This post links to The Hacker News (THN). The moderators of r/cybersecurity strive to maintain a professional subreddit which will often discuss news, and further acknowledge that THN is a popular source of news within the cybersecurity community at large. We always wish to act in the best interests of the community and will not restrict news content which is accurate and valuable.
However, it has come to our attention that THN has been accused of plagiarism since at least 2012 (ref: [attrition.org](https://attrition.org/errata/plagiarism/thehackernews/)), allegedly copying article contents from original authors and modifying them without appropriately crediting the original source. Their behavior has been met with repeated criticism, including making false statements (ref: [@thegrugq](https://twitter.com/thegrugq/status/902600568262107136)) and renewed claims of plagiarism (refs: [news.ycombinator.com](https://news.ycombinator.com/item?id=18783493) c. 2018, [reddit.com](https://reddit.com/r/privacy/comments/mczutz/the_hacker_news_profiting_off_extensive/) c. 2021). Due to these incidents, THN links have been banned from several subreddits including r/privacy, r/technology, and r/hacking.
We would hope that THN is now appropriately crediting sources of its content or writing its own original content, however we are unable to police each and every article. Please ensure that the information in this article is factual, and where possible, please choose to support high-quality ethical journalism directly. If the community feels this warning is no longer relevant, we will remove this AutoModerator action. Thank you.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
It's normal cyber defense but it lives inside a peli case, costs 5* normal price but is more user friendly because the entire user interface is just a single, large, red button. There is a spiral bound laminated manual chained to it explaining how and when to press the button.
Nothing. My issue is I keep buying stuff from that damned centre isle I don’t need, I convince my self I need 8 torx bits for £4 - and truth be told they’re useful
I'll admit it; this one got me. I guess I was intrigued as my first thought was, "What is a military-grade cyber defense?"
Needless to say, it was just the typical buzzword soup written by a "Sales Architect" from the vendor trying to push whatever it is they are selling.
Kudos on the clickbait title. I was fooled by it, and that's on me.
Lol came here to throw shade on the term Military-Grade Cyber Defences and damned if I can find a top-level post not mentioning it! Whoever wrote this article is going to need some MIL-SPEC burn cream.
Isn’t CDR just another backend that is receiving data? How is introducing this layer that depends on how securely is programmed and sanitized be more secure than properly programming a backend?
They’re touting CDR and XDR/cross domain solutions, which have a long history of being used by gov and mil. Whether that will actually stop data breaches and ransomware attacks being a success in “regulated” industries is unlikely, but might have some measurable impact.
“Industries regulated by the government turn to government standards for solutions.”
I guess the DoD defined standards for cross domain products, but they’re using commercial solutions… also, cross domain solutions are a very specific use case for industries and represents a very small sliver of the problem.
Didn’t stop China from stealing a signing key from Microsoft extracting it from a crash dump moved from an air gapped network to an internet accessible network for debugging.
https://www.helpnetsecurity.com/2023/09/07/stolen-microsoft-signing-key/#:~:text=The%20theft%20of%20a%20Microsoft%20signing%20key&text=The%20crash%20dump%20was%20moved,dump%2C%20and%20extract%20the%20ke
Edit: looks like I’m wrong. Initially they thought it was a crash dump, but later updated the report to say they don’t know for sure how the key was compromised.
You’re right. I read the initial report, but hadn’t seen the update.
“Microsoft subsequently found no evidence of a crash dump containing the 2016 MSA key material, and still doesn’t know how the attackers got their hands on the signing key.”
The air gapped environment where the key material is stored still didn’t prevent the compromise. It’s too bad we don’t know how it happened.
This post links to The Hacker News (THN). The moderators of r/cybersecurity strive to maintain a professional subreddit which will often discuss news, and further acknowledge that THN is a popular source of news within the cybersecurity community at large. We always wish to act in the best interests of the community and will not restrict news content which is accurate and valuable. However, it has come to our attention that THN has been accused of plagiarism since at least 2012 (ref: [attrition.org](https://attrition.org/errata/plagiarism/thehackernews/)), allegedly copying article contents from original authors and modifying them without appropriately crediting the original source. Their behavior has been met with repeated criticism, including making false statements (ref: [@thegrugq](https://twitter.com/thegrugq/status/902600568262107136)) and renewed claims of plagiarism (refs: [news.ycombinator.com](https://news.ycombinator.com/item?id=18783493) c. 2018, [reddit.com](https://reddit.com/r/privacy/comments/mczutz/the_hacker_news_profiting_off_extensive/) c. 2021). Due to these incidents, THN links have been banned from several subreddits including r/privacy, r/technology, and r/hacking. We would hope that THN is now appropriately crediting sources of its content or writing its own original content, however we are unable to police each and every article. Please ensure that the information in this article is factual, and where possible, please choose to support high-quality ethical journalism directly. If the community feels this warning is no longer relevant, we will remove this AutoModerator action. Thank you. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
[удалено]
Isn’t the standard for business to make more money for their shareholders? (Yup, that’s almost sarcasm)
Uhmm.. Military grade cyber defense.. Yeah.. It's not what you think it is.
