this post was submitted on 16 Aug 2024
384 points (98.5% liked)

Cybersecurity - Memes

1964 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

Fun fact: The outdated software runs on outdated hardware, too.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 2 months ago (2 children)

I've said it before and I'll say it again - Cybersecurity as an enormous global industry owes it's existence to Microsoft. Period.

If Microsoft suddenly disappeared, cybersecurity would be more like Accounting - basic systems, managed in-house.

[–] [email protected] 11 points 2 months ago (1 children)

Horse manure! It owes it to managers that want to invest in new toys and stuff and don't want to hear/invest/spend on keeping stuff operational.

This is why a lot of companies end up leasing notebooks and stuff, cause then IT does not have to explain why it is time to replace hardware.. lease is up is something they understand. If you buy (which is cheaper) you end up fucking yourself cause by the time it needs to be replaced some penny pincher higher up will say.. nah this is still good for a few more years. And before you know it you are stuck with outdated crap that costs more and more time and effort to keep operational.

Same with infra.. and why IT pushes for cloud first. It's working so it's fine. No matter the switches are EOL and the server hardware is EOL and so is the OS without ESU.. we need to invest in this new piece of stuff.. no money for the rest.. just keep it running.

[–] [email protected] 4 points 2 months ago

But to that point - they inevitably spend millions on Microsoft either through windows laptops or office bundling because they buy the spew that “Microsoft will support it” and “If we get breached because of a problem with Microsoft they’ll cover us” or some similar crap.

No, and no. By the way, IT managers.

Building it is not always the right answer, and yes a Linux workstation for sales is gonna get people upset still, but. This moron treadmill of chasing Microsoft through whatever their latest absurdities are is heinously expensive and pathetic. Are you an IT company or not? Well?

[–] [email protected] 2 points 2 months ago (2 children)

I was going to make a Linux joke being why my company's security has been stable... Until the XZ Utils exploit.

[–] [email protected] 4 points 2 months ago

Yes, cybersecurity wouldn’t disappear, it just wouldn’t be the humongous, roiling, clusterf**k it usually is.

Name a high-profile breach on a *nix system not due to configuration (user) error. I’d add “or a hardware/firmware hack” but you get the idea.

[–] [email protected] 0 points 2 months ago (1 children)

Just this months patch tuesday notes:

Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day.

Sure, security vulnerabilities exist in the linux world, but luckily not that many.

[–] [email protected] 5 points 2 months ago* (last edited 2 months ago) (1 children)

yes and no. if you look at the number of reported CVEs, debian takes the crown of all operating systems. still feeling more secure on linux than any closed source system

[–] [email protected] 3 points 2 months ago

Yeah, that's because there's an entire cottage industry of people scraping old bug reports, and linter errors to create CVEs they can sell to customers worrying about security. It creates a huge number of false positives. E.g. see https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

I think any measure that is looking at a raw count is going to be meaningless. Particularly, comparing raw counts between open and closed software.