Profile picture
, 10 tweets, 2 min read
My Authors
Read all threads
Attorneys won't provide legal advice for free or for a small fee, doctors won't look at your kid's rash, and really, cybersecurity professionals shouldn't be looking at people's computers.
One reason is the risk of being sued when there's a mistake -- you are asking them to accept a considerable financial risk for free.

The second reason is the a high chance of a mistake.
Let's ask a lawyer "Is port scanning legal?". What I don't tell them is that I'm running nmap with a script that also automatically logs onto the system, so when I get arrested for CFAA violations, I sue the lawyer who told me it was legal for legal malpractice.
Lawyers don't know the answer offhand whether port scanning is legal. They'd have to spend time researching it, and even after that research, the answer isn't going to be yes/no, but a set of risks.
It's like the Lauri Drew case. Is it illegal to create a fake Facebook account violating their Terms of Service. The answer is "no" until your daughter uses that account to bully another 14 year old student into committing suicide, at which point the answer is "yes, illegal".
Can you quickly look at my kids rash and tell me if it's serious? Well, your family physician with all the kids records may have a very different answer than your neighbor who glances at it for 5 minutes. The correct answer is "you should really talk to your own doctor".
Part of the problem is that we browbeat lawyers into delivering the answer we want. I want to portscan, when I ask you whether it's legal, I'm going to continue arguing with you why it should be legal until you agree with me.
And it's all very tedious because outsiders don't understand how the law works. Sure, portscan ought (or ought not) be legal -- but that's for politicians to fix by change what it law says. What the law ought to say doesn't change what it actually says.
So you asking the professional to do what's (1) annoying for them, (2) a lot more work, (3) an answer that will likely be wrong because of lack of information, and (4) a legal/financial risk to them when their answer is wrong.
This is an excellent additional reasons:
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Rob ☃️ Graham (not at Shmoocon this year)

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
Rob ☃️ Graham (not at Shmoocon this year)
@ErrataRob
We recently installed solar roof panels, the traditional kind, and I'm kinda amazed there's really no good technical information on the Internet that describes the process.
One problem is that the systems come with no tools that'll help explain exactly what sorts of performance you are getting out of the system. Instead, we have to guess from the meters hooked up elsewhere, like to the power grid.
In the summer, we are net producers of electricity, storing some in a battery but mostly just uploading power into the grid. In the winter, we become net consumers, although we still produce a lot on cloudy winter days.
Read 5 tweets
Profile picture
Rob ☃️ Graham (not at Shmoocon this year)
@ErrataRob
Among the 20-year old arguments we still haven't resolved in infosec is this one. Part of the inconclusiveness is that both sides of the argument are right, depending on unspoken premises. We all assume your premises are the same as mine.
Some organizations haven't yet gotten the basics down. They need pentests doing the basics. Other organizations have solved what hackers did yesterday and want pentesters doing things that hackers will do tomorrow.
The underlying thread brings up a slightly different topic. Defenders are treated worse than dogs. I'm referring to sniffer dogs in airports that search bags for drugs and bombs. The dogs become bored and disillusioned unless they are occasionally given successes.
Read 11 tweets
Profile picture
Rob ☃️ Graham (not at Shmoocon this year)
@ErrataRob
The fictional narrative of a "winner" has become even more fictional than normal.
I mention this because of the nonsense of elections cybersecurity, where it's possibly not even among the top 10 issues that impact elections. Yes, it's important to get right, but it's like writing down measurements to 4 decimals places using a hand-held ruler accurate to only 1
To start with, "primaries" aren't even "elections". They are part, only a part, of the system each party uses to choose candidates for the actual election.
Read 14 tweets

Related threads

Profile picture
Richard James
@RichJamesBits
I have reached a whole new level of #PISSEDOFF.

I didnt think such a #dark and #scary state, or level, could be reached. It may top 12-14-17's causation. It's. That. Bad. So, I've prepared a statement...

docs.google.com/document/d/1_J…

#PascoSheriff #HaveYouAllNoShame @CigarCityBeer
Dear @FBI,
I must implore you ask your colleauges in @FBITampa to help research this new level of #PISSEDOFFNESS. As locals, they may offer a special indepth knowledge of this new level I have reached. This is not fair & law enforcement must #investigate. No one deserves this.
This is my #apogee of #Pissedoffness.
If #motherfuckers & #tears werent a noticable level.
If #HUSH or #INTIMIDATION tactics being deployed didnt strike a chord.
If #EVIDENCE, PROOF, or 30k Bonds didnt #WOW YOU.
If posting mom with no shred of investigatable value wasnt enough...
Read 463 tweets
Profile picture
Porpentina (Tina)
@porpentina2017
With the 2020 elections coming on strong already, I think it is important to talk about keeping yourself safe from "hacking".
When you think of hacking, most envision someone using a computer & complex code to break into your computer.
#CyberSecurity
/1
#Hacking can take many forms, many can be done done over the phone or through email messages. These scams are known as #Phishing.
Example: A phone call where someone asks you for information that are common security questions:

Your first car
Mother's maiden name
Birth City
/2
They might pretend to be from your bank, your email or internet service provider, or your mortgage lender. They might pose as someone looking to verify your identity because of "unusual activity". This can come many ways, e.g. via a phone call, text message or email.
/3
Read 13 tweets
Profile picture
F-Secure
@FSecure
Introducing...

THE HUNT: A Cyber Attack in the Process Industry

#cybersecurity #thehunt

blog.f-secure.com/cyber-security…
In manufacturing...

• 86% of cyber attacks are targeted

• 66% feature hacking

• Only 34% involve malware
In manufacturing, almost half – 47 percent – of breaches involve the theft of intellectual property to gain competitive advantage.

#cybersecurity #thehunt
Read 89 tweets
Profile picture
Sean Brooks
@seanwbrooks
Over the last year @CLTCBerkeley has looked at the range of cyberattacks targeting civil society organizations and the existing ecosystem of support those orgs receive to counter these attacks. We’ve published our report today: cltc.berkeley.edu/defendingpvos/ /1
We focused our report on “politically vulnerable organizations” – in other words, orgs whose work makes them the focus of targeted cyberattacks as a means to achieve political ends (as opposed to criminal or mischief) /2
Previous research shows us that nonprofits in general suffer from poor cybersecurity posture. This is hardly a surprise – any type of IT investment is expensive, and only 1 in 11 IT professionals have any background in security. /3
Read 18 tweets
Profile picture
WaterBluSky
@MsMariaT
"One of Finkelstein’s fav campaign strategies was one that he and his allies used over the yrs. It involved planting a 3rd party candidate in campaigns in order to attack the more serious opponent..." 🔥THIS IS THE SH*T RIGHT HERE. STEIN, JOHNSON, others 👏🏽👏🏽THIS HAPPENED 👀
Read 15 tweets

Trending hashtags

#tail #CIO #PISSEDOFF #Love #shopkeepers #absurd #Image #computerscience #self_employed #lying #PASCOSHRIFF #StandUp #LIVE #FARA #EraseTheHate #SMEARS #advice #trans #IPreExist #request #Award #autonomy #Americans #Transforms #ASS
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!