@MidnightRider After 25 years in IT I came to the conclusion that nothing online is ever, truly, safe and secure. You build a tighter system and hackers just build a better hacking system. We got hacked a couple times while I worked at MSU and I know they did the best they could to secure the data.
@cjcrew @MidnightRider My perspective on security, as someone who's done *some* IT work in the past (not a lot) is anything that doesn't have to be Internet-connected shouldn't be, anything that doesn't have to be networked shouldn't be, & anything that doesn't have to be computerized shouldn't be.
At least from what I've seen, the best way to avoid data breaches is to minimize attack surface... computers, networking, & the Internet all respectively expose progressively larger attack surfaces.
@cjcrew @MidnightRider Physical security is a problem with much more reliable, tried-&-tested solutions than digital security... & I suspect that's not just because it's a much older problem.
A large part of it seems to be because physical vulnerabilities are, to a certain extent, visible & naturally intuitive; digital vulnerabilities aren't.
You can review every aspect of facility design & security measures, whereas most of the time it's not feasible to review every line of code you're using.
@cjcrew @MidnightRider I think the problem of computerized, Internet-connected systems being functionally impossible to fully secure may eventually prove fatal to the connected world we know today.
With cybercrime placing a rapidly-increasing burden on society, I think it's entirely possible that we'll reach a point where companies & organizations start deciding the juice isn't worth the squeeze, & start disconnecting their infrastructure from the Internet.
And that may only be the first step.
@IrelandTorin @MidnightRider Always possible, I won’t see that but younger people might.
Personally I’m thinking we’ll lose power and all our data with it. But then I never recovered from MSU putting the card catalo online and then completely doing away with the physical cards. It’s gonna be hell to rewrite all those cards! 😎
@cjcrew @MidnightRider I feel the timing may end up being a lot sooner than anyone expects.
AI has the potential to turbo-charge cybercrime; it has relatively few defensive applications, but is a very powerful offensive tool, whether that's finding zero-day attacks on-the-fly for people who aren't anywhere near skilled enough to do it themselves, powering social engineering tools that produce vast amounts of "perfect" output even trained eyes have trouble differentiating, or other things.
@cjcrew @MidnightRider Imagine a world where every public-facing corporate email account on the planet is getting hit every few seconds with extremely convincing / sophisticated messages trying to convince them to inadvertently share sensitive information or unwittingly download ransomware...
So much crap that for every legitimate message, there are 100+ messages from fully autonomous attack toolchains capable of not just infecting computers, but full on over-the-phone renting servers to use...
@IrelandTorin @MidnightRider There’s a saying in IT, garbage in, garbage out. AI is a tool, but humans tend to break their tools. In the wrong hands AI could be dangerous, and the wrong hands always show up eventually.
Just my opinion, I don't trust well..