Not smart to take your security advice from the same organisation that leaked the hacking tools that the bad guys are probably going to use to hack you.
Why? All security agencies have both offensive and defensive operations. Hacking tools leak often, because you have to install them on hostile systems. So it seems like an unrealistic goal to want an agency with good defensive advice and no leaks.
I think you're confusing the NSA with CISA. CISA is to my knowledge entirely defensive, and the biggest leaks of hacking tools to which I suspect you're referring came from the NSA (and CIA IIRC, but more famously NSA).
Unless the "same organization" is the USG, and you're casually assuming all of its left and right tentacles know what the others are doing, in which case I'd say you're laughably optimistic about its competence.
I know the difference between the CISA and the NSA.
The NSA infiltrated and compromised the NIST (and got caught), so I can't see why they wouldn't do the same to CISA.
Basically, yes, I'm saying don't trust the entire USG, because they have a catastrophic record on security, both defensive (OMB leak) and offensive (attacking your own team is an own goal).
Kinda sounds like: "Hey we just poked the bear. Here is a bunch of vulnerabilities that we've been using on rainy days. We think we've burned these vulns so it's time to patch them now. Please hurry."
Reading the list of vulnerabilities that were added on March 3 to the "known exploited vulnerabilities catalog" [1] makes me want to go full Commander Adama and never network any computer ever again.
> While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region. ...
That word "unprovoked" is... loaded. Here's a definition:
> (of an attack, or a display of aggression or emotion) not caused by anything done or said.
Stepping out of the current climate, one might characterize NATO's relentless, creeping eastward expansion right up to Russia's border as something that might provoke a response. The Monroe Doctrine defines two entire continents as the US sphere of influence. The Cuban Missile Crisis demonstrated the US commitment to nuclear war if need be to avoid the placement of hostile forced on its borders.
This is not what people want to hear right now. But it is exactly what they should be hearing.
This lecture might be eye opening if any of this sounds contrived or like propaganda.
15 comments
[ 213 ms ] story [ 816 ms ] threadUnless the "same organization" is the USG, and you're casually assuming all of its left and right tentacles know what the others are doing, in which case I'd say you're laughably optimistic about its competence.
The NSA infiltrated and compromised the NIST (and got caught), so I can't see why they wouldn't do the same to CISA.
Basically, yes, I'm saying don't trust the entire USG, because they have a catastrophic record on security, both defensive (OMB leak) and offensive (attacking your own team is an own goal).
[1] https://www.cisa.gov/known-exploited-vulnerabilities-catalog
For some definitions of unprovoked.
https://youtu.be/JrMiSQAGOS4
That word "unprovoked" is... loaded. Here's a definition:
> (of an attack, or a display of aggression or emotion) not caused by anything done or said.
Stepping out of the current climate, one might characterize NATO's relentless, creeping eastward expansion right up to Russia's border as something that might provoke a response. The Monroe Doctrine defines two entire continents as the US sphere of influence. The Cuban Missile Crisis demonstrated the US commitment to nuclear war if need be to avoid the placement of hostile forced on its borders.
This is not what people want to hear right now. But it is exactly what they should be hearing.
This lecture might be eye opening if any of this sounds contrived or like propaganda.
https://www.youtube.com/watch?v=JrMiSQAGOS4