Yesterday: Infomercial about people stealing your home titles, life lock type of sales pitch from the back of the covered wagon. Anyhow, get the mail and open yet another “ breach of medical information “ from facilities easily hacked. So what good was life lock again kids?
@MidnightRider After 25 years in IT I came to the conclusion that nothing online is ever, truly, safe and secure. You build a tighter system and hackers just build a better hacking system. We got hacked a couple times while I worked at MSU and I know they did the best they could to secure the data.
@cjcrew @MidnightRider My perspective on security, as someone who's done *some* IT work in the past (not a lot) is anything that doesn't have to be Internet-connected shouldn't be, anything that doesn't have to be networked shouldn't be, & anything that doesn't have to be computerized shouldn't be.
At least from what I've seen, the best way to avoid data breaches is to minimize attack surface... computers, networking, & the Internet all respectively expose progressively larger attack surfaces.
@cjcrew @MidnightRider Physical security is a problem with much more reliable, tried-&-tested solutions than digital security... & I suspect that's not just because it's a much older problem.
A large part of it seems to be because physical vulnerabilities are, to a certain extent, visible & naturally intuitive; digital vulnerabilities aren't.
You can review every aspect of facility design & security measures, whereas most of the time it's not feasible to review every line of code you're using.
@cjcrew @MidnightRider I think the problem of computerized, Internet-connected systems being functionally impossible to fully secure may eventually prove fatal to the connected world we know today.
With cybercrime placing a rapidly-increasing burden on society, I think it's entirely possible that we'll reach a point where companies & organizations start deciding the juice isn't worth the squeeze, & start disconnecting their infrastructure from the Internet.
And that may only be the first step.
@IrelandTorin @MidnightRider Always possible, I won’t see that but younger people might.
Personally I’m thinking we’ll lose power and all our data with it. But then I never recovered from MSU putting the card catalo online and then completely doing away with the physical cards. It’s gonna be hell to rewrite all those cards! 😎
@cjcrew @MidnightRider Imagine a world where every public-facing corporate email account on the planet is getting hit every few seconds with extremely convincing / sophisticated messages trying to convince them to inadvertently share sensitive information or unwittingly download ransomware...
So much crap that for every legitimate message, there are 100+ messages from fully autonomous attack toolchains capable of not just infecting computers, but full on over-the-phone renting servers to use...
@cjcrew @MidnightRider That's just the tip of the iceberg of what seems likely, from my perspective.
People and investors have such high hopes for AI - but I think it may actually be the equivalent of signing a death warrant for the global Internet; the degree of utility it provides cybercriminals is... unprecedented.
It's a scammer's wet dream - instead of having people write a few hundred messages per day, they can run inference on a commodity compute cluster and write millions+ *per hour*.
@IrelandTorin @MidnightRider There’s a saying in IT, garbage in, garbage out. AI is a tool, but humans tend to break their tools. In the wrong hands AI could be dangerous, and the wrong hands always show up eventually.
Just my opinion, I don't trust well..
@IrelandTorin @MidnightRider I just dealt with getting slammed by spam. I mean I was getting at least twenty pieces of spam daily, something that had never happened to me before. I tried blocking the email addresses but those are computer generated and impossible to block because it’s never the same twice. I finally started deleting games I had downloaded, a few that I’d been playing for years. It’s finally died down. I also realized my virus software had lapsed, doing that later this week.
@cjcrew @MidnightRider I feel the timing may end up being a lot sooner than anyone expects.
AI has the potential to turbo-charge cybercrime; it has relatively few defensive applications, but is a very powerful offensive tool, whether that's finding zero-day attacks on-the-fly for people who aren't anywhere near skilled enough to do it themselves, powering social engineering tools that produce vast amounts of "perfect" output even trained eyes have trouble differentiating, or other things.