Along with many others in infosec, I've always cautioned against any of the voice activated smart gadgets, largely thinking there's only marginal benefit for the risks of an always-on microphone.

Recovering from surgery with only one usable arm has completely changed my views.1/
Using voice control, which has required turning on the mics on my phone and home mini, has made my quality of life substantially better and even prevented physical pain. 2/
2 days post-op I was staying at family's house & had gone for a nap. I woke up & was completely tangled in the velcro straps from the sling and ice pack. Hair & a pillowcase were involved in the velcro nightmare too. 3/
I couldn't reach to undo it and any time I tried it was like a sharp knife through my shoulder. I was stuck. So completely and totally stuck. I tried for my phone, but couldn't reach it. I yelled, but everyone was outside. 4/
I'm thankful I had the random thought the day before to turn on assistant because I told Google to send a text message and a min later my wonderful cousin was there laughing at my predicament. (It is quite impressive how stuck I managed to get 😂) And she freed me. 5/
Once I came back to my own place, I realized just how many "normal" things were SO difficult. Because of the orientation of bed & lamp, I had to climb out of bed to turn it off or on since I couldn't reach on that side. A "smart" lightbulb easily solved that. 6/
These "smart" gadgets & voice control features are not just novelties. They can make life substantially better & accessible. But where our industry is today, if you use these features, then you're also opening up to not insignificant risk. But what if that wasn't the case? 7/
It could make things so much better for so many people if we all knew that nothing the mics heard was sent off the device or stored & we were confident in the security/privacy. I hope we don't give up that this is possible & we keep working towards it because people need it. 8/
Ok. These are my very rambling thoughts on my experience with "smart" gadgets after being pretty anti for many years. I completely changed my mind and see a different side to the necessity of this technology. fin.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Maddie Stone

Maddie Stone Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @maddiestone

31 Oct
Can't believe I'm voluntarily wading into this, but here we go.

When you share those full details, that's when I drop everything & get to work (and I usually pull in my teammates too 💁🏽‍♀️). It's not just another cool vuln, it's something being used to harm. 1/6
As an example, here's how I approach it as soon as the details are out:
-understand the root cause & exploit method
-think of potential detection methods & talk to the folks who can implement them if it's not us 2/6
-find variants that the attackers either already have (and may even be using) or could easily switch to and try to get them fixed at the same time as the original bug
-brainstorm fixes, mitigations, system improvements & share them 3/6
Read 6 tweets
23 Oct
Today is the day we've been waiting for! Follow this thread as I highlight @DondiWest as part of the #ShareTheMicInCyber campaign. I am proud to give this talented #cybersecurity practitioner the spotlight. #BlackNatSec #BlackTechTwitter #Share the Mic in Cyber graphic. Says "#ShareTheMicInCy
@DondiWest is a #Cybersecurity Attorney @Microsoft where he tracks global cybersecurity laws and regulations in order to identify and mitigate legal risk stemming from compliance obligations. #sharethemicincyber Connect with Dondi on LinkedIn linkedin.com/in/dondi
Dondi is a proud #HBCU graduate & attended @aamuedu, earning a B.S. in Math w a focus in Applied Stats, & as an ugrad student, published research in regression analysis & number theory. As a student, Dondi went everywhere w his TI-82 graphing calculator, which he still has.
Read 27 tweets
27 Aug
I’m really fucking tired. On average, about every week I receive some message about how I’m “unskilled”, “P0’s biggest mistake”, “not technical”. And about every other month one of these messages is posted very publicly or emailed to my managers. 1/7
This is nothing new since I first was an intern. It’s damn clear that the comments are bullshit. That the people taking the time to send me these msgs or create the anonymous accounts are telling a lot more about themselves than about me. But it’s still exhausting. 2/7
If you’re getting these messages too, it’s not about you. I’ve quite literally done everything these folks asked: I’ve done novel research at every level between a die on a CPU and applications. I have the CVEs. Large volumes of my work are publicly available...and yet. 3/7
Read 7 tweets
21 Feb
Lately, I've been watching talks from pre-2010. There's so much important infosec work/history out there, but you need to know what to look for.

What are some of your favorite talks, blogs, events, etc from 2012 or before that you'd recommend to those newer to the industry?
For my "learning Windows" adventure, these have been awesome
* Analyzing local privilege escalations in win32k - @mxatone (2008)
* Kernel exploitation – r0 to r3 transitions via KeUserModeCallback -@j00ru (2010)
* Kernel Attacks through User-Mode Callbacks - @kernelpool (BH 2011)
@mxatone @j00ru @kernelpool I also highly suggest "Professional Source Code Auditing" from BH 2002 by @mdowd @neelmehta @halvarflake Chris Spencer and Nishad Herath

Read 5 tweets
9 Nov 19
I had a conversation today w a man who manages a security team. For me, tbqh this convo was pretty upsetting, but I do think he was coming from a sincere place so hopefully this helps someone else who is also coming from a good place, but is just getting it wrong. THREAD.
The man was chatting about hiring. He said his team is only men, but he gets other women he knows in the industry to come to recruiting events w him because women are much more interested when they see another women there & don’t tend to come up to his booth when it’s just him.
I said, yes, of course. When we see another woman or someone like us on the team, it at least means we won’t be alone. I told him I thought it was false advertising to use other women in this way in order to recruit.
Read 9 tweets
14 Feb 19
I get asked all the time how to get started in binary RE. There are tons of great resources out there, so #1 is just get started with something, anything! But if you're open to suggestions for building a strong, general reverse engineering foundation, here are my suggestions:
1. If you've never taken a computer architecture course or need a refresher: NAND2Tetris. It's free! coursera.org/learn/build-a-… Seriously. It will give you a great understanding of the relationship between Software, Hardware, and the assembly we RE, and it's fun!
2. Learn C. Anyway that sounds good to you is the right way. Why? Pointers & memory are hard. It's even harder to learn them in ASM. Play with C & understand bit operations & how arrays work so they'll be known patterns when you look at them in asm.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!