• 0 Posts
  • 46 Comments
Joined 1 year ago
cake
Cake day: June 16th, 2023

help-circle










  • This sounds like a security nightmare though. A central repository of all code and keys is a gold mine for exploitation. Don’t get me wrong, I would really want this to work, but if it was compromised it could he catastrophic.

    I do think there should be regulations in place that are clearly and easily enforceable by the FTC though. I’d love to see companies be hit with fines and/or compulsory refunds if they stop supporting devices and don’t provide some path forward for customers to keep using the device. That doesn’t solve for startups that go out of business, but it would at least cover the tech giants who are doing this garbage.




  • Thanks for the detailed reply. I totally see your point about people not calling 911 when there’s an actual emergency, or calling the wrong number, and that resulting in a delay to first responders being notified in a critical situation. Obviously not a dispatcher myself, but have spent some time working with them, and I would say that most of them would echo your sentiments. I’ve heard some funny stories though of people calling 911 for the most inappropriate reasons - lost dogs, car won’t start (was in caller’s garage, not like they were stranded in a blizzard or something). My favorite was an elderly man who apparently called 911 because his computer was being “hacked”, sounded like he got one of those scam calls. That one made me pretty proud of the security awareness training we did for county employees.


  • I think it definitely varies by county. I worked for an IT company that served a lot of county governments across a few states in the US, and a majority of them would try to discourage 911 calls for things that weren’t active emergencies.

    Lots of counties had central 911 operations that coordinated for other local municipalities (ie the county 911 would dispatch a local city’s fire department), but non-emergency numbers usually went to the local municipality. Sometimes municipalities would have non-emergency calls roll over to the 911 center, but those calls were always tagged differently, and essentially moved to the back of the queue behind 911 calls. The goal was generally that if you call 911 you talk to someone immediately, whereas if you call non-emergency you can wait on hold for a bit if there were a lot of 911 calls.






  • Makes sense that it was a definitions update that caused this, and I get why that’s not something you’d want to lag behind on like you could with the agent. (Putting aside that one of the selling points of next-gen AV/EDR tools is that they’re less reliant on definitions updates compared to traditional AV.) It’s just a bit wild that there isn’t more testing in place.

    It’s like we’re always walking this fine line between “security at all costs” vs “stability, convenience, etc”. By pushing definitions as quickly as possible, you improve security, but you’re taking some level of risk too. In some alternate universe, CS didn’t push definitions quickly enough, and a bunch of companies got hit with a zero-day. I’d say it’s an impossible situation sometimes, but if I had to choose between outage or data breach, I’m choosing outage every time.