Profile picture
Robᵉʳᵗ Graham 🤔 @ErrataRob
, 16 tweets, 3 min read Read on Twitter
1/ So I want to discuss Trump's poor writing as an allegory for cybersecurity. Twitter blew up yesterday enjoying the irony of Trump using the wrong word for "pore" in a tweet extolling his skill as a writer. There are similarities in how people treat software bugs.
2/ Most enjoying Trump's misfortune themselves did not know the difference until it was pointed out to them. Yet, everyone sees themselves as competent in criticizing Trump's writing skills.
3/ The "pore" vs. "pour" problem isn't the only flaw in his tweet, there are several worse problems. Yet people seize on this one mostly because it's the easiest for their small minds to understand.
4/ Another flaw in Trump's tweet is a "dangling participle", which remains even after Trump corrected "pore". I see nobody laughing at him over this, because people just don't understand it, even after "dangling participle" is explained to them.
5/ Something similar happened with the "notPetya" worm. A lot of pseudo-experts opine abut the ETERNALBLUE bug in Windows that was used in the worm, but like "pour", it was the least important of the issues. It dominates the discussion because it's easiest to understand.
6/ The real issues of "notPetya" were (1) it was delivered via an auto-update software patch from the vendor, and (2) it spread laterally through reuse of Windows credentials. ETERNALBLUE was only a minor third issue.
7/ Ironically, "experts" use "notPetya" to claim that it demonstrates the need for automatic patching, to fix bugs like ETERNALBLUE before they can be hacked. They aren't paying attention to what's going on, just to what messages the ignorant public wants to hear.
8/ Back to the Trump's tweet. Bigger than typos and grammar mistakes is that his "best selling books" where ghostwritten and edited. His claim he wrote them is a lie. It's false, and he knows it's false.
en.wikipedia.org/wiki/Bibliogra…
9/ This shows how in Trump's presidency, trivial debates consistently overshadow substantive ones. People display more concerned about a simple typo than an outright lie. Even on substantive issues, debate veers toward the trivial.
10/ How "notPetya' spread via PsExec using Windows credentials is the most important cybersecurity issue your organization faces right now. I've been saying this since before notPetya. Yet, it's a discussion that we can't have.
11/ Inevitably, such discussions veer toward the trivial, such as asking what product, which vendor, will fix this issue. There is no product. Well, there is, it's called "Windows". The products you need to address this are already provided by Microsoft, you just ignore them.
12/ The underlying issue is that you've made bad decisions, that you were advised not to, because everyone else was making the same bad decisions without apparent problems. Now that ransomware spreads via Windows networking, these decisions are shutting down organizations.
13/ It's just easier to blame ETERNALBLUE. It's not your fault! It's Microsoft's fault!! It's the NSA's fault!!! The city of Atlanta's network was destroyed by ransomware spread via Windows networking, but sure, let's blame somebody else!
14/ Anyway, we still haven't even discussed the topic of Trump's tweet, which is criticism of how he Capitalizes words Awkwardly. Some claim it's because he's committing a grammatical mistake, others that it's just because Twitter has no bold/italics to emphasize words.
15/ Trump's flaw is he over-emphasizes too much, both with Capitalization and exclamation marks!! Criticizing this as a grammar flaw, or insisting Twitter should add bold/italics, doesn't address this underlying flaw.
16/ The same is true with cybersecurity. Many want software liability for vulns. They are ignoring how this doesn't address anything. It does't address almost all the hacks in Verizon's DBIR. It ignores what really happened in notPetya and Mirai. It's not addressing the problems.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵉʳᵗ Graham 🤔
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!