MD Gov calls for more fed regulations on IT infrastructure after cyberattacks

[BmorePat87]

https://www.wusa9.com/article/news/politics/governor-larry-hogan-cyber-attack-security-hack-ransomware/65-f3bccb02-786b-414f-80bb-ad6f59516257

I have a lot of issues with my governor, but I have to agree with this.

[Au165]

The biggest problem is that most cybersecurity breaches are legitimately caused by the same stupid phishing crap that has gone on since the beginning of the internet. When it isn't the repurposing of passwords it's clicking on links or visiting sites that are embedding malware. A few years ago when ransomware was really popular taking down small businesses and even larger ones, they were almost always brought on the network through employees clicking on something they shouldn't have. They can then spread it to other associated businesses by using their compromised systems to distribute it in disguise as official business.

Until we better train people to quit being stupid these kinds of things are going to continue. I agree we as a whole need to beef up security for staving off attacks but the easiest way into networks isn't brute-forcing it is simply waiting for stupid people to invite you in.

[Goalpost]

I'm thinking there is an ignorance factor involved in this. Some of the older legislators probably aren't even internet savvy. So it's the tail walking the dog understanding the security issues. I think it will be fixed but just slow at the start.

[BmorePat87]

(06-02-2021, 10:01 AM)Au165 Wrote: The biggest problem is that most cybersecurity breaches are legitimately caused by the same stupid phishing crap that has gone on since the beginning of the internet. When it isn't the repurposing of passwords it's clicking on links or visiting sites that are embedding malware. A few years ago when ransomware was really popular taking down small businesses and even larger ones, they were almost always brought on the network through employees clicking on something they shouldn't have. They can then spread it to other associated businesses by using their compromised systems to distribute it in disguise as official business.

Until we better train people to quit being stupid these kinds of things are going to continue. I agree we as a whole need to beef up security for staving off attacks but the easiest way into networks isn't brute-forcing it is simply waiting for stupid people to invite you in.

Schools should be teaching more technology literacy, but the assumption is that kids are tech savvy because they've grown up with it. Some are, but most can barely function on anything beyond a smart phone. 

[Au165]

(06-02-2021, 05:09 PM)BmorePat87 Wrote: Schools should be teaching more technology literacy, but the assumption is that kids are tech savvy because they've grown up with it. Some are, but most can barely function on anything beyond a smart phone. 

While we are at it requiring financial literacy classes for graduation would do wonders for the country.

[Sociopathicsteelerfan]

(06-02-2021, 10:01 AM)Au165 Wrote: The biggest problem is that most cybersecurity breaches are legitimately caused by the same stupid phishing crap that has gone on since the beginning of the internet. When it isn't the repurposing of passwords it's clicking on links or visiting sites that are embedding malware. A few years ago when ransomware was really popular taking down small businesses and even larger ones, they were almost always brought on the network through employees clicking on something they shouldn't have. They can then spread it to other associated businesses by using their compromised systems to distribute it in disguise as official business.

Until we better train people to quit being stupid these kinds of things are going to continue. I agree we as a whole need to beef up security for staving off attacks but the easiest way into networks isn't brute-forcing it is simply waiting for stupid people to invite you in.

Dude, you'd be shocked, absolutely shocked, at what some otherwise intelligent people fall for.  We have a phishing report button on our e-mail accounts.  Some of the e-mails that we get are so damned obvious, yet people still respond to them or ask me if they should report them.  I have a very intelligent female friend who literally sent someone money over an e-mail.  Now, I can see you thinking that means she's not very intelligent, but trust me, she is.

(06-02-2021, 07:30 PM)Au165 Wrote: While we are at it requiring financial literacy classes for graduation would do wonders for the country.

Bmore and I talked about that in a thread several months ago.  We both think it's a great idea and he's advocated for it.  Problem is, kids aren't any more likely to pay attention in that class than any other.  So, even if you had it I doubt it would help many/most people.  Still, the more people you reach the better.  I'm reminded of a documentary I saw (it might have just been a special on ESPN or the like) about how most professional athletes are broke not long after their career ends.  In it a guy was talking about the financial literacy course that NFL rookies have to take and the warning they were issued.  He and his friend both laughed at the people "stupid" enough to end up that way.  Then he and his friend both ended up that way.  It is a rare person who can learn from the mistakes, or warnings, of others.  Hell, my dad warned me about incurring debt all the time, it didn't stop me from having over 60k in credit card debt by the time I was 24.  It took me about ten years to fully dig out of that hole, and certainly delayed my buying a house.  But in the end, lesson learned.  The goddamned hard way. 

[BmorePat87]

(06-02-2021, 07:30 PM)Au165 Wrote: While we are at it requiring financial literacy classes for graduation would do wonders for the country.

My state pushed legislation to require it in 2008. My county's response was to include it in the final 2 weeks of sophomore government class (what I teach). We're actually in the middle of it right now. Not nearly enough time and not when it should be taken.

We have a really awesome math elective that's a full year course on it, but our county refuses to allow it to count as a math credit and forces students to take algebra II (you have to pass 3 math classes and sit for a 3rd, and our county requires that you take Algebra II before any other math classes). It never runs anymore. When it did, we had a ton of seniors in it and students with disabilities from our life skills, non diploma track.  

[NATI BENGALS]

If you found out where the hackers were located would you bomb them? We are calling them terrorists.

I think I would. Need to set some examples. Just because you are sitting behind a mouse and keyboard doesn’t mean you are not doing real world damage. This is something that is never going to end I feel like. So the only way to slow it down is a show of force as a deterrent. It’s like robbing a bank from the comfort of your own home and companies paying up is going to create a lot of copy cats.

[*TheLeonardLeap*]

(06-02-2021, 05:09 PM)BmorePat87 Wrote: Schools should be teaching more technology literacy, but the assumption is that kids are tech savvy because they've grown up with it. Some are, but most can barely function on anything beyond a smart phone. 

(06-02-2021, 07:30 PM)Au165 Wrote: While we are at it requiring financial literacy classes for graduation would do wonders for the country.

Can't do that. How would they fit in meaningful life skills/knowledge? Can't get rid of 2 years of a foreign language, generally taught by a non-native speaker, that you won't remember while at an age where you're past your language learning prime. Can't get rid of pre-Calculus, Chemistry, Algebra-2, or learning about old English poets. Those are all things that will be desperately needed for everyone's upcoming life. Certainly can't cut back on the time spent learning only what you need to pass standardized tests that are a true gauge of academic excellence.

[BmorePat87]

(06-08-2021, 02:59 PM)TheLeonardLeap Wrote: Can't do that. How would they fit in meaningful life skills/knowledge? Can't get rid of 2 years of a foreign language, generally taught by a non-native speaker, that you won't remember while at an age where you're past your language learning prime. Can't get rid of pre-Calculus, Chemistry, Algebra-2, or learning about old English poets. Those are all things that will be desperately needed for everyone's upcoming life. Certainly can't cut back on the time spent learning only what you need to pass standardized tests that are a true gauge of academic excellence.

Our county lets you swap out the language for advanced tech-ed classes, vo-tech programs, an apprenticeship, or career research/work study, which is an improvement, but we still can't get that damn financial lit class running because of how they force you to take algebra II, which is 75% learning about functions.