RISKS-LIST: Risks-Forum Digest Saturday 3 Aug 2024 Volume 34 : Issue 39

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.39>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Teenager Accused of Derailing Train and Posting Crash Video Online (NYTimes)
Mythbusting SOC costs (Cliff Kilby)
Newsgroups: comp.risks
How One Man Lost $740,000 to Scammers Targeting His Retirement Savings
(NYTimes)
Subject: Risks Digest 34.39
Are we too dependent on Microsoft? (CBC)
MBTA's new contactless payment system launches Thursday (The Globe)
Personal Data of 3 Billion People Stolen in Hack, Suit Says (BloombergLaw)
Trolls Used Her Face to Make Fake Porn. There Was Nothing She Could Do.
(NYTimes)
Date: 4 Aug 2024 00:39:57 -0000
Amazon forced to recall 400K products that could kill, electrocute people
(ArsTechnica)
Organization: PANIX Public Access Internet and UNIX, NYC
Don't Let Your Domain Name Become a crime site (Krebs on Security)
About Kid's Online Safety Act and age verification (Lauren Weinstein)
Lines: 626
A $100b plan with "70% risk of killing us all" (Stephen Fry)
Leaked github token could have put the entire python infrastructure at risk
Sender: RISKS List Owner <risko@csl.sri.com>
(TechRadar)
Argentina will use AI to ‘predict future crimes’ but experts worry
Approved: risks@csl.sri.com
for citizens’ rights (The Guardian, geoff goodfellow)
Gender Dysphoria and the Cass Review - A Summary of a Discussion
(Peter Bernard Ladkin)
Message-ID: <CMM.0.90.4.1722731897.risko@chiron.csl.sri.com8036>
Re: Google reverts TV YouTube app to original search history behavior
(Jim Geissman)
Injection-Info: reader1.panix.com; posting-host="panix2.panix.com:166.84.1.2";
Re: AT&T local news (Jim Geissman)
Re: Switzerland now requires all government software to open source
logging-data="234"; mail-complaints-to="abuse@panix.com"
(Martin Ward, Wol)
Re: CrowdStrike and fuzz testing (Jurek Kirakowski)
To: risko@csl.sri.com
Re: Robots sacked, screenings shut down: a new movement of Luddites is
rising up against AI (Wol)
IEEE Project on Digital Forensics for Trusted Learning Systems
Xref: unconfigured comp.risks:118
(via Rebecca Mercuri)

Abridged info on RISKS (comp.risks)

RISKS-LIST: Risks-Forum Digest Saturday 3 Aug 2024 Volume 34 : Issue 39
----------------------------------------------------------------------

Date: Mon, 29 Jul 2024 19:13:04 -0400
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
From: Monty Solomon <monty@roscom.com>
Subject: Teenager Accused of Derailing Train and Posting Crash Video Online
Peter G. Neumann, founder and still moderator
(NYTimes)

Investigators said a 17-year-old charged with intentionally causing a freight train derailment in Nebraska had recorded the crash, which he then posted on YouTube.
***** See last item for further information, disclaimers, caveats, etc. *****

https://www.nytimes.com/2024/07/29/us/nebraska-teen-charged-train-crash.html
This issue is archived at <http://www.risks.org> as

------------------------------
<http://catless.ncl.ac.uk/Risks/34.39>

Date: Sat, 3 Aug 2024 16:25:49 -0400
The current issue can also be found at
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Mythbusting SOC costs
<http://www.csl.sri.com/users/risko/risks.txt>

I came across a short opinion piece which really took me aback.
The poster claimed that running a SOC was an massive expense.
Contents:

The core assertions:
Teenager Accused of Derailing Train and Posting Crash Video Online (NYTimes)

Mythbusting SOC costs (Cliff Kilby)
Infrastructure Costs: Setting up a SOC requires significant hardware,
software, and network infrastructure investments. This includes advanced
How One Man Lost $740,000 to Scammers Targeting His Retirement Savings
security tools and platforms for monitoring and response.
Response: Not quite. There is no additional outlay for hardware, software
(NYTimes)
or networking. Your SOC should be able to use everything in place, unless
Are we too dependent on Microsoft? (CBC)
you don't already use industry standard products like firewalls, WAF, and
AV. You might consider purchasing an EDR to address dynamic threats, but
most AV products can be used for reporting to a SOC. Unless you don't even
have AV.
MBTA's new contactless payment system launches Thursday (The Globe)

