Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Need a better analogy than sniping at goatherders
1 point by m3047 on July 14, 2024 | hide | past | favorite | 5 comments
DNS / Indicator of Compromise / domain owner colleagues I'd appreciate your help / advice: I need an uncomfortable analogy to an uncomfortable reality nobody wants to talk about.

You may know I've been writing a series of articles which I've been calling "Letters to Dubai" because of the friend who inspired me to write about this set of topics. (http://consulting.m3047.net/dubai-letters/)

I plan to write one about NOD (Newly Observed DNS Domains) on a technical / tactical / theoretical level, but events occurring around me are telling me I need to write two prequels: 1) the industrial complex which preruns your domain and 2) targeting places by targeting people.

See, it's that second one. An uncomfortable topic. It is what's happening though: indicator of compromise vendors target infrastructure and they should know (unless they're incompetent liars, which some of them are) who operates that infrastructure. But that word "operates" suffers from category confusion (https://en.wikipedia.org/wiki/Category_mistake): I operate a server, but I do not Operate the infrastructure which ultimately connects that server to the internet.

In the cases I'm seeing it's that infrastructure Operator who should be targeted at proportionate scale, but what they're doing instead is sniping at goatherders who went to get water from the well the same as they'd always done before the Operator moved in.

Who's got a better analogy? Happy to credit the analogy or analogies I use.



Are you trying to say that a bad client (server operator) moves into a PaaS (infra operator) and bad things happen to the existing tenants (other server operators)?


I had more in mind that the PaaS goes bad (corruption, incompetence, many causes) and allows bad players in and then yes bad things happen to existing tenants (or new tenants unaware of what's going on).

I guess that's part one, because part two would be that neither the PaaS or the people doing bad things to them inform these innocent third parties: there's no "declaration of war" between the PaaS and soi disant defenders, no signage, and no bodies because they're sniping with heavy weps which vaporize the bodies.

Edit: It could also just be "broken windows", they shot up the place and moved on, but the soi disant defenders are still shooting at survivors going to the well.

Thanks for letting me clarify.


> people doing bad things to them inform these innocent third parties

Let me also clarify and re-iterate: the people doing bad things to the innocent third parties aren't the bad people, it's the soi disant defenders who are shooting at them.


The bad actors are never going to tell you they are

As for analogies, some launch points...

- "one bad apple spoils the bunch"

- something about bad neighbors

- leading horse to water

- poisoning the well

Have you tried brainstorming with an LLM?


> The bad actors are never going to tell you they are

Let's stop talking about bad actors. The people doing the sniping think they're defenders. The PaaS is staffed by mostly well-intentioned people but they're poorly managed and they keep getting called to work on features instead of fixing vulnerabilities.

> Have you tried brainstorming with an LLM?

Maybe we should just move on.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: