Onomatopoeia@lemmy.cafe
on 12 May 15:29
nextcollapse
If security were at the front of development efforts, this would be far less of an issue. I’ve said it since the 90’s.
Tcp/IP was intentionally released without encryption with the argument that routing hardware lacked the necessary performance to handle it (which wasn’t incorrect, just misleading).
Windows at least was originally built as a single-user system on a disconnected computer. Though Window NT and it’s children have no excuse for not having stronger security models from the start (especially since it’s essentially a fork of DEC Alpha).
Well but their money should be accountable somewhere. You’d have to commit fraud to hide it.
untakenusername@sh.itjust.works
on 12 May 23:49
collapse
what I’m imagining is that the attackers could make their wallet address public, and tell the company that they would fix everything or whatever if a sum of money magically appeared in their account. If the owner of the company privately held some crypto, they could pay them off the books and go around the law you were proposing.
I feel you but it would be very suspicious for the CEO to magically find the correct decryption key when the whole company is offline. The more employees you have the harder it will be to do it silently. Plus it would stop most companies from doing so. So the few that would still do it are just dumb. Some countries already have this law afaik.
mindbleach@sh.itjust.works
on 13 May 05:05
nextcollapse
threaded - newest
If security were at the front of development efforts, this would be far less of an issue. I’ve said it since the 90’s.
Tcp/IP was intentionally released without encryption with the argument that routing hardware lacked the necessary performance to handle it (which wasn’t incorrect, just misleading).
Windows at least was originally built as a single-user system on a disconnected computer. Though Window NT and it’s children have no excuse for not having stronger security models from the start (especially since it’s essentially a fork of DEC Alpha).
It should be highly illegal to pay the ransomware gangs. And it shouldn’t even be possible to move the money for it around.
while that would probably fix this problem, it would only work if it could be enforced. which it couldn’t be, because crypto exists
Well but their money should be accountable somewhere. You’d have to commit fraud to hide it.
what I’m imagining is that the attackers could make their wallet address public, and tell the company that they would fix everything or whatever if a sum of money magically appeared in their account. If the owner of the company privately held some crypto, they could pay them off the books and go around the law you were proposing.
I feel you but it would be very suspicious for the CEO to magically find the correct decryption key when the whole company is offline. The more employees you have the harder it will be to do it silently. Plus it would stop most companies from doing so. So the few that would still do it are just dumb. Some countries already have this law afaik.
Jail the victims! Fucking brilliant!
Fuck out.
Ok glowie