This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
I'm a long time lurker, so this is my first attempt at a top level post.
I have recently changed jobs, and this has caused me to work with a bunch of companies that are low level engineering firms. I don't mean they don't have good engineers, but they are small companies with tiny IT budgets. For my personal experience, in college I worked at a help desk and then was a networking engineer until I got my CS degree. My first job out of college was at Cisco, and I have always worked at pretty large companies that had the highest security possible. I wouldn't even consider myself a security expert necessarily, but my experience at Cisco and networking did teach me a lot. We're talking firewalls years out of date, unnecessary equipment plugged in with vulnerabilities, ports open that shouldn't be, default admin passwords, etc.
I am amazed at some of the profits of some of these companies that spend essentially no money on IT or security. Just one look at their server room tells you all I need to know.
There is so much low hanging fruit. My question is this: why are there not more cybersecurity attacks on these blue collar profitable companies? If I was a malicious actor (with my programming and IT experience), there are thousands of profitable companies I could easily snipe if I was so inclined. I have a friend that works for homeland security, and he says there are tons of attacks on government organizations. He says they are basically a MSP for a lot of organizations that have no idea what they are doing such as universities. But the government at least has a standard. So I kind of get that, but from what he tells me they are also vulnerable.
But how are there not more easy attacks? Ransomware would be easy with how some of these companies are. Are there just not enough attackers? Every city and company I have traveled to I could easily have taken over their network if I was so inclined. Are there just not enough attackers to take advantage of everything?
If I was China or an adversary, this would be child's play. Do they just not want to reveal themselves? I just don't get it. Every company I have gone to would be so easy to get admin creds. This makes me think there are two options. Either there aren't enough hackers to take advantage, or they are holding back. Which one is it? Because like I said, it would be trivially easy to hack these companies.
You know, I've always wanted to learn how hackers do what they do. I don't think I would be able to actually use those skills for material ends, because I consider myself a moral person, but I just love learning about how things are done, and I love amassing "super power" skills. Maybe even save the skill for one day, if I wanted to exact revenge on a company or person that I feel had wronged me or something.
But I don't even know where to go to learn how to do this kind of thing. I'm probably just naive. I have learned all about how to prevent hacking attacks, but I've never found a course or instruction manual that says "here's how you can spy on someone else's email" or "use this program to access files on someone else's machine". I suspect one problem is that a lot of hacking is actually just social engineering, which I find super boring and a non-starter for learning to hack.
So, is it possible that there aren't enough hackers because it's not the sort of thing that you can learn easily, and you have to roll your own everything in order to do it?
More options
Context Copy link
More options
Context Copy link