5 comments

[ 2.9 ms ] story [ 19.3 ms ] thread
It is truly fascinating (and of course, terrifying) to watch governments expect, demand and enforce complete transparency and blind trust from the people, while providing absolutely none of either.
One of the reasons legal immunity is being offered is because corporations are suspicious that the data will get used to enforce regulations, bring lawsuits or otherwise be a tool of legal pressure.

The Government in this case is willing to make a promise (who knows how well it will be kept) not to use the information for parallel construction or explicit enforcement. In turn they get to protect the business and American industries from cyber attacks and give the data for analysis and processing for whatever national security purposes the DoD deems necessary.

There are industries that are already onboarded - financial and energy. CISA would expand these to other industries.

My domain was on an Ubuntu LTS server that had reached the end of the LTS, so I had to move it a couple weeks ago. I created a new virtual server at Rackspace with a newer OS.

Within a very short time, there were several different IP addresses from Russia trying to guess the passwords for root and several other common accounts.

Not too long after, Chinese IP addresses joined the party.

Note that this was before I had finished migrating my domain to the new server (the Russians showed up before I even started the migration). None of my DNS entries pointed to the new server yet. They probably are scanning all Rackspace IP addresses looking for new servers. I would expect that the same happens at other major server providers.

I don't know if CISA is the right approach or not, but we need to do something to defend against this stuff.

If CISA is not the right approach, the opponents need to start suggesting an alternative that addresses the problem better, because otherwise the pressure is going to mount to pass something, and if CISA is the only proposal available that will be the one that passes.

You had set a strong root password, correct? So in what sense had you not already "done something" that successfully defended against "this stuff" ?

You could ask Rackspace to implement a feature where newly setup servers have most incoming traffic dropped until the customer finishes setting up. You're also free to -j DROP all packets from outside the US if you think that would help.

But your wording makes it sound like you think there exists some collective action the government could take to prevent you even being scanned by "others". If you believe this is the case, the burden is on you by far to propose a specific concrete solution and thoroughly convince others that it is necessary.

I, for one, don't see how it's possible for an ambient authority to "secure" a network based on peer to peer communication without destroying it in the process.