Comment by Ygg2

Comment by Ygg2 2 hours ago

3 replies

View on Hacker News

> Who would have an incentive to spend resources

That's not how threat analysis works. That's a conspiracy theory. You need to consider the difficulty of achieving it.

Otherwise I could start speculating which large NAS provider is trying to DDoS me, when in fact it's a script kiddie.

As for who would have the most incentives? Unscrupulous AI scrapers. Every unprotected site experiences a flood of AI scrapers/bots.

theteapot 2 hours ago

Actually I think that's roughly how threat analysis works though.

Reply View 2 replies
  • Ygg2 an hour ago

    For threat analysis, you need to know how hard you are to break in, what the incentives are, and who your potential adversaries are.

    For each potential adversary, you list the risk strategy; that's threat analysis 101.

    E.g. you have a locked door, some valuables, and your opponent is the state-level. Risk strategy: ignore, no door you can afford will be able to stop a state-level actor.

    Reply View 1 reply
    • theteapot 10 minutes ago

      I concur the question, "Who would have an incentive to spend resources on DDoS'ing Codeberg?" is a bit convoluted in mixing incentive and resources. But it's still, exactly, threat analysis, just not very useful threat analysis.

      Reply View 0 replies