Profile picture
, 11 tweets, 3 min read
My Authors
Read all threads
This story is everything wrong with infosec. Yes, researchers have demonstrated there is a theoretical danger. No, as far as anybody can tell, it's not happening in practice. I've plugged into every USB outlet I've found in airports and found no attacks.
It might be appropriate for the government to issue warnings of criminal activity they find in the wild. It's pretty stupid issuing warnings for every theoretical thing that might happen. Sadly, infosec can't tell about the difference, or just doesn't care.
In infosec, we are on a moral crusade. Security is important, whether you agree or not. You need to stop doing what you are doing, pursuing your own concerns, and instead pursue our concerns.
Did you know that hackers can release air in your tires, causing you to have an accident? You need to make sure to check the air pressure of your tires before each and every time you go for a drive. Actually, anything less than an hour spent verifying your car is lax safety.
Nobody in infosec retweeting that article actually read it. Otherwise, they will have noticed this glaring error. That's a completely different, unrelated problem with USB chargers.
That other thing was an alert about a hostile radio device made to look like a USB charger, not about a charge that would attack your phone over the charging cable. The warning was about removing unused chargers, not using chargers.
Getting technical details right doesn't matter, because the real issue is the moral Crusade we are on. All that matters is that we scare people constantly and make them pay attention to our concerns. Explaining things correctly does not matter.
As this tweet points out, if we just neutrally measure the cost, the cost of avoiding USB chargers is clearly greater than the cost of using them. Infosec doesn't care about the costs of security, only hypothetical benefits.
Also, that story is also everything that's wrong with journalism. There's no attempt to get both sides of the story and provide perspective. It's trying to get eyeballs by hyping the danger. There no money educating people that while there's a danger, they are probably safe.
That's a bit cynical. The truth is that reporters aren't smart, and therefore can't conceive of there being another side to the story. Nobody would argue that you should be unsafe, would they???
But my cousin's girlfriend has a mechanic who heard from a friend that they've seen attacks on the East Coast.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Rob ☃️ Graham

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
Rob ☃️ Graham
@ErrataRob
Some people tricked otherwise libertarian magazine Reason.com to publish this anti-libertarian piece in which special interests are lobbying for favorable government regulation to sell their products.
The libertarian approach to fixing the problem is a carbon tax that's offset by reductions in other taxes so that it's revenue neutral. Nobody (other than libertarians) like this solution because it fails to promote special interests.
Nobody really believes in manmade climate change (except libertarians). Instead, they are just trying to exploit the cause to promote their own special interests. The "Green New Deal" is a great example, it contains little that is green and much that is "New Deal".
Read 7 tweets
Profile picture
Rob ☃️ Graham
@ErrataRob
Just your yearly reminder that the day before Thanskgiving is not the busiest air travel day of the year. This misconception is a mass deception perpetrated by the media.
Airplanes fly about 85% full throughout the year. Thus, there can't be a flood of travel on any day, the maximum possible increase from the norm can only be 15%.
This story of a flood of passengers right before Xgiving implies that planes are flying empty the rest of the year, or that there is a fleet of planes on a tarmac somewhere in reserve to be pulled out only on Thanksgiving to fly passengers.
Read 6 tweets
Profile picture
Rob ☃️ Graham
@ErrataRob
No. That's not what the DHS did. That would be stupid.
Instead, what the DHS did was require vulnerability disclosure policy. This is very smart. It's not the same thing.
The order doesn't require federal agencies to increase protections. It makes no mention of this. It's about setting up a "vulnerability disclosure policy", so that agencies can receive information about vulnerabilities. It doesn't say they have to fix these vulnerabilities.
Vulnerability disclosure is one of the few things in the cybersecurity industry that's been found to work. it's one of the few things we can point to and say "this is a good idea". But it's subtle. Most people's instinct is to cover up vulnerabilities instead.
Read 5 tweets

