This Android Malware Has Infected Over 11 Million Devices
pandapoo @ pandapoo @sh.itjust.works 帖子 0评论 328加入于 2 yr. ago
pandapoo @ pandapoo @sh.itjust.works
帖子
0
评论
328
加入于
2 yr. ago
Retail generates the most margin, while enterprise generally the most revenue.
At least, that's how it works at most vendors that operate both B2C and B2B sales and product channels.
But no, Kaspersky is a major legacy player in the B2B security market with both mature and cutting edge products/solutions.
A better question might be, which companies in America were still using Kaspersky up until this month, and why.
My guess that is a mix between budgetary constraints, incompetence, and weighted risk analysis.
Imagine you're a Midwestern ice cream wholesaler, it's been a bad few years, and your 200 Kaspersky licenses were renewed with deep discounts.
You're not likely to lose any contracts for using Kaspersky, nor be a target of state sanctioned espionage, but spending $10,000 between new licensing and man hours, to rip, replace, and configure a new solution, now that could cause real issues for you.
So, between a rock and a hard place, you just wait it out as long as possible and hope that when the other shoe drops, it doesn't wreck your budget.
No problem, happy it helped.
Your summary is mostly accurate, but I think a better way to understand it would be like this:
Low level security software, by nature, is the ultimate attack vector, if compromised.
Assume that all countries that have both a domestic tech sector, and a well-resourced national security apparatus, have some version of on demand government initiated supply chain attack capabilities.
So it's not like I believe that all Kaspersky installs include a RAT piped directly to some GRU/FSB unit, just the ability for a malicious payload to be inserted - just as the NSA can do with American tech companies.
Not every risk can be mitigated, but some risks just shouldn't be taken.
That is so wrong that it's actually impressive.
Either you've never worked in this space, or because it wasn't present in the few IT departments you've worked in, you extrapolated that to mean it wasn't present in any large organization.
By all means, I don't disagree that American firms should not be using Kaspersky, just as Russian firms should not be using Sophos (UK based), but to pretend that they aren't one of the oldest and most well-established brands in the space is misinformed at best.
I think you confused the fact they have a retail product presence, to mean that they don't have serious enterprise solutions, but they do: NDR, XDR, agentless for hypervisors, etc.
Yes... no... sorta....kinda... but no different than how most, if not all, large American security and tech vendors have either overt, or covert, links to the the American Security State.
Kaspersky is a long established credible actor and leader in the threat research space, hands down one of the best track records over the long run, and you should take their reporting and disclosures seriously.
I'm not saying that to dismiss the very valid concerns about installing Kaspersky on sensitive private sector and government systems, but to contextualize my answer.
On a sort of related note, earlier I said that the American security state has both overt, or covert, links all across the American tech sector.
What that means is that, even if a company holds their principles not compromising their customers or their product, the US government can either get a court order to force it, or they'll be targeted by something like the Pentagons Signature Reduction program and have sheep dipped employees worked into their organization.
Point is, Kaspersky is one of the few remaining Russian brands and entities still holds a lot of credibility in it's field, but again, that doesn't mean the concerns of Western government's aren't valid, just that they should be viewed in the proper context.
Read the article. Despite its headline, it goes on to say that the most likely explanation is that the shoddily built truck, that is known for breaking down all the time, probably broke down, as opposed to being remotely disabled.
This is an accounting trick as well, a way to shed profit, and maximize deductions, by having different units within a parent company purchase services from each other.
I realize that my sentence long explainer doesn't shed any light on how it gets done, but funnily enough, you can ask an LLM for an explainer and I bet it'd give a mostly accurate response.
Edit: Fuck it, I asked an LLM myself and just converted my first sentence into a prompt, by asking what that was called, and how it's done. Here's the reply:
This practice is commonly referred to as "transfer pricing." Transfer pricing involves the pricing of goods, services, and intangible assets that are transferred between related parties, such as a parent company and its subsidiaries.
Transfer pricing can be used to shift profits from one subsidiary to another, often to minimize taxes or maximize deductions. This can be done by setting prices for goods and services that are not at arm's length, meaning they are not the same prices that would be charged to unrelated parties.
