As you start to hear more and more about steganography being involved in online attack scenarios, it's important to realize the role steganography is playing. Attempts to demonize or strike out at steg as a "bad thing" will be a mistake.
Information, data, or instructions hidden via steg is not itself executing malware or infecting computers. So, when you hear somebody railing against the evil jpg bmp gifs that are "spreading the viruses omg", remember to ignore them. They don't know what they are talking about.
When a piece of malware utilizes stuff that has been hidden within an innocuous other file via steganography, the problem is the execution of malicious code in the first place. When a wildfire starts, its bad to have a pile of logs nearby and a field of dry grass leading to it.
But you can't stop tree logs from being near each other all the time and you can't prevent all fields of dry grass from existing.
However, you can do you best to make sure there are gaps between the piles of logs and the dry grassy field. You can remove excess unnecessary debris.
You can also make it highly illegal to intentionally spark a fire in the wild. You can fine and prosecute the people responsible for flicking lit cigarettes into grassy fields and the companies who were obligated to clear excess debris before it caused a danger of catastrophe.
But you have to remember that if someone is hell bent on being an arsonist, there is very little you can do to stop them from starting a fire. Fires can be started a million different ways. The problem of arson is "what is motivating the arsonist?"
That should be the focus.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Chris Vickery

Chris Vickery Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @VickerySec

23 Feb
It's really dumb for infosec in general to continue suggesting that it matters whether or not a "sophisticated actor" was involved in a particular cyber security incident.
If there was a security event, then what the f**k does it matter if the "attacker" was sophisticated or not?
It's a bunch of stupid d*ck wagging, hubris, and liability protection for negligent "victim" organizations.
If there is a security compromise, breach, hack, etc... the primary reason you hear all about the attacker's level of "sophistication" is to provide cover for the company.
Because if you were targeted by the best, most advanced, most well funded and complex genius hacker group in the world, then it's just "not your fault". You were "beaten by the best" and "nobody could have avoided that". It was "no real fault of your own". That's why you hear it.
Read 4 tweets
23 Feb
btw, if Dominion or Smartmatic want to add another deep pocket defendant, I've got the key evidence to hook in the PoliticalMedia[.]com empire of websites.
Courtesy of the company's president, Larry Ward, messaging me directly in November, 2020 (see screenshots). ImageImage
While I'm not exactly a fan of voting machine vendors, I am more happy to see them devour the spewers of hatred and disinformation.
I'd certainly sign a declaration stating those screenshots show actual, true, real messages that Larry Ward sent to me.
I am sure Dominion and Smartmatic can then proceed to clean his, and his company's, clock(s) in the discovery phase of that impending litigation.
Read 5 tweets
23 Feb
(Replying as separate thread)

I've reviewed the discussion video you linked. @CharlieAngusNDP makes several very good points and it amazes me that RCMP seem to respond as if they have no jurisdiction where a company has chosen to straddle borders and operate in multiple nations.
I do have some tech insight to turn this situation around- Even if a site's "servers" are located in the US, there are almost certainly caching distribution servers located in Canada contracted by the company to quickly serve the most-commonly accessed content to Canadian users.
High definition online streaming video services, such as the one relevant to this situation, do everything they can to minimize things like "lag", "buffering", "loading", etc.
Read 6 tweets
22 Feb
My family tree, on the non-Vickery side, shows that I am a direct descendant of a man who was caught rustling horses in Oklahoma. He was given a choice of punishment between:
A) death by hanging; or
B) relocation to the Texas frontier.
He chose the latter of the two.
Explanation of the phrase "rustling horses" can be found here:…
I'd like to think my continued contributions to society stand as a marked example that even if one person in time does something reprehensible, their future offspring can more than make up for that past harm.
Read 4 tweets
22 Feb
The weapon can be summed up as “monkey see, monkey do”.

They studied the worst, most destructive, and toxic-over-time human personality traits. They identified and studied how people with those traits tend to reply and message online...
Then, they replicated it. They trained automated “bots” to surround influential target individuals who have been profiled as minimally malleable in personality. They hammered the toxic behaviors into those people over and over again everywhere...
And these seeds of ruinous terribleness took root. The successes were fertilized and amplified— rewarded for showing true sabotage of personality and treatment of others. All to be imitated by the audience funneled to view them.
Read 4 tweets
18 Feb
If someone is commenting about content on a US-based social media platform and they start mixing in something about Free Speech, The First Amendment, etc... they don't know what they are talking about and you should immediately brand them as an idiot in your mind.
The First Amendment to the US Constitution guaranteeing the right to freedom of speech does not apply to non-government-owned spaces. Twitter and Facebook are not bound by the First Amendment and are not required to recognize free speech of anyone. That's the bottom line.
However- If Twitter or Facebook engages in the quieting of certain content or amplification of some messages above others in a *deceptive* or *wrongful* way resulting in harm, or if they act in reprehensible ways without informing shareholders of plans to do monstrous things...
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!