Profile picture
Alec Muffett @AlecMuffett
, 7 tweets, 5 min read Read on Twitter
@NCSC Hey Mat; your categorisation has issues at the very first hurdle - understandable considering that it comes from a perspective of attribution. In the private sector it's rarely about how godlike the attackers are, it's about how long they persist before if they get bored.
@NCSC It's a concrete example of the old joke about "I don't have to outrun the bear, I just have to outrun you" - the private sector is not and should not be collectively responsible for each other's security. As such we strive amongst ourselves to be secure sufficient to our needs.
@NCSC Of course one of the benefits of a "elitism based approach" to qualifying hacking risk is that it sediments GCHQ as role as arbiter of how bad threats are; NCSC becomes a bit like the IOC, vetting the state of the hacker "athletic" field...
@NCSC But if you stopped the cyber and instead promoted "bug bounty programs" (for one) - British companies would learn how vulnerable they are to (say) a solitary Indian teenager, delightful in person, who is really really focused on your risk posture.
@NCSC And - get this! - he will tell you what's wrong for a nominal fee and be delighted when you reward him for it, and you will build a relationship, going forwards. Everybody wins.

This is why the mythos of state attribution is deeply harmful to British cybersecurity.
@NCSC Please @NCSC, please @GCHQ, come out of the cold of spycraft - yeah, sure, there are Russian trolls and Chinese intellectual property thefts - but there are a zillion more startups with shoddy security who are better served by bug bounty programs than a culture of pentesting.
@NCSC @GCHQ @threadreaderapp unroll please
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Alec Muffett
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @AlecMuffett see all

Profile picture
justsecurity.org/62114/give-gho…
1/ Applying this idea to WhatsApp, it would mean that—upon receiving a court order—the company would be required to convert a 1-on-1 conversation into a group chat, with the government as the third member of the chat. But that’s not all.
2/ In WhatsApp’s UX, users can verify the security of a conversation by comparing “security codes” within the app. So for the ghost to work, there would have to be a way of forcing both users’ clients to lie to them by showing a falsified security code, ...
Read 39 tweets
Profile picture
THREAD: QUESTION FOR ALL SECURITY PEOPLE — in this day and age, would you buy a single-vendor IT security solution which advertised itself as "the gold standard" for data security protection?

Would you give that claim any credence whatsoever?
The infosec world has a long-established term for such glib claims: "Snake Oil" - this terminology goes back to the 1990s or earlier, for vendors who were selling sub-par cryptography as "military-grade" or other supposed but meaningless description interhack.net/people/cmcurti…
Particularly telling for "Snake Oil" are the words and phrases that are used to describe the security solution, process, or tool, its development, mechanism, or vendor:

* "Trust Us, We Know What We're Doing"
* "Unbreakability"
* "Military Grade"

interhack.net/people/cmcurti…
Read 27 tweets
Profile picture
@breenemachine @alexstamos 1/ Well, I've been doing this stuff to 30 years and still learn every day/week; that said, the generalities are several thousand years old and after a while you will see the same issues coming up in new clothes. But you can read around the topic in your own time. […]
@breenemachine @alexstamos 2/ Maybe half of the people I have worked with in infosec have been CS students. There is no barrier to entry. I have worked with chemists, physicists (me = astronomer), med students, linguists, performing arts students, english lit majors, and some have have no college degree.
@breenemachine @alexstamos 3/ There are 2x main paths to learning: 1 is to seek formal education - cyber-this, ethical-hacking-that - and it's fine. You'll learn, but if you only learn "security stuff" then you'll be a pentester, and I love pentesters but lord, we have enough already.
Read 17 tweets

Related threads

Profile picture
everyone that has worked in the private sector knows this is a stupid meme
not only is the private sector filled with non-essential personnel, the private sector is filled with non-essential industries.
99% of programmers
99% of autoworkers
99% of writers
99% of whatever

can take the entire first quarter of 2019 off and nobody would notice
Read 9 tweets
Profile picture
#Perspective #SyriaWithdrawal #Syria
No matter what or when, leaving an area gives opposition opportunity to potentially regroup... This is true.