For example, a parent company might have a subsidiary in a low-tax country purchase goods from another subsidiary in a high-tax country at an artificially low price. This would reduce the profits of the high-tax subsidiary and increase the profits of the low-tax subsidiary, resulting in lower overall taxes.
However, it's worth noting that transfer pricing must be done in accordance with the arm's length principle, which requires that the prices charged between related parties be the same as those that would be charged to unrelated parties. Many countries have laws and regulations in place to prevent abusive transfer pricing practices and ensure that companies pay their fair share of taxes.
I mean, sure it's possible this was an attack, but coal mining is incredibly dangerous, and Occam's razor would suggest that it was caused by the mining itself.
That doesn't mean that no one is ultimately responsible, whether through negligence, shoddy practices, etc., just the explanation is most likely related to the mining operation itself.
Not that I think blood and misery for it's own sake is above Israel, just that their are much more likely scenarios here.
Is your argument that multiple empires have tried bombing Afghanistan into being a civilized country, but by golly, they want to be savages?
Do you maybe want to, and I'm just brainstorming here, play that out in your head a few more times and rethink your response?
I don't know if you grew up during the color coded terror threat level days, but after updating everyone on the days terrorism threat color, the nightly news anchors would share how many terrorists were killed in Afghanistan and Iraq.
Even as a kid, I thought to myself, "how is everyone killed by coalition forces a terrorist?"
Or, "why are car bombs that kill coalition forces in theatre, called terror attacks?"
News flash, governments and media label all sorts of organizations and actions terrorism, 90% of it is propaganda, or bullshit.
Otherwise, I guess that would mean Ukrainian forces fighting Russians are also terrorists, which is how the Russian government and media refers to them.
I was, and you cited something that is not applicable.
At least, not as it was intended and has been applied. Maybe this will be a precedent setting case, but until then...
Maybe you should read it...
Those are rooted in actions like bombardments of civilian areas e.g. Dresden, Gaza, etc.
Just because an action has collateral damage, does not make it indiscriminate.
Again, it's not like Israel isn't already committing war crimes every day, I'm just not clear if this is one of them.
For example, when the Ukrainian's assassinated the propagandist in St Petersburg at the cafe, there was collateral damage. Still doesn't make it a war crime.
I am not comparing the morality of Ukraine to israel, I'm just giving you relevant example from recent history
Not that Israel needs an excuse to commit a war crimes on any day that ends in Y, but I don't believe this is a violation of the Geneva convention.
It was a mass targeted assassination campaign against an opposition military force structure. I'm not saying it's not a crime, just that I don't believe it's a war crime.
But I'm open to the very real possibility that I am wrong about that. So if I am, can you point me to the article(s) it's in violation of?
I genuinely would like to fill that gap in my knowledge, if it exists.
I imagine that doing research on the fly for a back and forth on CCP governance, forced you to rapidly consume a bunch of half-assed Wikipedia articles, and that flood of new information felt similar to a moving goal post of sorts, but that's in your head.
Regardless, I started, and ended, at the same position... It's the same one that I will lay out one final time: post-Mao, pre-Xi China was not a dictatorship.
From your source:
A dictatorship is an autocratic form of government which is characterized by a leader, or a group of leaders, who hold governmental powers with few to no limitations. Politics in a dictatorship are controlled by a dictator, and they are facilitated through an inner circle of elites that includes advisers, generals, and other high-ranking officials.
Now, you saw the word uniparty on the Wikipedia entry for dictatorships, and assumed that applied to all uniparty government's, but it does not.
Other metrics have to be met before it can be considered a dictatorship, for example the USSR under Stalin was a dictatorship, but not under Gorbachev. The USSR was still a repressive authoritarian one-party state, but Gorbachev was not an unaccountable autocrat without systemic checks or limits on his power.
So, back to China:
Here's a list of Chinese presidents, but you can probably skip down to the 4th Constitution, which is the start of the era you keep bringing up.
https://en.m.wikipedia.org/wiki/List_of_presidents_of_China
Notice that these leaders come from competing factions and groups within the CCP, some more conservative, some more liberal, but more importantly, they transition power at regular intervals, well, until Xi.
So you can call them totalitarian technocrats, or authoritarian capitalists, but you can't call them communists, and you definitely cannot call them dictators.
