colossus

joined 1 year ago
[–] [email protected] 7 points 10 months ago (1 children)

And likely void the insurance policy too.

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago)

As someone who leads a major MDR and IR service, phishing was the root cause of about 7.5% of incidents last year. Exploits are #1 around 47% of incidents, followed by compromised credentials around 30% of incidents.

This only represents SME and Enterprise. Phishing likely could be #1 for individuals.

[–] [email protected] 2 points 1 year ago

Sounds like you’re proposing WebAuthn which already exists. Keep in mind that there are attacks against RSA with PKCS1 padding. I’d use a more secure cryptographic primitive than RSA (I.e. elliptic curves) - there’s a reason cryptographic experts don’t look towards RSA these days.

[–] [email protected] 2 points 1 year ago

MTTD isn’t a great metric on its own and suffers from only being useful after an attack.

I prefer Katz’ approach.