Related threads

Profile picture
Sergio Caltagirone
@cnoanalysis
I like @SANSInstitute a lot - I recommend them a lot. But, I'm going to be honest. They've become the gatekeepers of the #infosec practice in many ways and at $10k for a course and travel it's hurting our ability to grow leaders and practitioners. #cybersecurity #training
@SANSInstitute There are many stories about #infosec warriors "pulling themselves up by their bootstraps" which is true! However, we're now beginning to change from a meritocracy into a plutocracy. Only those who work for the wealthiest companies or have the personal fortune can get in easy
@SANSInstitute SANS is not "overpriced" it's priced accurately based on market demand - the same as Harvard is priced accurately based on market demand. But, that doesn't mean it's what is best for our industry.
Read 6 tweets
Profile picture
Bharata ☺️
@indian1417
#Story
#StoryOfReligions
#OnceUponATime,Six Blind fellows came in front of an elephant.
The first guy, Abraham by name, felt up the trunk and declared elephant is long & flexible.
When the elephant started probing with its trunk, seeking food, Abraham pushed his son to front.
1/7
Elephant a herbivore, returned the child to Abraham.

Next guy Moses, when he approached, elephant lifted up its head & trunk.
Moses reached its leg, declared it is solid, straight like pillar & not flexible. He issued commandments, rigid, inflexible & hard as elephant hide.
2/7
Next guy, Siddhartha was tall, he could reach upto the ears, declared elephant is flat, thin and broad and provides comforting wind when you move it.
3/7
Read 13 tweets
Profile picture
ArborDayWorshipper
@PollySpin
#story
Read 8 tweets
Profile picture
Loose_Bull 🇮🇳
@loosebool
#Story ...
1.’Dada ‘ was actually the name of the Dutch company that imported Fake Ghee Called ‘vanaspati ghee ‘ into India in the 1930s as a cheap substitute for Pure ‘desi ghee ‘ Which was prepared from cow or Buffalo milk in India 🤔
2. Desi Ghee was locally made product sustaining Indian Economy-on other hand-So Called ‘Vanaspati ghee’was a type of vegetable shortening made up of hydrogenated or highly saturated vegetable oil and made to just’mimic desi Ghee’🤔!

It was a Fake Product to fool the Indians 😎
3. Proper ‘Desi Ghee ‘ was expensive & Lever Brothers, now Unilever (Hindustan Unilever in India), knew there was a market for a substitute for desi ghee, since many Indians could barely afford Ghee in those days 😨
Read 7 tweets
Profile picture
Hellen Weinschutz Mendes
@hellen_cwm
I was born and raised in the beautiful city of #Curitiba, southern #Brazil!
This region is famous for being cold and cloudy (yes it can be cold in Brazil!).
It is also famous for its very endemic and beautiful #Araucaria pine trees. #voicesIWS @IWS_Network @500womensci /1
#Actions speak louder than words! I am thankful for my parents for being who they are. Both always showed love for Nature, different interests and #curiosity! So no wonder by observing them I grew up to be a very curious girl who really loved Nature. #voicesIWS @IWS_Network /2
During High School I became fascinated by the #mendelian #genetics classes and the work of #gregormendel! I also loved studying animals, ecosystems and climate so the obvious choice for me in University (@PUCPR_oficial ) was BIOLOGY!! @IWS_Network #womeninscience #voicesIWS /3
Read 21 tweets
Profile picture
ACotonio
@ACotonio
#infosec moment:

1/ Met a gentleman this morning outside our agency building today. Enjoyed some small talk; turns out he just got picked up for a dream infosec job. His first actually. Had joined the USAF in aircraft maintenance, pushed himself to learn IT after hours.
2/ You could tell within the first 30 seconds how passionate he is about this field, and how his intelligence and drive would take him far. By 60 seconds, you could also see his self-doubt & tendencies towards Impostor Syndrome.
3/ Ended up spending nearly 30 minutes just mentoring. He had seen me around in cyber (new here myself), and heard my honestly undeserved nickname “MegaMind”. Turns out it wasn’t entirely a chance encounter.
Read 8 tweets

Trending hashtags

#disinfo #infosec #Infographic #BugBounty #English #transcription #searching #foreigner #MissionComplete #OnceUponATime #fakenews #abroad #security #Startups #technologies #Twitter #electionintegrity #support #InfoSec #Lab #bigdata #Journalists #IPBES #newcomer #IndivisibleTimes
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!