Keep in mind we are talking about a protocol from 1987. How many protocols from 1987 is google currently using?
Keep in mind that google is primarily a cloud business. That means that they take on a lot more of a risk, as when they are hacked its a them problem vs traditional software where its much more the customer's problem. Security is very much about incentives, and the incentives line up better for google to do the right thing.
It turns out when nerds get a billion dollars they like being bullies too.
Great, so someone with half a motherboard can break this hash
However, it's most likely to be used by governments, with legacy servers that are finicky, with filesharing set up that's impacted other computers configured for compatibility, or legacy ancient network gear or printers.
I wonder who they're pushing around, and what the motivation is?
What releases like this do is give IT ops people the ammunition they need to convince their leadership to actually spend some money on fixing systemic security problems.
But we are in two-thousand-twenty-FUCKING-six.
It's unbelievable. Just plain unbelievable.
Was it a success? Is Mandiant a cash cow or was it basically an acquihire?
The big "contact mandiant" button next to the post feels a bit like trying to stay relevant and acquire more customers.
Is there any business that does NOT try to do this? Why wouldn't they?
They decided to not fix the vulns (either directly by not patching, or indirectly by not investing in cybersecurity). So exploiting them is somehow an act of mercy. They may not know they have a problem and they have an opportunity to learn.
Let's just hope they will have white or gray-ish hats teaching the lesson
ubuntulover2011•2h ago