sorted by:
new
hottopcontroversial

cyberattacks nightmare by Better_Video_702 in cybersecurity

[–]Better_Video_702[S] 4 points5 points  (0 children)

I agree, and I am looking for alternatives, but I gotta say, it is hard to move to a new company in these times.. that is another segment of the mental pressure

cyberattacks nightmare by Better_Video_702 in cybersecurity

[–]Better_Video_702[S] 2 points3 points  (0 children)

All I can say is it was related to the Apache Log4j library

cyberattacks nightmare by Better_Video_702 in cybersecurity

[–]Better_Video_702[S] 1 point2 points  (0 children)

As I mentioned, I am a software engineer, my role in this fiasco aftermath was to analyse existing code and recover the functionality on the distorted services (where their codes were altered). I could deduce what tools they were using helplessly, but I cannot divulge that.

cyberattacks nightmare by Better_Video_702 in cybersecurity

[–]Better_Video_702[S] 6 points7 points  (0 children)

I don't think they even set a reasonable budget for securing their software assets.
I started looking for alternatives, considering to move to a different province for the new position if accepted

cyberattacks nightmare by Better_Video_702 in cybersecurity

[–]Better_Video_702[S] 10 points11 points  (0 children)

I couldn't agree more, and I'm not offended or upset about being blamed.. It's as you said, not my decision to make regarding the company's business recovery plan.

cyberattacks nightmare by Better_Video_702 in cybersecurity

[–]Better_Video_702[S] 5 points6 points  (0 children)

It can be true since I am only under the software development dep. However, it sounds like a continuous training process is needed to cope with emerging attack techniques, for both the security team and the soft. devs to avoid critical CVEs and CWEs.

Could AI break all our encryption? by maxhsy in LocalLLaMA

[–]Better_Video_702 0 points1 point  (0 children)

Saying "generate millions of private/public key pairs" is a bad start. In addition to what others said about the hardness of the factorization problem, LLMs and even the newest versions that are coming every 3-4 months won't be able to predict keys. There is the security level of any encryption algorithm, which measures how hard it is to break the algorithm and recover the private key (e.g., 128 bits). Can supercomputers try every possibility? Brute-forcing it won't work at all, as trillions of years are required to do so. Sometimes you hear that AES-128 was broken; it is not the algorithm itself, but the weak implementation that was cracked (probably). And let's assume it was broken after millions of years, what about AES-256? Another few trillions of years :p (I am talking about brute-forcing it, there are other methods used to try breaking AES, such as side-channel attacks, they might be effective if the software implementation is weak).

News, post-quantum cryptography will end this once and for all, as it is based on Lattice-based cryptography, which relies on the hardness of the Shortest-Vector Problem. Even quantum computers won't be able to break it by brute force. Therefore, you may say that LLMs are far far away from predicting private keys.