Profile picture
, 3 tweets, 1 min read
My Authors
Read all threads
This tweet is a nonsequitor. The way everything is getting hacked is not unpatched vulns. It’s overwhelmingly things like phishing or taking advantage of misconfigured servers.
The common trope in infosec is that insecurity is due to a simple moral failing, like laziness or greed. If only people weren’t lazy and did the one simple thing of patching their stuff, so many problems would go away.
But in fact, patching isn’t so simple. If it were problem-free, all patches would just be automatically applied. Patching causes as many problems as the security threats they are supposed to guard against.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Rob ☃️ Graham

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
Rob ☃️ Graham
@ErrataRob
So for those whose New Year's resolution is to lose weight. I'm not sure it's a realistic goal. Better goals are to exercise more and eat more fiber.
I've been going for long, fast walks 6 nights a week for the last 1.5 years and it's been an AMAZING change in my health. I wish somebody had told me how important exercise is.
I now switch fries with that burger for vegetables. This also results in a noticeable change in outcomes, from simply a more comfortable digestive tract, to lower cholesterol. And it's much simpler change than exercising.
Read 6 tweets
Profile picture
Rob ☃️ Graham
@ErrataRob
These 4 rules are idiotic, created by idiots. They demonstrate how anybody can claim to be an expert by telling everyone else to "take security seriously".
It's like in that Simpson's episode when Homer is afraid of getting fired, so he tries to make it seem like he's doing something important by going around telling everyone to "stop being so unsafe" and "safen up!".
Let's look at number 1, updating devices. Yes, all else being equal, you should be updating devices. But updating devices has a cost. For the average person, the cost of keeping everything updated may be larger than the costs of not doing so.
Read 21 tweets
Profile picture
Rob ☃️ Graham
@ErrataRob
Last I looked on some older machines, a ton of certificates for browsers and code signing also expire Jan 1 2020. I've always wondered about this, whether 'tis better that they expire all on the same date, or if expiration should be spread out.
If they all expire at the same time, then diagnosing why a computer suddenly failed is a lot easier. Once you figure out why one failed, that'll be a top thing you'll look for when diagnosing other failures. When spread out, it'll be a surprise every single time.
On the other hand, when certificates all expire at once, you get Y2k situations where the cost of failures gets amplified. Instead of small outages quickly dealt with, you have a cascade of failures.
Read 5 tweets

Related threads

Profile picture
Jake
@JCyberSec_
:: Phishing Admin Panel Hunting Thread ::

In this thread we will find ways to hunt and attribute phishing admin panels.

This is a continuation from my #phishing hunting thread released earlier this year. ()

Please retweet to knowledge share among others.
Firstly we need to understand what an admin panel is in relation to phishing sites. There are many phishing-as-a-service (PaaS) offerings for threat actors to buy allowing them to quickly and easily deploy kits online. They normally consists of a threat actor buying an API key.
In this thread I will show you how to fingerprint some of the major panels, if you feel I have missed any let me know as I would love to keep this thread current and up-to-date on new threats.
Read 22 tweets
Profile picture
세타 | seunglix and hyunin au 📌
@writinghwang
hyunin au ༄

where jeongin has kept a secret for his whole life, but one night everything will change when he meets a stranger
‼️ disclaimer ‼️
- it’s my first au ever, i hope you’ll like bc i’m really trying my best
- english isn’t my first language, so there might be mistakes sorry 🥺
- quote don’t reply because it might break the thread
- enjoy!!💘
let’s meet the two protagonists ♡
Read 199 tweets
Profile picture
Jake
@JCyberSec_
:: Phishing Hunting Thread ::

This is a thread about how to hunt and find #Phishing sites.
Retweets would be great to help spread the knowledge and please add your own techniques, ideas and suggestions.

Let's go hunting!
Firstly we need a site to use as a pivot. I have attached a number of sources at the bottom of this thread. For demonstration purposes we will use this site ::

hxxp://www.new.froid-guyader.fr/libraries/sharepointcontract/

This is a #Phishing site against Microsoft Office
Initially let's see if there is a #PhishingKit or #OpenDir on the domain. Enumeration on the domain is important. This is a example of sites to load and see ::

- hxxp://www.new.froid-guyader.fr/libraries/
- hxxp://www.new.froid-guyader.fr/
- hxxp://www.froid-guyader.fr/
Read 16 tweets
Profile picture
mark risher
@mrisher
Okay, here’s the deal with Security Keys and #phishing, because even some experts don’t really get it. HT @boblord and @runasand for the idea 1/
IN THE BEGINNING, God created passwords. If you knew your password, you could sign in; if you didn’t, the door remained locked. Simple! 2/
Unfortunately, phishers realized that if *they* knew your password, they too could sign in. Relying on a single “knowledge factor” meant if they could make you enter your pwd on their fake login page, they were home scot free. 3/
Read 20 tweets
Profile picture
Martín Obiols
@olemoudi
Unpopular opinion of the day: #phishing awareness campaigns and teaching your users to stay frosty is a close to useless endeavour. A waste of resources. Read on to see my point (1/n) /cc @troyhunt @randomdross @sirdarckcat
I know anti-phishing is a business that feeds a lot of people but the way this war is fought today just seems off to me.
First, I differentiate targeted phishing campaigns (usually APTs) from massive or moderately massive phishing. I don't think I need to point out why you can't fight the former with awareness.
Read 27 tweets
Profile picture
James Barisic 🇪🇺 #FBPE
@jamesmb
Earlier today, I wrote a tweet about another @Twitter promoted tweet #phishing advert and I reminded you that I had written about it a couple of week ago. link.medium.com/UXh4iZtCMR

Well, guess what has happened since this morning...?

#security #scam
Amazingly, there had been another one today, @twitter!

This time, @farahmenswear is the main hacked account and the supporting account for this #phishing #scam is incredible...
Amazingly, the supporting accounts for this #phishing #scam include @EuroParlPress - the European Parliament Press Office. This is now off-the-scale!

Maybe @guyverhofstadt or @GabrielMariya can look into what is going on?

link.medium.com/UXh4iZtCMR
Read 4 tweets

Trending hashtags

#Sanders2020 #Indian #WeAreNATO #Modi2Begins #GoBackPappu #VictoryDay1945 #Shoah #googleads #ModiSpeaksToBharat #Republicrat #CapitalismIsCorruption #scientific #Tehran #AntiColonialism #Kummanam4Kerala #saudiTerroristRegime #ExposePakLovers #COLDCASING #Crimea #WeFightAsOne #23rdMay #NoraConnolly #Tankists #WomensDay2019 #GUESS
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!