@adamshostack I would like it to be illegal for insurance companies to pay ransoms. The market is giant and lucrative because of the amount of money flowing in via these companies. Threat actors playbook involve finding the cyber insurance policy after the initial access and extorting them for the amount of coverage in the policy. The cost to pay a ransom is distributed to everyone who buys cyber insurance in the form of the six figure insurance premiums everyone pays up front. This model is creating massive financial incentives for cybercrime that didn't exist anywhere near this scale until cyber insurance made it possible for every business to be a multi million dollar jackpot for hackers.

@brett good for them for sticking it out and not caving to ransom demands. The more people do that the less profitable organized cybercrime will be.

@http_error_418 @pluralistic I've had similar issues searching splunk docs from Google. If you add /site:docs.splunk.com to the search it returns expected results.

@hacks4pancakes answering as a long time sans customer... If I see pronouns in a person's bio it signals they are willing to be respectful of others identity and I feel more willing to support that vendor than one that is disrespectful. I recognize that it can put a target on those that do use non binary terms and I appreciate their courage.

@http_error_418 use encryption at rest and don't give the decryption keys to the admins?

@jerry One thing that never ceases to amaze me is how hard it is to actually configure most platforms to be secure. I can't think of any other product where it is unsafe by default and you have to spend hours/days/weeks looking at every little aspect of it in order to make it safe for people to use. I was hoping that would change with the cloud but some of the biggest players are still making things insecure by default. To me it's very understandable why systems are stood up in insecure configurations and left that way because the average operations person's primary concern is to get it working and you need comical amounts of expertise to tell if things are actually using secure configurations. Most software vendors are failing us in this regard.

@hacks4pancakes @lhn @likethecoins 😲 Congratulations!

@http_error_418 it's quite a marketing strategy. Maybe they can sell yoga pants that come in cammo and have lots of pockets and zippers for all of the stuff you need to carry around while doing yoga and being prepared for an attack? Personally I think the rex won do approach of wearing American flag body building pants and being prepared to deliver a round house kick to the face at any second is the best approach to achieving zen through yoga and meditation.

@metasecsol the screen shot in the article from the claim of the breech of 10000 feds is bizarre. They claim to have intercepted traffic and captured social media logins and porn passwords? That claim may just be propaganda...