undefined | Better HN

0 pointsbadrabbit5y ago0 comments

No, that's not what the analogy at hand. The designers of a stealth plane are just that. The right analogy would be if the navy seals designed a secret weapon, someone infiltrated their ranks and exfiltrated the weapons plans. Navy seals are not immune to moles. No org is.

Your implication that this was due to lack of proper security hygeine is unfounded. Security hygeine reduces risk it does not eliminate it. Risk is proportional to threat and attack surface, for an org like the CIA they have not-so-small attack surface and the whole world as their threat, so reduction in risk by means of common security controls and hygeine will not reduce risk from the most persistent and resourceful attackers.analogy to your reasoning would be "Google has an army of devs and security pros, so Chrome should never have a remote code execution vuln" ,no, as much as they may have money and talent, modern software is too complex for those resources to eliminate all bugs. Perspective is important.

0 comments

thephyber5y ago

I agree that your analogy works better.

> Your implication that this was due to lack of proper security hygeine is unfounded. Security hygeine reduces risk it does not eliminate it.

Nope. No security professional will admit that anything ever eliminates risk, so that's a strawman fallacy.

The point is that sharing admin passwords is a blatant violation of cybersecurity hygiene which every employee of the CIA is capable of understanding and avoiding. If the org can't enforce even just the basic stuff, there's not much hope of raising standards above that.

> from the most persistent and resourceful attackers.

Here's a secret that everyone already knows: the most persistent and resourceful attackers will always get in given enough time.

badrabbitOP5y ago

I agree on both of your last two points. Not sure where disagree then.

j / k navigate · click thread line to collapse