MikeLikesCarsandStuff's discussions
Explore our other sites
  • kotaku
  • quartz
  • theroot
  • theinventory
    MikeLikesCarsandStuff's discussions
    mikelikescarsandstuff
    MikeLikesCarsandStuff
    mikelikescarsandstuff
    PostsDiscussionsSaved ArticlesFollowers (4)Following (1)

    You’re right, SCADA networks that run PLC’s are not the same “system” as their business applications but they have dependencies on these business applications to function. If you take those application offline the PLC’s cannot operate.

    Too many posters in the peanut gallery here who have no idea what they are talking

    You’re right, Which just underscores that this articles premise is false.

    If they hit their “billing” system, for a large org like Colonial that means their accounting/ERP system. The company cannot run with out it’s ERP. Too many processes and systems would rely on it to run. This whole article is utter bullshit.

    There are solutions that can work. Data immutability is becoming a bigger topic because of these attacks but that is just about preserving data, it doesn’t get you back up instantly.

    Even that isn’t really secure. The data has to be inputted somehow, flash drive, NAS, what ever. If there is malicious code on that device their “air gapped” server is borked.

    How is it air gapped with up to date data? Using something like Zerto for real time protection requires a network connection.

    You can use tapes to get air-gapped back up but your RPO isn’t going to be minutes or less. It’s likely at least a day and that is even unlikely depending on how much data you have....tapes

    As someone who works for a VAR that specializes in remediation following ransomware attacks you are on point.

    We helped an org recently who had outsourced their desktop support/management. The tech who had logged in (with AD admin credentials no less) got bored waiting for an update to finish and proceeded to open a

    Except, that is not what happened. That is just what an ignorant blogger misunderstood to have happened, but it didn’t.

    Find my any org that is completely up to date on patching/firmware/definitions. I’ll wait....

    In this case it wasn’t a zero day but my earlier point was that no org is 100% secure. Ever.

    No organization this large is still running their applications on bare metal. None. Maybe you find some old unsupported application that IT is just too scared to migrate for fear of a failure and not having access to support but broadly speaking, the world has been virtualized for more than a decade.

    I also work in IT

    Your reply is almost as inept as the post itself.

    You can spend as much as you want, nothing protects against zero day exploits. Even the sandboxing solutions out there do not really provide much/any protection.

    The attack did not target an “application” such as their billing/accounting system. It targets the underlying storage. Any data stored on that storage is then compromised.

    Jalopnik needs to stop writing about topics they have no understanding of.

    This list explains a lot about Jalopnik.....Not many actual enthusiast cars here. Mostly a collection of hipster junkers.

    Every time a Ford crashes and it is suspected their driver assists features may have been engaged there absolutely will be an article. Guaranteed. Because it’s news worthy.

    Being willing to post objective, valid criticism does not make Jalop anti anything.

    Except Tesla is refusing to release the data to investigators which is why they had to seek a court ordered subpoena.

    Has anyone, anywhere, ever actually felt threatened by their Applebee’s waitress?

    Stop trying to invent imaginary scenarios to justify Karen’s.

    Whose channel it was is irrelevant.

    This whole thing confuses me....you are the journalist, he is the subject.....why was he seemingly interviewing you?