Profile picture
Robᵇᵉᵗᵒ Graham
@ErrataRob
, 3 tweets, 1 min read Read on Twitter
So I'm scanning the entire Internet for this CVE-2019-0708 Microsoft Remote Desktop bug we all assume will get wormed. Diffing a subset of two scans and we can see how results are slightly unreliable due to network failures.
In that screenshot, you see how 169.47.18.246 is marked "safe" in one pass, but because of network timeout, "unknown" the second pass. Conversely, 194.67.222.43 is marked "vulnerable" one pass, and "unknown" the next due to timeout.
Or, maybe it's an ISP that dynamically assigns addresses, so the next pass is actually scanning a different customers because the IP address was reassigned. I don't understand how this "network" thing works.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵇᵉᵗᵒ Graham
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
Robᵇᵉᵗᵒ Graham
@ErrataRob
No.
For one thing, while sometimes phishing emails are obvious, other times they aren't. Good phishing emails are indistinguishable from real emails.
If you are going to fire anybody over phishing, fire HR employees who send out legitimate emails that are indistinguishable from phishing.

"We are partnering with Super401k.com, just login there with your company username password to see your account info".
Seriously, though, employee inboxes are flooded with obvious phishing attempts that they are already successfully fending off. Falling for phishing means they can only be 99% successful instead of 100%.
Read 3 tweets
Profile picture
Robᵇᵉᵗᵒ Graham
@ErrataRob
Yup. My "SPECTRE" analogy for the Sony attack holds up well. Compare it to how the "Internet Research Agency" was involved in influencing US elections. It was not an agency of the government, but of an oligarch with ties to the government.
In the U.S., all government hacking is top down through official channels. In Russia, Iran, North Korea, government is involved in sponsoring largely independent hacking groups.
There are many "asymmetric and unrestricted warfare" manuals that describe the process. It's just hard for us to understand since we describe threats only through our symmetric model, that if North Korea was involved in the Sony hack, it must've been top-down the way we'd do it.
Read 3 tweets
Profile picture
Robᵇᵉᵗᵒ Graham
@ErrataRob
1/ This "Lessons from Crippling Ransomware Attack" gives no lessons. It's like:

me: My friend just died in the hospital.
them: He should've dieted and exercised more.
me: He was hit by a bus.
2/ The lesson to learn from "crippling ransomware" is "fix your Windows permissions". That's it. That's ONLY it. There is no other lesson.
3/ Ransomware attacks are common, usually as part of a phishing attack. It's a regular task of IT departments everywhere to wipe an infected user's machine and reinstall Windows. That's non-crippling ransomware.
Read 10 tweets

Related threads

Profile picture
Kevin Beaumont
@GossiTheDog
CVE-2019-0708 RDP vulnerability megathread, aka BlueKeep.

Going to nickname it BlueKeep as it’s about as secure as the Red Keep in Game of Thrones, and often leads to a blue screen of death when exploited.
If you want a quick and dirty mitigation for Windows 2008 and 7, turn on NLA. en.wikipedia.org/wiki/Network_L…
There are no public PoCs yet, and no sign of exploitation in wild.

Joke PoCs are already appearing on Github. Don’t run random PoCs you find online; they will often be malicious.
Read 46 tweets
Profile picture
Raphael Gluck
@einfal
1. What can we learn about ISIS supporters based on the many different subtitled language translations that have appeared online since the emergence of a new video showing Abu Bakr Al Baghdadi? Some insights to follow, would welcome other thoughts (Image- Portuguese translation)
2. Ever since the video release on April 29, supporters of ISIS have rallied around their Emir, the caliph of the now caliphateless caliphate to strengthen their resolve and reaffirm their online resilience- something they refer to as 'media jihad' in 'Wilayat Internet'
3. Online, ISIS created a "sense of virtual community to which those who otherwise felt adrift and detached from their real communities were drawn" writes @jgeltzer in an excellent piece for @TheAtlantic theatlantic.com/ideas/archive/…
Read 12 tweets
Profile picture
Matthew J. Becker 🌟🌟🌟
@MadAddictSport
#See Huawei Poland: @Avery1776
@BenKTallmadge @CarrollQuigley1
jamestown.org/program/arrest…
usnews.com/news/articles/…
A great read:

nytimes.com/2013/11/23/us/…
Read 3 tweets
Profile picture
Shrikanth Krishnamachary
@shrikanth_krish
Two days ago I compared Per-capita GDP of all states relative to India PCI for 2004-05 & 2017-18

Since then conversations with @PoliteVersion and links to an RBI source permit me to make some changes to the analysis I had shared
Two Tweaks to earlier exercise

1. Use of 2017-18 numbers for all states (earlier used 17-18 numbers for most states, but 2016-17 for some)

2. Comparison over time using both Constant prices & Current prices
Now 1 is definitely something we should do.

So let us first make Change 1 and see how results change (while still using "current" prices)

The basic narrative does not change. Telengana remains the state with the biggest jump. But Gujarat now does much better than before
Read 15 tweets
Profile picture
Susanne
@susannehusebo
Help me make a list of things that work really well when you have a #remote team?

👇
It’s not that one person who is remote. The whole team is remote. Treat inteactions that way.
When you dial in to calls, make sure you’re well lit from the front. You’re not a witness in a criminal case.
Read 12 tweets
Profile picture
Phil Freo
@philfreo
Let's talk ENGINEERING HIRING (especially for startups, and #remote)

I’ve been hiring on small startup eng teams for the past 8 years (most recently grown @Closeio's eng team from 2 to 14, before that at @quizlet).

👇Here's a thread with some mistakes & hard lessons learned...
Hiring is always hard. It does get easier over time, but it's always something you have to work super hard at. If you're not ready to put in really hard work, you won't be successful hiring.

Don't hire too early! Why not?
1. 😩 Hiring is hard & slow. Skip it as long as you can.
2. 💸 People cost $$$
3. ✅ Do the job yourself first. You'll be better at hiring for the role once you have.
4. 🚀 Small team = fast & nimble
Read 29 tweets

Trending hashtags

#Solidarity #see #security #FO76vsFO4 #Charlottesville #MTGPauper #JimDickson #NSA #XKeyscore #Zulia #RLA #FVEY #Barcodes #saqueos #AcademicTwitter #BlackBudget #remote #WeAreTheNewsNow #QMePlease #ProudBoys #humblebrag #Parque #lka #USA #NinjaNews
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!