All that aside, I don't know why some factual inaccuracies become commonly believed, but I guess the simple answer would be a lack of education, or interest.
Maybe a better question would be why it is you put so much faith in the average layperson's understanding of subjects such as the history of CCP governance, or the political economies of post-Mao China...?
Edit: this isn't a thesis I'm defending, it's a non-controversial fact, that I resent spending so much effort to reiterate, but that's my fault for engaging.
Imagine that your position is that the Earth is flat, and no matter what I say, you respond by telling me that my thesis regarding a theory of a round earth hasn't been sufficiently argued.
Because that's what's been going on here, you're a flat earther of post-Mao Chinese political theory.
So....you couldn't even be bothered to read more than a few paragraphs?
The Communist Party has long been the ultimate decision maker in China. But after Mao died, Deng Xiaoping and his successors built some checks against excessive power, hoping to avoid a repeat of Mao’s turbulent rule.
The party and government systems worked in tandem. Party leaders often set broad policy, and government ministries and agencies refined and implemented their goals, sending feedback to the leaders.
Dictatorships don't have legal and systemic checks against the autocratic rule, which is why Xi removed them.
You're using a lot of words, but they're based on your lack of understanding post-Mao CCP goverence that Xi upended when he seized power.
But I'm done going back and forth on this. You should feel free to go on believing that I am wrong, and that you are right, because I have no confidence that you would read any dry academic writings on the topic that I respond with, as you couldn't even make it through a few hundred words of a NYT article.
I've already booked my ticket, because I'll be damned if I'll let something as lame as not being a Brazilian citizen, prevent me from casting 1,273 votes for this man, our hero.
Unless it comes out that he was with Bolsanro during his infamous visit to the brothel full of underage Venezuelan girls...
But anything short of that, I stand with him.
Your first link shows exactly why the CCP wasn't a dictatorship in the era the preceded Xi, and your second link has nothing to do with that era at all.
I have an academic background in this field, so the idea that my understanding is based on reading a single sentence, or a few Wikipedia entries, is amusing.
I know it's cliche, but I really think you need to go look up the the definition of dictator.
Or, crack a political science 101 book and skip right to the section on political systems.
Or maybe your misunderstanding is just a lack of knowledge of how China's government structure functioned post-Mao, pre-Xi.
Whatever the reason, I think you need to do a little bit of reading, but it's not like you're alone in this misconception so I don't mean this as an insult.
Words have meanings, and the word you're looking for is authoritarian, but that doesn't mean it was a dictatorship.
They were a one party system, that had regularly transitioned power at scheduled intervals for decades. Which means they were not a dictatorship, until Xi stopped those transitions of power.
The modern context of Japanese and Chinese expansionism in this particular area is similar in some ways, but very different in other ways.
Regardless, I agree that China doesn't have the legal right to seize territory, but that doesn't mean I shouldn't understand their perspective.
It also doesn't make the idiotic reductionist take that this is all "capitalism", any less idiotic.
All that said, I also understand that great powers tend to only talk about international law when they are applying it to countries they view as beneath them, or inferior.
In this case, China is coming into its own as a regional hegemon, assuming their relatively new status as an outright dictatorship doesn't fuck that up. To do that, it has to push out American naval power, there's no alternative for them.
So, if Xi's one man politburo figures out how to walk and chew gum, while also driving a successful regional expansion, I don't think yours, or my, quibbles about international law will make much difference.
Luckily, whether he's capable of juggling all that successfully, is still an open question with a lot of doubt.
I think you've confused my previous comments as some sort of moral equivocation, which they really weren't meant to be, but since you brought it up...
You may believe that America's intelligence agencies, on balance, are more moral than Russia, and you're probably right, but that is damning by faint praise.
Espionage is literally the act of committing crimes on behalf of a government. It's not altruistic and it's not used to fight the good fight of corruption, or the mafia. In fact, it's often done in conjunction with those actions and organizations, because that is what the job often requires.
Either way, Russia doesn't need Kaspersky to run its domestic surveillance network or it's myriad of police state apparatuses.
FYI oftentimes terrorism is blowback from actions taken by intelligence agencies years, or decades, prior. That is, the groups and ideologies they fund, train, and use, for their own ends, don't cease to exist just because they're no longer useful, or needed, by those agencies.