15 comments

[ 213 ms ] story [ 816 ms ] thread
Not smart to take your security advice from the same organisation that leaked the hacking tools that the bad guys are probably going to use to hack you.
Why? All security agencies have both offensive and defensive operations. Hacking tools leak often, because you have to install them on hostile systems. So it seems like an unrealistic goal to want an agency with good defensive advice and no leaks.
I think you're confusing the NSA with CISA. CISA is to my knowledge entirely defensive, and the biggest leaks of hacking tools to which I suspect you're referring came from the NSA (and CIA IIRC, but more famously NSA).

Unless the "same organization" is the USG, and you're casually assuming all of its left and right tentacles know what the others are doing, in which case I'd say you're laughably optimistic about its competence.

I know the difference between the CISA and the NSA.

The NSA infiltrated and compromised the NIST (and got caught), so I can't see why they wouldn't do the same to CISA.

Basically, yes, I'm saying don't trust the entire USG, because they have a catastrophic record on security, both defensive (OMB leak) and offensive (attacking your own team is an own goal).

Ah, so wild speculation that maybe the NSA is somehow behind it after all. Gotcha.
The history of the NSA shows that wild speculation is usually not sufficient to understand what they are up to.
Kinda sounds like: "Hey we just poked the bear. Here is a bunch of vulnerabilities that we've been using on rainy days. We think we've burned these vulns so it's time to patch them now. Please hurry."
> While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region. ...

That word "unprovoked" is... loaded. Here's a definition:

> (of an attack, or a display of aggression or emotion) not caused by anything done or said.

Stepping out of the current climate, one might characterize NATO's relentless, creeping eastward expansion right up to Russia's border as something that might provoke a response. The Monroe Doctrine defines two entire continents as the US sphere of influence. The Cuban Missile Crisis demonstrated the US commitment to nuclear war if need be to avoid the placement of hostile forced on its borders.

This is not what people want to hear right now. But it is exactly what they should be hearing.

This lecture might be eye opening if any of this sounds contrived or like propaganda.

https://www.youtube.com/watch?v=JrMiSQAGOS4

(comment deleted)
That’s a whole lot of “cyber”.