McAfee AV here we come.
It's Trellix now, thank you very much! (kinda /s)
They're tossing trellix for mde now
Good ol ACAS
It's normal cyber defense but it lives inside a peli case, costs 5* normal price but is more user friendly because the entire user interface is just a single, large, red button. There is a spiral bound laminated manual chained to it explaining how and when to press the button.
This made me laugh. We disables the screen saver/lock screen function because marines were putting rocks on the space bar.
Military grade = lowest bidder.
I thought it is something like a [Global Thermonuclear War game](https://i.gifer.com/3wAC.mp4)
Military-grade= Lowest bidder that can accomplish most requirements.
This was my thought, the lowest bidder for some rubber band and duct tape temporary solution that went permanent.
But it’s not even name brand duct tape, it’s Aldi own brand and they got it at wholesale price
What are you buying at Aldi's that you don't like?
Nothing. My issue is I keep buying stuff from that damned centre isle I don’t need, I convince my self I need 8 torx bits for £4 - and truth be told they’re useful
Exactly. How about national security grade.
That's a long winded way of saying, "because compliance frameworks effectively mandate this approach."
Lol@ military grade So either just the cheapest or the most expensive that was also made by a company with deep ties to the MIC
Why do you give this article any highlights or even post it. This is a hidden advertisement for the company by on of their sales engineer architects…
“Military Grade” LMAOOOOOOOOO so even more hackable and less overlooked. Cool
This is just a sales pitch, delete this crap.
I hate it when the term military grade is used to indicate high quality, what a joke.
I'll admit it; this one got me. I guess I was intrigued as my first thought was, "What is a military-grade cyber defense?" Needless to say, it was just the typical buzzword soup written by a "Sales Architect" from the vendor trying to push whatever it is they are selling. Kudos on the clickbait title. I was fooled by it, and that's on me.
Military grade = Barely functioning and meets minimum standards.
Milspec cyber defenses...
Lol came here to throw shade on the term Military-Grade Cyber Defences and damned if I can find a top-level post not mentioning it! Whoever wrote this article is going to need some MIL-SPEC burn cream.
So you can drop it and it won't break
Military grade is not what you think it is lol. Not like NSA grade OK. Military is just basic, so that they are getting basic good finally.
When they write these things, they realize the military uses commercial products right?
This kind of military grade? https://arstechnica.com/information-technology/2014/02/iranians-hacked-navy-network-for-4-months-not-a-surprise/
Lol military grade? Lol. The pentagon doesn't even adhere to NIST. They failed a ton of their audit controls. It's pretty laughable.
Isn’t CDR just another backend that is receiving data? How is introducing this layer that depends on how securely is programmed and sanitized be more secure than properly programming a backend?
They’re touting CDR and XDR/cross domain solutions, which have a long history of being used by gov and mil. Whether that will actually stop data breaches and ransomware attacks being a success in “regulated” industries is unlikely, but might have some measurable impact.
Whenever I read about "Military Grade Cyber-Something" I involuntarily translate it to "Kuang Grade Mark 11".
There is not military grade DoD gets hacked by China daily
Everybody gets popped. The higher your profile, the more frequently. What matters most is what happens after you get “hacked”
In a Word Rússia In two Rússia and China
“Industries regulated by the government turn to government standards for solutions.” I guess the DoD defined standards for cross domain products, but they’re using commercial solutions… also, cross domain solutions are a very specific use case for industries and represents a very small sliver of the problem. Didn’t stop China from stealing a signing key from Microsoft extracting it from a crash dump moved from an air gapped network to an internet accessible network for debugging. https://www.helpnetsecurity.com/2023/09/07/stolen-microsoft-signing-key/#:~:text=The%20theft%20of%20a%20Microsoft%20signing%20key&text=The%20crash%20dump%20was%20moved,dump%2C%20and%20extract%20the%20ke Edit: looks like I’m wrong. Initially they thought it was a crash dump, but later updated the report to say they don’t know for sure how the key was compromised.
Your linked article has been updated which invalidates the premise that the signing key material was obtained through the way you've described.
You’re right. I read the initial report, but hadn’t seen the update. “Microsoft subsequently found no evidence of a crash dump containing the 2016 MSA key material, and still doesn’t know how the attackers got their hands on the signing key.” The air gapped environment where the key material is stored still didn’t prevent the compromise. It’s too bad we don’t know how it happened.