If you believe credentials like "CISSP" are "impressive" then you aren't qualified to write op-eds about cybersecurity.
There's no such thing as "best practices". Pick any 10 "credentialed" cybersecurity expert for their list of Top 10 Best Practices, and you'll get 13 lists with very little overlap.
If it works for the medical industry with doctors (I'm sure they are fired when their patients die, right?) then it ought to work for cybersecurity.
The thing about words like "holistic" is that they allow anybody, no matter how ignorant of the subject matter, to sound intelligent.
"We can easily solve this Israel-Palestine conflict if only we tool a holistic approach to the problem".
Uh, the things ransomware exploits are the practices that were in place before ransomware. It wasn't new cybersecurity practices that enabled ransomware, but ransomware using new technique to monetize traditional hacking techniques.
We need new practices to combat ransomware.
Lol, what?
That's already what's causing ransomware -- far too many people have administrative control over things, allowing ransomware to quickly spread to the entire network. Developers have long been a problem in this regard.
Cybersecurity will only undergo a renaissance if everybody stops doing what they are doing now and listen to my vague platitudes.
So here's what we need: fewer platitudes and generalities and more specifics.
For example: separate administrative access to the backup server so that when hackers gain domain admin they can't erase backups.
I'm pretty sure 75% of my specific recommendations are wrong, either because they fail to adequately protect against the problem are because they are unworkable in practice.
But our discussion needs to be centered in specifics.
I've analyzed a bunch of ransomware attacks, but my view is far from comprehensive.
Yet in all that I've looked at, the hackers got domain admin and then access to anything that was a live backup (e.g. shadow copies).
What I mean to say is, I'm not calling the author an idiot because his advice is bad. Most of my advice will also be bad.
Instead, I'm calling his advice pointless. Words like 'holistic' are platitudes with no specific meaning to see if you've achieved them or not.
🧵So let's talk about the difficulties Netflix is having streaming the Tyson v Paul fight, how the stream gets from there to your TV/computer. This will a longish thread.
In 1985 on his first fight, TV technology was based upon "broadcasts". That meant sending one copy of a video stream to thousands, often millions of receivers. A city would send the signal to a radio tower and broadcast that signal across a wide area.
In today's Internet, though, everybody gets their own stream. There is no broadcasting, no sharing of streams. Every viewer gets their own custom stream from a Netflix server. That we can get so many point-to-point stream across the Internet is mind boggling.
By the way, the energy density of C4 is 6.7 megajoules/kilogram.
The energy density of lithium-ion batteries is about 0.5 megajoules/kilogram.
C4 will "detonate" with a bang.
Lithium-ion batteries will go "woosh" with a fireball, if you can get them to explode. They conflagrate rather than detonate. They don't even deflagrate like gun powder.
To get a lithium-ion battery to explode (in a fireball) at all, you have to cause physical damage, overcharge it, or heat it up.
Causing heat is the only way a hacker could remotely cause such an event.
I don't want to get into it, but I don't think Travis is quite right. I mean, the original 25million view tweet is full of fail and you should always assume Tavis is right ....
...but I'm seeing things a little differently.
🧵1/n
I'm a professional, so I can take the risk of disagreeing with Tavis. But this is just too dangerous for non-professionals, you'll crash and burn. Even I am not likely to get out of this without some scrapes.
3/n To be fair, we are all being lazy here. We haven't put the work in to fully reverse engineer this thing. We are just sifting the tea leaves. We aren't looking further than just these few lines of code.
The reason IT support people are so bitter is that YOU (I mean YOU) cannot rationally describe the problem:
You: The Internet is down
IT: How do you know the Internet is down?
You: I can't get email.
IT: Is it possible that the email servers are down and the Internet is working just fine? Can you visit Twitter on your browser?
You: Yes, I can visit the twitter website.
IT: Is there any reason other than email to believe the Internet is down?
You: The last time I couldn't get email it was because the Internet was down.
The fact that IT doesn't call you a blithering idiot on every support call demonstrates saintly restraint, even if a little bit of their frustration leaks through.
A lot of good replies to my tweet, but so far this is the best:
Trump is pure evil, the brutality of his answers appeals to ignorant brutes who reject all civilized norms.
But the yang to Trump's yin is a liberal elite like Rosen whose comfortable with the civilized norm of lying politicians who play this game of deceitful debates.
To be fair, Biden (and Obama and Bush before him) have stood up for important democratic principles, the ones that Trump flatly reject. But still, the system has gotten crusty. There's no reason to take presidential debates seriously as Rosen does.
It's the same as all Ben Cotton's analysis's, looking for things he doesn't understand and insisting these are evidence of something bad, that the only explanation is his conspiracy-theory.
I can't explain the anomalies he finds, either, but in my experience as a forensics expert, I know that just because I can't explain it doesn't mean there isn't a simple explanation.
For example, he points to log messages about mismatched versions. I know from experience that such messages are very common, I even see them in software that I write. It's the norm that when you build something from a lot of different software components, that they will not be perfectly synchronized.
That he would make such claims based solely on log messages of mismatched versions proves that he's really not competent -- or at least, very partisan willing to be misrepresent things.
In particular, I disagree with his description of these files. In the C#/.NET environments, creationg of new executables is common. In particular, these are represent web server files. It's quite plausible that as the user reconfigures the website, that these executables will be recreated.
I don't know for certain. I'd have to look at Dominion in more detail. I just know that if any new C#/.NET executables appear in the system that they are not automatically new software.
The certification process looks haphazard and sloppy to me, so it's easy for me to believe that uncertified machines were used in elections.
But nothing in Ben Cotton's report suggests to me that this happened. He's not looking for an explanation for the anomalies he finds, he already has an explanation, and is looking for things that the ignorant will believe is proof of that explanation.