272
submitted 3 months ago by Brkdncr@lemmy.world to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] TwitchingCheese@lemmy.world 11 points 3 months ago* (last edited 1 month ago)

I get that it's not the point of the article or really an argument being made but this annoys me:

We could blame United or Delta that decided to run EDR software on a machine that was supposed to display flight details at a check-in counter. Sure, it makes sense to run EDR on a mission-critical machine, but on a dumb display of information?

I mean yea that's like running EDR on your HVAC controllers. Oh no, what's a hacker going to do, turn off the AC? Try asking Target about that one.

You've got displays showing live data and I haven't seen an army of staff running USB drives to every TV when a flight gets delayed. Those displays have at least some connection into your network, and an unlocked door doesn't care who it lets in. Sure you can firewall off those machines to only what they need, unless your firewall has a 0-day that lets them bypass it, or the system they pull data from does. Or maybe they just hijack all the displays to show porn for a laugh, or falsified gate and time info to cause chaos for the staff.

Security works in layers because, as clearly shown in this incident, individual systems and people are fallible. "It's not like I need to secure this" is the attitude that leads to things like our joke of an IoT ecosystem. And to why things like CrowdStrike are even made in the first place.

this post was submitted on 22 Jul 2024
272 points (100.0% liked)

Technology

59430 readers
2412 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS