Share this page!

Robᵉʳᵗ Graham😷, provocateur Profile picture
Twitter logo
12 May, 11 tweets, 2 min read
1/n It's a bludgeon instead of a scalpel. It drives up the cost of "compliance" with generalities. It assumes people aren't "taking security seriously" so bullies or bribes them into doing so.
whitehouse.gov/briefing-room/…
2/n Thus, it appears that instead of "addressing threats", the federal government is going to spend the next two years "addressing compliance".
3/ For all the vendors saying "buy my EDR" or "buy my ZeroTrust", your lobbying of the government has successful -- expect big orders soon.
4/ On the other hand, I may be misreading it. It's big on creating new rules for everything under the sun, but short on providing budget for departments to comply with them, or programs to enforce them.
5/ Sadly, I'm a government outsider. I see a nod to every suggested cybersecurity policy of the last several years (most of which I hate). But what this is really about is probably something completely different, such as a CISA power grab.
6/ I have no opinion whether centralizing more cybersecurity under the CISA (Cybersecurity and Infrastructure Security Agency) is good or bad. I'm sure departments throughout government are going to hate the encroachment on their turf.
7/ Thus, I see only what it says, an attempt to bludgeon everyone into "taking security seriously". What I don't see, as a non-government person, is the vast parts of the document that people will ignore, like they have in prior cybersecurity executive orders.
8/ I would defer to government people as to the actual meaningful parts of the document that won't be ignored.
9/ Let me take the IoT section. It's backwards looking based on Mirai, and not forward looking. Consumer IoT is protected by home firewalls -- the major security threat is the company providing cloud services to it, not the IoT device itself.
10/ What I don't read in the executive order is how to deal with incidents like that with Verkada -- a startup focused on securing IoT cameras so that Mirai couldn't happen again, but with laughable security in the cloud that pwned customers.
11/ This is similar to my comments everywhere: a superficial understanding of cybersecurity threats that are handled with a bludgeon rather than a scalpel.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham😷, provocateur

Robᵉʳᵗ Graham😷, provocateur Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robᵉʳᵗ Graham😷, provocateur Profile picture
11 May
One of the problems with "indicators of compromise" is that the list of clearly "bad" things also includes a list of "good" things that hackers happened to also use.
It's like that time they claimed the Vermont power grid was hacked because the government listed Yahoo.com servers, because the hackers sent things via Yahoo. When a worker opened Yahoo mail in the mornin, alarms went off.
It's not invalid listing "good" things that hackers used, when reviewing logs it'll help show context of what happened. It's just that they need a separate label, that it's not actually an indication you've been compromised.
Read 4 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
10 May
CEOs: your main exposure to ransomware comes from the ease of spreading within an organization, getting "domain admin". Just hire a pentester, give them an account on a typical employee desktop, and ask them to get domain admin.
"DarkSide" is simply a bunch of standard pentesters. They are doing the same sorts of things like running mimikatz. They'll find simple errors. Hire pentesters, give them a standard employee desktop, watch how they spread and get admin credentials.
I hate simple proscriptions like "just use multifactor authentication". Your problems might be different. For example, maybe your problem is that you've got the same local admin credentials in the image for all your desktop builds.
Read 6 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
10 May
This kind of nonsense is why we have NFTs. Stupid old reporters steeped in decades of DeBeers advertising falsely believe "natural" diamonds are better. They aren't -- they are worse than high quality manufactured diamonds in every way.
If people had any brains they'd pay more for manufactured diamonds, the quality is much better. And I'm not even talking about the environmental degradation, slave labor, and 'conflict' that comes from mining 'natural' diamonds.
I mean, I appreciate the certificate that comes with my "natural" diamond documenting the tons of earth that was strip mined (average 250 tonnes per carat), the lives lost, the limbs amputated, and so on. This certainly evokes emotions in me -- though maybe not the right ones.
Read 4 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
9 May
Back in 1990, this was legitimately stupid. It depends upon assumptions because the problem wasn't clearly specified, which I found out when I tried to write code to simulate it.
news.ycombinator.com/item?id=270922…
When Monty Hall opens a door, does the simulation code
1. pick one of the 3 doors at random?
2. pick one of the two remaining unchosen doors?
3. pick one of the two unchosen doors known to have a goat?
If the answer is #3, then yes, my simulation agreed with her answer: there's a 1/3rd chance the prize is behind the door you picked and a 2/3rd chance in the set of doors you didn't pick.
Read 4 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
8 May
I took a long walk around downtown Portland today to check out the post apocalyptic landscape. I don't want to just point the camera at boarded up buildings -- here you can see non-boarded-up businesses across the street from boarded up ones.
It's hard to say which is worse, the pandemic lockdowns or the constant riots breaking windows, but large parts are taking it hard.
Some of the boarded up buildings are proactive to prevent damage, others are boarded up because their windows got smashed, such as this Starbucks, with boards replacing broken windows, but other windows uncovered.
Read 12 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
8 May
They shutdown pipeline operations to stop the ransomware from spreading. Question: why is the network constructed that allows things to spread? I mention this because the most common question everyone else is going to ask is "How did it breach the perimeter?".
When we get more details, they are going to blame this ransomware on a perimeter breach, like phishing or an unpatched server exposed to the public Internet.
Instead, we need to look at why the internal network allows such things to spread, like Windows networking permissions or port isolation on Ethernet switches.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ErrataRob has new unrolls!

Check out other threads from @ErrataRob!

Read all threads by @ErrataRob

:(