The games journalist debate over covering the hack is a look in the mirror

  • vexikron
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    13
    ·
    edit-2
    11 months ago

    To me the real story here is that the field of cybersecurity, and actually proprietary software in general is a giant fucking scam: we see hacks happening constantly to huge companies and government agencies that either advertise their products/services or market/promote themselves as very secure.

    The only actual known and effective way to combat this in almost every scenario you have ever heard of is to use open source software that can be reviewed by anyone, and when a flaw is found, an alert can go out and then it gets fixed, and you can actually verify that it has been fixed; that combined with actually having employees follow basic cybersec guidelines.

    Time and time again individuals and large organizations pay for proprietary software that claims it is secure, and often either have cybersecurity ‘experts’ on staff, or consult with a cybersec firm.

    Time and time again people and organizations pay for software that is sold to them as providing security, and when it doesnt, the sellers of said software are never actually liable.

    Why would anyone trust any kind of such software at all? Much less pat for it?

    And the hacks just keep happening.

    Accountability for this is no where. Not in any real, effective sense.

    • misanthropy@lemm.ee
      link
      fedilink
      English
      arrow-up
      12
      ·
      11 months ago

      I’m too lazy to look into this specific one, but basically all “hacks” these days start with social engineering

      • vexikron
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        3
        ·
        edit-2
        11 months ago

        Yes, which can be avoided with the basic cybersecurity standard of teaching your employees how to not fall for that.

        Literally not much more complicated than ‘dont give anyone your work login and password, If you think something is suspicious, report it to security and never, ever, EVER connect any of your work hardware or accounts to your personal hardware or accounts’.

        But to your main point yes, its a million times easier to hack a human brain than a computer, and no one seems to get this.

        Am I the only person that has read or even heard of Kevin Mitnick?

        • MudMan@kbin.social
          link
          fedilink
          arrow-up
          6
          arrow-down
          2
          ·
          11 months ago

          Heh. It’s a LOT more complicated than that. Especially post-covid, with everybody ready to support working from home.

          Hey, good luck getting hundreds to thousands of people, ranging from engineers to a bunch of kids doing QA to technically illiterate administrative positions and office workers to keep rigid, government-level security standards when each and every one of them has some degree of remote access and mostly are just… you know, going about their lives and going to work every day. You sound like you’d love doing IT for a game studio.

          And hey, guess what, all of their work hardware and accounts are probably connected to their personal hardware and accounts. Or are, in fact, the same hardware and accounts. Nobody has time or money to equip every single employee with a second phone and laptop overnight and all of them had to work remotely during the pandemic, just as much as everybody else. It’s kind of chilling to know that the games industry is under this level of harassment and these leaks keep happening, because I guarantee any other non-tech industry that has shifted to remote work the past few years is doing much worse at this. Gaming was already weirdly secretive, even when compared to movies and TV or other similar cultural industries.

          For the record, games are full of open source software (and closed source as well). Go check out the list of OSS on any game’s credits. They still have to comply by disclosures required by most licenses, so it’ll be in there somewhere.

          • vexikron
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            5
            ·
            edit-2
            11 months ago

            Uh… I have managed and maintained cybersecurity policies for a non profit albeit not as head of IT but working in close cooperation with him as the team i was on was in charge of a huge system that nearly all employees and definitely all our clients used.

            We successfully managed to not have any cybersecurity incidents while I was working there.

            We gave everyone work phones and work laptops because that is how you do cybersecurity right.

            And uh, no, if youre going by companies specifically being targeted and compromised by hackers, as opposed to hackers going for anything connected to a widely used software service, uh, gaming companies are actually doing far worse than other industries, likely due in large part to incompetent management.

            Sure, yep, its chilling that employees at video game companies are at risk because their management is incompetent.

            No clue what you mean by ‘gaming was always weirdly secretive when compared to movies and music.’ Music and movies are even easier to pirate than video games which have to be cracked… Not sure what youre talking about here.

            And oh dear god here at the end youre going to ‘for the record’ inform me, a person who has written code for game mods for 20 years and professionally for various roles in the tech industry for a decade that games have open source and closed source code in them.

            Thats not even relevant to how a whole company’s network gets breached and its employees get basically doxxed.

            The… the video game company’s internal software for managing employee records, clock ins, clock outs, wage payment, emails, etc, is different from the software it uses in its product, the game.

            It doesnt matter if a game has OpenGL and a bit of a liscensed proprietary physics engine.

            Thats not connected to the company email server.

            Why do you have such an arrogant attitude when you have no idea what you are talking about?

            • MudMan@kbin.social
              link
              fedilink
              arrow-up
              7
              arrow-down
              2
              ·
              11 months ago

              Honestly, my response to everything you said is on my first post. Including the “you’d love doing IT for a game studio” part.

              • vexikron
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                9
                ·
                11 months ago

                You are an imbecile. Have fun I guess living in your Anime Tumblr dream world.

    • 5200@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      Partially. Too much of the software and defenses require the user to act in a specific way to complete the defenses. And humans are not rational beings. This gives attackers ways to circumvent the security measures. This in addition to cybersecurity too often being an afterthought.

      • vexikron
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Yes, which is why I said ‘and also get employees to follow basic cybersecurity practices.’

        If the problem is either company culture or human nature is in the way of implementing cybersecurity properly, and I can assure you that this is true, having managed cybersecurity policies at a large non profit for over a year…

        …then the field of cybersecurity should actually be figuring out how to successfully mitigate or solve this issue, they should be focusing on far more than just esoteric techno buzzwords in their marketing, and you know, actually be capable of delivering ‘security’, the thing they claim to sell.

        If that means pivoting to things like the imoportance of training employees, developing a security conscious company culture, holding seminars to convince execs and middle management to not have cybersecurity as an afterthought as well as what it actually takes to actually be secure… then the field of cybersecurity should do that.

        • 5200@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          Ab-so-lutely! I was n’t aware I challenged your notion. I thought I was merely expanding on it. But we agree.

          • vexikron
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            11 months ago

            Sorry if i came off as too hostile, a bit off the anger may have carried over from explaining to graphics card marketing buzzword enthusiast ninjan, as politely as i could, that he has no idea what its actually like to work for a world class tech firm as a software engineer, over in another thread.