero day vulnerabilities, though.
demesisx@infosec.pub
on 24 Jan 2024 17:16
collapse
Agreed. It WOULD make them almost entirely go away, though. CEO’s are required to do what is best for their bottom line, BY LAW. So, IMO it is essential that this is codified into law in the US in particular because that is the ONLY language that multinational corporations understand and spend real money on fixing.
IMO, It would also help to tip the badly imbalanced scales of profit over to the side of white hat hackers too since organizations that employ black hat hackers creating ransomware make literally TENS OF BILLIONS a year. If I were a hacker (I’m not), at the current market rate, being a white hat hacker is significantly less profitable.
MSgtRedFox@infosec.pub
on 24 Jan 2024 23:52
collapse
What do you think about ideology of restricting or criminalizing paying ransoms then?
If paying the criminals was also a criminal offense, aside from companies that would still pay, would that curb the majority?
threaded - newest
Someone’s been playing too much Bloons lately.
360m Myspace accounts? Oh no!
Someday, our immortal cyber personas, born from black box AI-created manifestations of our real selves, will be so disappointed in us.
It’s almost not even possible to not have an online presence somewhere liable for compromise and abuse these days. That is unless you were born and kept off the grid by some weird cult.
So basically, some data hoarder decided to collect data breaches and somehow that is a cause for alarm even though that is normal behavior by a lot of us who collect data like this since they become useful to us in our projects?
This reminds me of the movie hackers.
Is it possible the authors or site isn’t super familiar with cyber security, or the research side?
I’m mean, it’s cyber news, but how is this much different from have I been pwnd?
An I missing something, or was this just a click bait title to scare people?
Edit: so if this was for legit purposes, it should have been secured, otherwise it just contributes it assists with threat actors. I’m guessing this is why the community is upset.
haveibeenpwned does not publish data. They provide a service of checking whether you are part of breached data. They operate as a trustworthy middleman without disclosure or sharing of data to third parties.
If you mean they also collect data like that, then yes. But what they do with it is very different from a leak.
Makes sense.
Reposted comment:
I have a solution:
governments should heavily fine companies that are subject to data breaches.
If it cost them real money (proportional to their market cap, the amount of customers affected, and/or the severity of the breach) to allow a data breach, I’m betting they’d shore up those holes REALLLLLLLLLL QUICK.
While I agree that this should happen when negligence is found, don’t be fooled into thinking that will prevent breaches entirely.
As long as things are available online there will be data breaches. Many of them will be a result of negligence. Some of them will be the result of zero day vulnerabilities, though.
Agreed. It WOULD make them almost entirely go away, though. CEO’s are required to do what is best for their bottom line, BY LAW. So, IMO it is essential that this is codified into law in the US in particular because that is the ONLY language that multinational corporations understand and spend real money on fixing.
IMO, It would also help to tip the badly imbalanced scales of profit over to the side of white hat hackers too since organizations that employ black hat hackers creating ransomware make literally TENS OF BILLIONS a year. If I were a hacker (I’m not), at the current market rate, being a white hat hacker is significantly less profitable.
What do you think about ideology of restricting or criminalizing paying ransoms then?
If paying the criminals was also a criminal offense, aside from companies that would still pay, would that curb the majority?