Profile picture
, 4 tweets, 1 min read
My Authors
Read all threads
So this is no doubt going to be fun. However, let's be realistic about risk:
1. Core SMB sits in kernel space and KASLR is great at mitigating exploitation.
2. Asssuming this is kernel space, any unsuccessful exploitation results in BSOD. 1/
zdnet.com/article/detail…
3. Nobody has working PoC trigger code yet that I'm aware of, though the description tells us where to look for the vuln.
4. Many orgs bit by WannaCry and NotPetya have looked at how they segment networks and how they treat SMB in general (though many have not). 2/
5. Even with trigger code, you still have to remotely bypass KASLR (not an easy task). If you need proof, look at BUCKEYE. They had the EternalBlue trigger, but had to chain it with another information disclosure vulnerability to gain code execution. This isn't easy. 3/
The TL;DR here is that this IS serious, but it isn't WannaCry 2.0. Fewer systems are impacted and there's no readily available exploit code. I'm not thrilled about another SMB vuln, but we all knew this would come (and this won't be the last). Hysteria is unwarranted though. /FIN
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Jake Williams

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @MalwareJake see all

Profile picture
Jake Williams
@MalwareJake
Can we stop pretending that taking/sharing pictures when you're in a public place is some sort of huge OPSEC issue? A few notes:
1. You're in a public place
2. The people most worried about this are usually the least interesting
3. You're already on CCTV, which may be shared
1/
If you're worried about risks of facial recognition, watch the @shmoocon talk from @LawyerLiz and @SuchiPahi on facial recognition policy. I don't think the cameras are going away at this point. That ship has sailed, can't close Pandora's box, etc. 2/
But debates about the policy on what big companies and government agencies can and can't do with facial recognition technology is still very much happening. You can (and should) get involved, even if that's just contacting your elected representatives and helping to educate 3/
Read 5 tweets
Profile picture
Jake Williams
@MalwareJake
If you're thinking of pitching me a product to endorse be ready to answer the following:
1. Does it solve a problem? If no, abort.
2. Did you review the academic (yes, academic) literature around the problem space? You may be "solving" something that's been solved. 1/
3. What is your monetization model? I'm not an idiot and I'm reasonably competent at business. You have to make money. How will you? Have an answer or I'll assume you're planning something Facebook'ey (e.g. underhanded).
4. Why me? Why am I the person you're coming to? 2/
5. How would the product/service benefit my followers? That's who I'm marketing to, so I don't really care how it helps someone else.
6. What's your user base? Who else is currently endorsing it? Who else have you asked? 3/
Read 6 tweets
Profile picture
Jake Williams
@MalwareJake
While we're in agreement that bad actors should be exiled from the infosec community, let me be vocal about something we DO NOT NEED: a database of bad actors and their alleged transgressions.

If you understand legal and privacy issues, you know why this is such dumb idea. 1/
Who will build this database?
Supply infrastructure for it?
Maintain it?
Secure it?
Address the obvious legal issues that will come from those seeking to be removed from it?

These are serious questions and can't be answered with "we'll figure that out." Because we won't. 2/
Another central issue with this is "what behavior justifies inclusion?" We can all pick out a few people who obviously belong, but as soon as you back away from the extreme cases, "should this person be on the list" often gets murky. 3/
Read 4 tweets

Related threads

Profile picture
Constantin Gurdgiev
@GTCost
We are in a New Age of #risk. Bear with me, folks. We have lived through an unprecedented decade of #monetary experimentation on a scale unknown in modern times and, certainly, never seen since the end of the #gold standard. Cash - traditionally a cornerstone of risk management +
+ Is now generating zero-to-negative returns. The only way to hold it is to make a bet on a massive decline in risky assets valuations going forward. As uncertainty (and risk) of negative and more deeply-negative yields on deposits rises (and it is rising), we've converted cash +
+ into a risky asset, making cash holdings speculative, rather than purely defensive. Next up: gold. This still holds value as a purely defensive play, but risks are rising here too. First, risk of sell-off in a general markets correction (when investors dump all assets they can+
Read 12 tweets
Profile picture
Kate
@KateDAdamo
Good morning! Will be tweeting as long as I can last at the #DecrimDC hearing! It’s gonna be a long day and if you want to join in spirit & watch the livestream, link here! #sexwork #rightsnotrescue #housingnothandcuffs video.oct.dc.gov/412/jw.html
No matter what happens, today is HISTORIC and the work of @DecrimNowDC made this happen. @HIPSDC @NJNP_DC @SafeSpacesDC and many other groups are immeasurable. It’s truly a win. This moment is a win.
@councilofdc opens w @charlesallen setting an ask for respect and the necessity of this debate. @JackEvansWard2 gives some history on the issue in DC & approaches to prostitution - all rely on policing, inc “creative solutions” which were considered unconstitutionally harsh
Read 230 tweets
Profile picture
Business Insider India🇮🇳
@BiIndia
#Space | There was a big spark — 75 times brighter than usual — from the black hole at the heart of the Milky Way