Skilled Personnel: Hiring and retaining skilled cybersecurity professionals
Personal Data of 3 Billion People Stolen in Hack, Suit Says (BloombergLaw)
is expensive. An in-house SOC needs experts for threat detection, incident
Trolls Used Her Face to Make Fake Porn. There Was Nothing She Could Do.
response, and continuous monitoring, which can drive up labor costs.
Response: Maybe. It is expensive to maintain personnel who are trained for
bleeding edge threat detection and mitigation. But, considering the first
and third assertions, the company isn't even doing remedial security, and
would probably make great strides with a SOC staffed by DevOps engineers.
(NYTimes)

Ongoing Maintenance: An in-house SOC requires continuous updates,
Amazon forced to recall 400K products that could kill, electrocute people
maintenance, and upgrades to stay current with evolving threats. This adds
to the overall operational expenses.
Response: This has nothing to do with SOC. This is basic operations
hygiene. Patch when your vendors provide patches.
(ArsTechnica)

Training and Development: Keeping the SOC team trained with the latest
Don't Let Your Domain Name Become a crime site (Krebs on Security)
cybersecurity trends and technologies involves additional costs for ongoing
education and certifications. Response: Again, no. For most professionals
About Kid's Online Safety Act and age verification (Lauren Weinstein)
who carry certifications, they are required to maintain continuing
education. Those credits are as expensive as you allow them to be, though
A $100b plan with "70% risk of killing us all" (Stephen Fry)
they may need to be away from work to obtain them. Common vulnerability
Leaked github token could have put the entire python infrastructure at risk
OSINT is massive and mostly free. Keeping up with the bleeding edge is
expensive, but pointless if you have an environment which you believe that
(TechRadar)
updates and maintenance are driven by your SOC.

Argentina will use AI to ‘predict future crimes’ but experts worry
24/7 Operations: To be effective, a SOC needs to operate around the clock,
for citizens’ rights (The Guardian, geoff goodfellow)
requiring shifts and potentially more staff, further increasing costs.
Response: If your SOC is automating detections and responses, they really
Gender Dysphoria and the Cass Review - A Summary of a Discussion
only have unplanned work as long as someone is in the office. They don't
pack up the WAF at the end of the day. If your current environment can't
(Peter Bernard Ladkin)
automatically alert a detection, having a human sitting staring at logs
Re: Google reverts TV YouTube app to original search history behavior
won't find anything. However, if you're running a 3 shift company, then
(Jim Geissman)
yeah, you'll need coverage for all three shifts. Realtime threats tend to
orgiinate from employees more than externally.
Re: AT&T local news (Jim Geissman)

To me this whole post read like someone who was told that a SOC is buying
Re: Switzerland now requires all government software to open source
Rapid7 and Splunk, and then got mad that they also need to hire people to
(Martin Ward, Wol)
run those tools.

Re: CrowdStrike and fuzz testing (Jurek Kirakowski)
Operations aren't a goal, but a process.
Security isn't a goal, but a process.
Re: Robots sacked, screenings shut down: a new movement of Luddites is
Security operations... you get the drift.
rising up against AI (Wol)

Post courtesy of
IEEE Project on Digital Forensics for Trusted Learning Systems
https://old.reddit.com/r/CyberMsspZone/comments/1eii9jf/why_is_an_inhouse_soc_so_expensive/

(via Rebecca Mercuri)
------------------------------
Abridged info on RISKS (comp.risks)

Date: Mon, 29 Jul 2024 19:10:06 -0400

From: Monty Solomon <monty@roscom.com>
Subject: How One Man Lost $740,000 to Scammers Targeting His Retirement
----------------------------------------------------------------------
Savings (NYTimes)

Criminals on the Internet are increasingly going after Americans over the
Date: Mon, 29 Jul 2024 19:13:04 -0400
age of 60 because they are viewed as having the largest piles of savings.

From: Monty Solomon <monty@roscom.com>
https://www.nytimes.com/2024/07/29/business/retirement-savings-scams.html
Subject: Teenager Accused of Derailing Train and Posting Crash Video Online