https://wetdry.world/@ari/112230288896956003

    • Tak@lemmy.ml
      ·
      8 months ago

      Just like when users get "hacked" a lot of the time it was just their own lack of security practices and not the service provider. Obviously there are exceptions and I hate defending tech giants but end users are often to blame.

    • Lucien [hy/hym, comrade/them]
      ·
      8 months ago

      Yeah, I work for a Federal agency, and I can confirm this is an extremely plausible situation. Was probably a contractor.

    • pop@lemmy.ml
      ·
      edit-2
      8 months ago

      There's no reason for amazonaws.com to be on search engine at all. Which is just as simple as placing a robots.txt with deny all declaration. Then no user would have to worry about shit like this.

      • Moonrise2473@feddit.it
        ·
        8 months ago

        Who said that?

        Many other customers instead want to get that, maybe they are hosting images for their website on S3, or other public files that are meant to be easily found

        If the file isn't meant to be public, then it's the fault of the webmaster which placed it on a public bucket or linked somewhere in a public page

        Also: hosting files on Amazon S3 is super expensive compared to normal hosting, only public files that are getting lots of downloads should be using that. A document that's labeled for "internal use only" should reside on a normal server where you don't need the high speed or high availability of AWS and in this way you can place some kind of web application firewall that restricts access from outside the company/government.

        For comparison, it's like taking a $5 toll road for just a quarter of mile at 2 am. There's no traffic and you're not in hurry, you can go local and save that $5

  • Septimaeus@infosec.pub
    ·
    8 months ago

    Such examples of OpSec competence make it easy to dismiss the majority of government conspiracy theories IMHO.

        • Mic_Check_One_Two@reddthat.com
          ·
          edit-2
          8 months ago

          Yup. In more modern politics, we’ve seen it in the trans debate. “I can always tell when someone is trans” is a fallacy, because you only notice the trans people who aren’t fully passing. It’s pure selection bias, where a large part of the population is convinced that all trans people look like beefy dudes in dresses.

      • Septimaeus@infosec.pub
        ·
        edit-2
        8 months ago

        lol yes. But it’s not the regular evidence of shoestring infrastructure and lack of process that casts doubt on these grand conspiracies. It’s the diminishing conditional probability, over time, that they are somehow always the exception.

          • Septimaeus@infosec.pub
            ·
            edit-2
            8 months ago

            If we flip a fair coin once, the odds of not getting tails is 50%. If we flip twice, the odds diminish to 25%. Flip 20 times, the odds diminish to 0.000001%.

            This is the conditional probability that makes the concealment of large and/or longterm conspiracies implausible: we say that the odds of getting heads on the 100th toss, conditioned on the probability of having already gotten heads 99 times, is less than a billion billion billion to one.

            And the grander the conspiracy, i.e. the more individuals involved, the more “coin flips” regularly occur, and the faster these infinitesimal odds are reached — hence the expression “too many minions spoil the plot.”

            So while mistakes are indeed unsurprising, the fact that none have ever uncovered big old conspiracies (especially the likes of flat earth, fake moon landing, aliens, etc.) suggests the odds of their veracity are, at this point, vanishingly small.

            • TankieTanuki [he/him]
              ·
              8 months ago

              Gotcha.

              I think it's important to agree on a definition of "conspiracy theory" and also on what qualifies as spoiling or revealing the plot in these discussions. Otherwise we're probably talking about different things.

    • TheDoctor [they/them]
      ·
      8 months ago

      Legit, if you want to know if a conspiracy is true, just wait 20-50 years and the CIA will declassify the related documents. Most of them are open secrets that happen to be difficult to corroborate as they’re happening. Very few rely on outright secrecy. More just plausible deniability during the period where the public would be up in arms about it.

    • AcidLeaves [he/him, he/him]
      ·
      edit-2
      8 months ago

      Right, because people never make simple mistakes 🙄

      People who get paid half a mill to code mess up basic stuf like this by accident all the time

      • Septimaeus@infosec.pub
        ·
        8 months ago

        I mean, I agree with you. I’m not claiming “there are no good toupees.” I’m pointing to [the alopecia market] as evidence that [a pill to cure baldness] couldn’t be kept secret by the [shadowy cabal of elites with gorgeous hair] for very long.

    • irmoz@reddthat.com
      ·
      edit-2
      8 months ago

      Compartmentalisation helps

      If no one actually knows the plan other than the guy in charge, no one can leak the plan:

      An example of compartmentalization was the Manhattan Project. Personnel at Oak Ridge constructed and operated centrifuges to isolate uranium-235 from naturally occurring uranium, but most did not know exactly what they were doing. Those that knew did not know why they were doing it. Parts of the weapon were separately designed by teams who did not know how the parts interacted.

      • Septimaeus@infosec.pub
        ·
        edit-2
        7 months ago

        True, and interesting since this can be used as a statistical lever to ignore the exponential scaling effect of conditional probability, with a minor catch.

        Lemma: Compartmentalization can reduce, even eliminate, chance of exposure introduced by conspirators.

        Proof: First, we fix a mean probability p of success (avoiding accidental/deliberate exposure) by any privy to the plot.

        Next, we fix some frequency k1, k2, ... , kn of potential exposure events by each conspirators 1, ..., n over time t and express the mean frequency as k.

        Then for n conspirators we can express the overall probability of success as

        1 ⋅ ptk~1~ ⋅ ptk~2~ ⋅ ... ⋅ ptk~n~ = pntk

        Full compartmentalization reduces n to 1, leaving us with a function of time only ptk. ∎

        Theorem: While it is possible that there exist past or present conspiracies w.h.p. of never being exposed:

        1. they involve a fairly high mortality rate of 100%, and
        2. they aren’t conspiracies in the first place.

        Proof: The lemma holds with the following catch.

        (P1) ptk is still exponential over time t unless the sole conspirator, upon setting a plot in motion w.p. pt~1~k = pk, is eliminated from the function such that pk is the final (constant) probability.

        (P2) For n = 1, this is really more a plot by an individual rather than a proper “conspiracy,” since no individual conspires with another. ∎

  • OrlandoDeCabron [he/him]
    ·
    8 months ago

    Went and looked at the documents that show up, both are on "russian hacking". 100% honey pot if I've ever seen one.