To bend to this argument would mean PERMANENT occupation.

Think about it.
There does come a point when the folks of a region need to become responsible and accountable to themselves.
We cannot continually hold everyone's hand.
I must say the liberal left has tied themselves into knots on this issue proving its not about issues currently, it's about opposing Trump.
They didn't want the troops there in first place... Calling for immediate withdrawal... Until Trump announced the withdrawal that is. 🙄
Read 4 tweets
Profile picture
For emphasis sir. The last govt setup one hub in 4 years. It wasn't sustainable and had to shut down without govt support. That was a good learning point for this govt, &in 3 years we have worked with private sector to set up 4 hubs & engaged with over 10 hubs in the country
As part of @NSIP_NG's National Social Investments Program & working with @nitdanigeria, we engaged with private sector players. And in three years we have seen govt footprint and direct/indirect govt interventions in the tech ecosystem. Actively setting up 4 hubs in just 3 years
In the North East,in partnership with development partners, private sector & universities, we setup @Northeast_iHub. Focused on providing innovative solutions to humanitarian challenges in the region. Today the hub is 3D printing prosthesis for amputees among other amazing things
Read 26 tweets
Profile picture
I was born & raised in #Medellin Colombia, an amazing & vibrant city in the middle of the mountains.

Please do not mention #Narcos or #Escobar when you hear Medellin!

Medellin is much more than that #eternalspring #innovation #Entrepreneurship #mountains #coffee #greatpeople
I was born & raised in #Medellin Colombia, an amazing & vibrant city in the middle of the mountains.

Please do not mention #Narcos or #Escobar when you hear Medellin!

Medellin is much more than that #eternalspring #innovation #Entrepreneurship #mountains #coffee #greatpeople
Went to a great school in #medellin & at 17 started #medicine not because I wanted to be a clinician but because I liked the #science & my family and #mentors told me #medicine was broader and could open more doors for me #VoicesIWS #Thread☝️@IWS_Network
Read 21 tweets
Profile picture
Hey, I just wanted to check in and remind everybody that Gold Rush is the best television show on earth and probably not what you think it is at all.
You know your idiot cousin who takes out credit cards under his toddler‘s name and sold essential oils on Facebook for three months and won’t shut up about Bitcoin? That’s who stars in Gold Rush. The good episodes, anyway.
I genuinely recommend watching it from the very first season to get a real feel for it. Season nine is a bad place to start, because the general competency level has gotten too high.
Read 3 tweets
Profile picture
#perspective 2018's first 12 days have been a rollercoaster of Trumpian reactive oxygen-sucking media cycles, ranging from the "i got a bigger nuke button" to @MichaelWolffNYC s Fire&Fury to the shithole controversy, to finish w/ Stormy Daniels 1/
Sober,rational analysts of our current feverish "moment" are few&far between- @RadioFreeTom @NoahCRothman @ianbremmer @umairh try to provide sustenance to who are interested in immediate&mid-long term consequences of the circus show started on the gold plated escalator in 2015 2/
Throwing my hat into the ring, some random observations to pierce the #Trumpian-media feedback loop (ICYMI @MattGertz's must-follow tweets) : Trump's #Outsourced Presidency could have lasting consequences as it paradoxically shows 2 facets 3/
Read 12 tweets

Trending hashtags

#communication #MyDCCool #BeepBeep #WomeninScience #STEM #mentalhealth #RecordStoreDay #postdoc #SuperBowl #PaycheckPresident #Ozark #AcademicTwitter #productivity #grant #mentors #diversity #HappyLaborDay #Businesses #challenge #PhD #FVEY #Genomics #AsoVillaToday #biology #TravelTheWorld

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!