Prompted to read into the SolarWinds supply chain attack ... ok, a malware product that people installed on machine or in virtualised servers ... good to see some of the responses - geekwire.com/2020/microsoft… ...
... however, the Amazon keynotes on simplify and observability couldn't have come at a better time - siliconangle.com/2020/12/15/go-…
On that theme of operating - AWS fault injector system - chaos monkeys / the master of disaster for the masses - excellent move aws.amazon.com/fis/
X : It is espionage, not war.
Me : Yep. It's espionage but using the supply chain as the vector of attack ditto buffer overflow attack.
X : Senators need to stop calling it an "attack". Worse is the "act of war" rhetoric.
Me : Oh dear. people getting carried away again.
Me : You could argue that it's an attack on our digital sovereignty but that has two problems :-
1) that assumes that policy makers have a map of our digital sovereignty and know where the borders are - they don't.
2) that equates espionage to sabotage. Not the same thing.
... hmmm, "act of war" ... that would be a very unusual phrase. I must admit, it would raise enough red flags with me that I'd want to know why the person used that phrase.
I learn a new thing everyday. I should have used exploitation rather than attack. Thanks @TripKrant and @RidT -
X : Why SolarWinds?
Me : Why put an exploit there?
X : Yes.
Me : The best places to exploit are the tools that people trust and install freely in the network to manage some aspect of their network (i.e. wide permissions) combined with the ability to connect for updates ...
... so monitoring tools, network security tools, logging tools ... all of these sorts of systems are the ideal place to put an exploit. The absolute best to exploit? Probably anti-virus and anti-malware tools.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Simon Wardley

Simon Wardley Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @swardley

17 Dec
I had a fascinating conversation today examining poverty, collective behaviour and teenage pregnancy through the lens of maps. There is some wonderful work happening in Columbia. Awe inspiring.
But something I've noticed of late is a real change in intent with a new crop of companies ... a real focus on ethics, principles and doing collective good rather than just simply accruing wealth.
There is also a sense of an awakening, maybe people are finally realising that the idea that we can't afford basic services like a decent healthcare, decent education, decent social services doesn't really past muster when there are such symbols of profligate wealth.
Read 4 tweets
17 Dec
"£9B went to companies run by friends or associates of the Conservative party" ... in other words, the basic principles of challenge and spend control were thrown out of the window. This needs a full public inquiry ->
As one of the co-authors of the "better for less" paper, as an advocate for the introduction of spend control in 2010, having seen the hard work that went into savings billions ... I am truly disappointed.
In a crisis, it is important to challenge and not to panic. This is why you need systems like spend control, and G-Cloud rather than "special" processes especially not "VIP processes" - thetimes.co.uk/article/german… - it looks like we've opened the door to corruption and exploitation.
Read 22 tweets
16 Dec
A festive time of the year in Aus.

Tis the season to be jolly
Fa-la-la-la-la, la-la-la-la

CentreLink's witten and it wants your lolly
Fa-la-la-la-la, la-la-la-la

Robodebtors, Robodebtors ... whoops, we're not doing that. We've outsourced it!

Hello?
Caller are you still there?
Looks like this is setup to repeat the shambles of last time - abc.net.au/news/2020-12-0…
I do believe that new Aus MPs should have the words "I dedicate my life to serving the public especially those with the greatest needs" tattooed permanently across their chests in inch high letters ... actually, all MPs, everywhere. Just to remind them when they look in a mirror.
Read 4 tweets
15 Dec
Contextual blindness - the tendency for members of the privileged to think that something other than luck was responsible for their position and privilege ->
X : Why random?
Me : Take 66M people. Give them each £1. Each year they toss a coin. Heads your wealth increases 40%. Tails your wealth reduces 30%. Overall, wealth grows ... but ... after 26 years, by pure random luck, 4% of the people will own almost 50% of the wealth ...
... the top 0.1% will own more wealth than the bottom 50% ... it's just pure random luck, tossing coins. You'd have mass inequality. The wealthiest will have 7,000x the wealth of the average. No talent involved.
Read 14 tweets
14 Dec
X : Have you ever built a guild on World of Warcraft?
Me : Long ago. It was substantial but not in the league of the largest guilds which are 900+ ... never made it that far. However, you can build much larger guilds on EVE online. It's good management training, I'd recommend it.
If you want executive training in this space then Fernado Flores is where to look - pluralisticnetworks.com/?q=home
X : You mean a corp on EVE online.
Me : I know. It's the same thing.
Read 12 tweets
13 Dec
I've just received the email. I've donated money to Labour but never to buy privilege. Early bird access to events? Bi-annual meetings with senior Labour figures for "Gold" members? Exclusive "Gold" member receptions ... this is supposed to be a party for all. Is this a joke? ->
I don't mind donating to the war chest but I've certainly got a huge problem with a party that wants to sell privileges. This is a question of values and behaviours. I can't easily square this, an ethics of choice i.e. the transaction?
So, it now becomes a question of whether on balance does it do more benefit to remain a member or not. On one side, I want to support my local CLP and help them as much as possible. They try, ever so hard, to support the local community ...
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!