this post was submitted on 22 Mar 2024
136 points (98.6% liked)

Cybersecurity

5639 readers
179 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 7 months ago

The problem isn't with testing (which is an issue), but standardization on specific solutions. When everyone needs to use the same thing, it's a lot more valuable to attack it.

So what we need is more alternatives that work together.

I don't know anything about the trucking industry, so I'll use IT instead. A lot of companies standardize on Cisco equipment, so when there's a breach, everyone is screwed. The problem isn't that Cisco is insecure, it's that Cisco is ubiquitous, so one breach screws over everyone. If networking equipment was more a la carte, it's unlikely a breach would impact all of the equipment used (e.g. a Mikrotik Router, Mikrotik Switch, Ubiquiti Access Points, etc). But bundling solutions is the name of the game for these large operations, which increases the fallout from a breach.

That's why Windows gets so many viruses, it's not because Windows sucks (it does), it's because it's such a huge target and you'll get so much more value from attacking it than attacking a potentially easier target.