undefined | Better HN

0 pointsjampekka1y ago0 comments

> But your broken into system should in most cases be considered forever tainted until fully reinstalled.

Reinstalling an OS is not really, really bad. It's an inconvenience. Less so than e.g. having to get new cards after a lost wallet or getting a new car.

Security people don't seem to really assess what are the actual consequences of breaches. Just that they are "really really bad" and have to be protected against all costs. Often literally the cost being an unusable system.

0 comments

dave44201y ago

Is reinstalling the OS enough?

Isn’t there malware around that can store itself in the BIOS or something, and survive an OS reinstall?

Andrex1y ago

It would need to be a zero-day (or close to it), which means nation-state level sophistication.

You can decide for yourself whether to include that in your personal threat analysis.

worik1y ago

> Security people don't seem to really assess what are the actual consequences of breaches. Just that they are "really really bad" and

Security people are acutely aware of the consequences of a breach.

Look at the catastrophic consequences of the recent wave of ransomware attacks.

Lax security at all levels, victim blaming (they clicked a link....) and no consequences I know of for those responsible for that bad design. Our comrades built those vulnerable systems

marcosdumay1y ago

> Reinstalling an OS is not really, really bad. It's an inconvenience.

Reinstalling an OS is not nearly enough. You have to reinstall all of them, without letting the "dirty" ones contaminate the clean part of your network; you have to re-obtain all of your binaries; and good luck trusting any local source code.

The way most places are organized today, getting computers infected is a potentially unfixable issue.

worik1y ago

> Security people don't seem to really assess what are the actual consequences of breaches. Just that they are "really really bad" and

Security people are acutely aware of the consequences of a breach.

Look at the catastrophic consequences of the recent wave of ransomware attacks.

Lax security at all levels, victim blaming (they clicked a link....) and no consequences I know of foe those responsible for that bad design

j / k navigate · click thread line to collapse

0 comments

dave44201y ago

Is reinstalling the OS enough?

Isn’t there malware around that can store itself in the BIOS or something, and survive an OS reinstall?

Andrex1y ago

It would need to be a zero-day (or close to it), which means nation-state level sophistication.

You can decide for yourself whether to include that in your personal threat analysis.

worik1y ago

> Security people don't seem to really assess what are the actual consequences of breaches. Just that they are "really really bad" and

Security people are acutely aware of the consequences of a breach.

Look at the catastrophic consequences of the recent wave of ransomware attacks.

Lax security at all levels, victim blaming (they clicked a link....) and no consequences I know of for those responsible for that bad design. Our comrades built those vulnerable systems

marcosdumay1y ago

> Reinstalling an OS is not really, really bad. It's an inconvenience.

The way most places are organized today, getting computers infected is a potentially unfixable issue.

worik1y ago

> Security people don't seem to really assess what are the actual consequences of breaches. Just that they are "really really bad" and

Security people are acutely aware of the consequences of a breach.

Look at the catastrophic consequences of the recent wave of ransomware attacks.

Lax security at all levels, victim blaming (they clicked a link....) and no consequences I know of foe those responsible for that bad design

j / k navigate · click thread line to collapse