businessinsider.in/milky-ways-sup… - @pabsgill
@pabsgill Our solar system, the Milky Way, has a supermassive black hole at the heart of it and it just shined brighter than ever before.
But this week, astronomers from saw the black hole glow 75 times brighter than it usually does in infrared before reverting back to its usual levels.
Read 8 tweets
Profile picture
KRS | கரச
@kryes
ஏன்.. இது போன்ற தருணங்களில்,
*பெண்ணின் இதழ்கள் மட்டும் விரிந்து திறந்து கொள்கின்றன?
*ஆணின் இதழ்கள் சற்று மூடியே கொள்கின்றன? #Doubt:))
சரி.. நம்மூரு பசங்க= சொங்கி..
என்று அசலூருக்குப் போய்ப் பார்த்தாலும்,
அங்கேயும் இதே கதை, இதே கதி தான்!🤣

முத்தம் எ. கலைக்கு..
முதலில் தருவதை விடுங்கள்..
முதலில் "ஆயத்தம்" ஆவது= பெண்ணா? ஆணா? #Doubt
இதுல என்னமோ Biology இருக்கு டோய்!

ஆண்-பெண் முத்தம் தான் அப்படி இன்று பார்த்தால்..
ஆண்-ஆண்/ பெண்-பெண் முத்தங்களும் அவ்வண்ணமே உள்ளன!🤣

*ஆண்= குவிப்பு
*பெண்= விரிப்பு
இது என்ன உளவியல்? அறிஞர்கள் தரவுடன் உரைத்தால் நலம்! நன்றி!
Read 8 tweets
Profile picture
KRS | கரச
@kryes
ஓர் ஐயம்!

அறிந்தவர்கள்/ பொறுப்பில் உள்ளோர் தெளிவிக்க!

கலைஞர் நினைவிடம் மட்டும் ஏன் கடலைப் பார்த்தவாறு இருக்கிறது?
படமும் எதிர் புறத்தில் தான் அமைத்துள்ளார்கள்! ஏன்?

அறிஞர் அண்ணா உள்ளிட்ட பலர் நினைவிடங்களும் நிலம் பார்க்க..
கலைஞர் நினைவிடம் மட்டும் கடல் பார்க்கக் காரணம் என்ன?
மீண்டும் விளக்குகிறேன்!

கலைஞர் நினைவிடம் என்றது
'கல்லறை'யின் திசையை!
'படத்தின்' திசையை அல்ல!

படம் தெற்கு பார்த்தவாறு!
ஆனால் கல்லறை (உடல்) எத்திசை பார்த்தவாறு? #Doubt

ஏனிக் கேள்வியென்றால்,
அறிஞர் அண்ணாவின் கல்லறை (உடல்) தெற்கு பார்த்தவாறே கிடத்தப்பட்டது! கலைஞருக்கு மாற்றம் ஏன்?
அறிஞர் அண்ணாவின் உடல்,
தென்புலம் நோக்கிக் கிடத்தப்பட்டது! குறள்மொழியாக!

'தென்புலத்தார்', தெய்வம், விருந்து, ஒக்கல், தான் - என்றாங்கு
ஐம்புலத்து ஆறோம்பல் தலை!

"தென்புலம்" என்பது தமிழ் மரபில், மிக நுணுக்கமான பொருள்! இயற்கைப் பொருள்! அறிவீர்களா?
Read 4 tweets
Profile picture
Shadeed Q. Eleazer
@mrshadeed
Why do your friends hesitate to support your ideas and your business?

These are details you need to understand about friendship that will save you time and heartbreak on your path as a Creator.

Based on a true story.

(Thread) #SMB
👇🏾👇🏾👇🏾👇🏾👇🏾👇🏾👇🏾👇🏾👇🏾👇🏾
Success in small business requires the conscious cooperation of other people to succeed. We naturally rely upon the direct support of our immediate peer group.

There are 3 types of friends.
Only 1 type has the capacity to support your evolution.
Let’s go deeper.
The first type of friends you develop are your Rite of Passage friends.
You meet during moments of transformation. During times of stress, the mind seeks familiarity & comfort.
Common interaction points:
Bootcamp, Freshmen year of college, high school athletics, church choir
Read 16 tweets

Trending hashtags

#PalaceLife #risk #exploitation #Space #mars #KOD #scipol #monetary #skills #numericalcalculation #sadbuttrueandyouknowit #nsfw #sugardaddy_AU #cdnsci #startup #fun #UPI #AveryBroderick #physics #sugar_daddyAU #Law140 #EverythingIsLove #ohfuckshiro #LGBTQ #BTC

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!