@SwiftOnSecurity saving for use in my 2025-2026 training curriculum and to print on the cyber corner of my office bulletin board.
Thank you for your service.
@SwiftOnSecurity And the LLMs will be doing their "hold my beer" analogue (digilogue?) when they see this.
In computer security, the concepts of vulnerability, and actual ability for an opponent to exploit it, are separate things. Vulnerability is an absolute ā as determined by versions of files and production code. Exploitability is the endless nuance of configuration and mitigations, as far as you know.
Being vulnerable is to be human. It is to expose grace and hope. It's not weakness.
Not being exploitable means you've been hurt before.
@SwiftOnSecurity This is one of the reasons, IIUC, bank digital security leans a lot more towards the permissive than one would expect given the amount of damage someone can do exploiting it.
... because the security in banking isn't in prevention, it's in auditing and the fact the law backs protection of assets. Places like Google, before the passage of laws about intrusion into systems, only had passwords and encryption to protect the system. Someone fucks around with a bank and gets them to run an unauthorized transaction? The feds go hunting for that person.
Grace is too underrated.
@SwiftOnSecurity ā¦ and it cannot be patched. I currently see 90+ years old vulnerabilities being exploited at large.
@SwiftOnSecurity Robots don't lie. They don't have 'concept of mind'. They don't have a concept of true, or of reality, they cannot lie. They spit out words but they don't know that they're dealing with words, any more than a brick knows whether it's holding up a wall or breaking a window.
