Most breaches actually begin in corp:
Readers of my blog will note that while I believe Rust is an excellent tool for developers to leverage when building software, that there is a disconnect between the developers leveraging Rust features to improve their software and many of the advocates who talk about the language, which I believe is counterproductive when it comes to Rust advocacy.
ariadne.space/2023/12/07/most-…
Most breaches actually begin in corp
Readers of my blog will note that while I believe Rust is an excellent tool for developers to leverage when building software, that there is a disconnect between the developers leveraging Rust features to improve their software and many of the advoca…ariadne.space
![A heavily modified window of Wanna Decryptor from the infamous WannaCry ransomware.
The window title: "Wanna Rail (UDP<->CAN Converter)".
Header: "Ooops, your train can't start after maintenance!"
Section: "What happened to my train?"
"After spending over 10 days in required maintenance, your train does not start anymore. There's no error, it just doesn't. Maybe the third party service is incompetent and does not have the required know-how for the work? Or maybe the "if" statement with coordinates of known third party workshops had something to do with it? Who's gonna know?"
Section: "Can I get my train working?"
"Oh, you sound nervous. What about? Some contracted rides you have to make? :) Don't worry, the Authorized Service can check up your train this time. For a little price. We'll do the secret sequence of button presses and it's all right! But next time, you know what's the place to pay for the maintenance, right?"
Section: "This is ridiculous, I'll get hackers to handle this!"
"These are not our "if" statements, we would never do such thing. Hackers? Maybe they are the ones who did this?! How dare you touch our sacred intellectual property?! We're calling Homeland Security, Prosecutor, Intelligence Agency, Railway Transport Office, [text cuts off here]"
[alt text continues in next picture]](https://fedi.ml/photo/preview/640/485857 "A heavily modified window of Wanna Decryptor from the infamous WannaCry ransomware.
The window title: \"Wanna Rail (UDP<->CAN Converter)\".
Header: \"Ooops, your train can't start after maintenance!\"
Section: \"What happened to my train?\"
\"After spending over 10 days in required maintenance, your train does not start anymore. There's no error, it just doesn't. Maybe the third party service is incompetent and does not have the required know-how for the work? Or maybe the \"if\" statement with coordinates of known third party workshops had something to do with it? Who's gonna know?\"
Section: \"Can I get my train working?\"
\"Oh, you sound nervous. What about? Some contracted rides you have to make? :) Don't worry, the Authorized Service can check up your train this time. For a little price. We'll do the secret sequence of button presses and it's all right! But next time, you know what's the place to pay for the maintenance, right?\"
Section: \"This is ridiculous, I'll get hackers to handle this!\"
\"These are not our \"if\" statements, we would never do such thing. Hackers? Maybe they are the ones who did this?! How dare you touch our sacred intellectual property?! We're calling Homeland Security, Prosecutor, Intelligence Agency, Railway Transport Office, [text cuts off here]\"
[alt text continues in next picture]")
![On the left side, there is a big icon of a lock and 2 time counters: "Bogus compressor failure report on: 2022-11-21 00:00:00+01:00. Time left: 142:00:10:39:[overflows, not readable further]". "Next day of contractual penalty: 2022-07-02 00:00:00+01:00. Time left: 00:10:39:26".
2 links: "Polish manufacturer accused of programming failures into its trains to gain more servicing business -> 2137.pl/Dtpzev". "Dieselgate, but for trains – some heavyweight hardware hacking -> 2137.pl/RCRddm".
On the bottom, small logos of Newag and Iris Certification. Small caption: "Infringement of copyright in the vehicle control system is subject to civil and criminal liability under the terms of Chapters 8, 9 and 15 of the Law on Copyright and Related Rights of February 4, 1994. Newag is not responsible for the consequences of improper maintenance of delivered vehicles by users or third parties, in particular, it is not responsible for unauthorized interference with vehicle control systems. To the Company's knowledge and assessment, users of railroad vehicles in Poland, guided mainly or exclusively by price, are increasingly entrusting the maintenance of railroad vehicles to entities that do not have the competence and know-how necessary to maintain modern railroad vehicles. In the Company's view, this kind of policy, which is unthinkable in Western European countries, may one day lead to a human tragedy in the form of a rail disaster."
Below, 2 buttons: "Check Payment", and "Unlock".](https://fedi.ml/photo/preview/640/485859 "On the left side, there is a big icon of a lock and 2 time counters: \"Bogus compressor failure report on: 2022-11-21 00:00:00+01:00. Time left: 142:00:10:39:[overflows, not readable further]\". \"Next day of contractual penalty: 2022-07-02 00:00:00+01:00. Time left: 00:10:39:26\".
2 links: \"Polish manufacturer accused of programming failures into its trains to gain more servicing business -> 2137.pl/Dtpzev\". \"Dieselgate, but for trains – some heavyweight hardware hacking -> 2137.pl/RCRddm\".
On the bottom, small logos of Newag and Iris Certification. Small caption: \"Infringement of copyright in the vehicle control system is subject to civil and criminal liability under the terms of Chapters 8, 9 and 15 of the Law on Copyright and Related Rights of February 4, 1994. Newag is not responsible for the consequences of improper maintenance of delivered vehicles by users or third parties, in particular, it is not responsible for unauthorized interference with vehicle control systems. To the Company's knowledge and assessment, users of railroad vehicles in Poland, guided mainly or exclusively by price, are increasingly entrusting the maintenance of railroad vehicles to entities that do not have the competence and know-how necessary to maintain modern railroad vehicles. In the Company's view, this kind of policy, which is unthinkable in Western European countries, may one day lead to a human tragedy in the form of a rail disaster.\"
Below, 2 buttons: \"Check Payment\", and \"Unlock\".")
Ariadne Conill 🐰
in reply to Ariadne Conill 🐰 • • •to be clear, I love Rust and use it all the time, but a lot of technology evangelists tend to propose it as a miracle cure for everything. it's like the programming language equivalent of AI. it's ridiculous.
memory safety, while very important, is not the root cause of most security incidents where data exfiltration or loss occurs!