Share this page!

Maybe Scrolly?
Robᵉʳᵗ Graham😷, provocateur Profile picture
Twitter logo
18 May, 12 tweets, 3 min read
If you believe credentials like "CISSP" are "impressive" then you aren't qualified to write op-eds about cybersecurity. Image
There's no such thing as "best practices". Pick any 10 "credentialed" cybersecurity expert for their list of Top 10 Best Practices, and you'll get 13 lists with very little overlap. Image
If it works for the medical industry with doctors (I'm sure they are fired when their patients die, right?) then it ought to work for cybersecurity. Image
The thing about words like "holistic" is that they allow anybody, no matter how ignorant of the subject matter, to sound intelligent.

"We can easily solve this Israel-Palestine conflict if only we tool a holistic approach to the problem". Image
Uh, the things ransomware exploits are the practices that were in place before ransomware. It wasn't new cybersecurity practices that enabled ransomware, but ransomware using new technique to monetize traditional hacking techniques.

We need new practices to combat ransomware. Image
Lol, what?

That's already what's causing ransomware -- far too many people have administrative control over things, allowing ransomware to quickly spread to the entire network. Developers have long been a problem in this regard. Image
Cybersecurity will only undergo a renaissance if everybody stops doing what they are doing now and listen to my vague platitudes. Image
So here's what we need: fewer platitudes and generalities and more specifics.

For example: separate administrative access to the backup server so that when hackers gain domain admin they can't erase backups.
I'm pretty sure 75% of my specific recommendations are wrong, either because they fail to adequately protect against the problem are because they are unworkable in practice.

But our discussion needs to be centered in specifics.
I've analyzed a bunch of ransomware attacks, but my view is far from comprehensive.

Yet in all that I've looked at, the hackers got domain admin and then access to anything that was a live backup (e.g. shadow copies).
What I mean to say is, I'm not calling the author an idiot because his advice is bad. Most of my advice will also be bad.

Instead, I'm calling his advice pointless. Words like 'holistic' are platitudes with no specific meaning to see if you've achieved them or not.
This tweet has an even better rebuttal:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham😷, provocateur

Robᵉʳᵗ Graham😷, provocateur Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robᵉʳᵗ Graham😷, provocateur Profile picture
19 May
What's the difference between a "routable" and "non-routable" protocol?

Correct answers only.

I mention this because googling the question gives handwaving by people who don't understand the answer. Image
Routers forward packets based on the address PREFIX (average around 20-bits of a 32-bit IPv4 address).

Ethernet bridges forward packets based on the entire 48-bit MAC address.

Thus, routing tables can handle 4-billion IPv4 devices with 1-million routing table entries.
As far as Ethernet switches/bridges are concerned, a MAC address is a random 47-bit number. Sure, it has a prefix assigned to the vendor, but it doesn't correspond to the location on the network, so is random as far as they are concerned.
Read 9 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
19 May
I have Soviet and East German friends. In every much we had totally valid lessons from Nazism about the Trump administration, so we have totally valid lessons from the Soviet era and the current administration. Not so much Biden himself, but the movement he's the head of.
No, we weren't headed toward Nazism under Trump, nor are we headed toward Marxist-Leninism today. But at the same time, we are adopting the evils.

I assume the above was subtweeting the recent UK proposal, which attempts to regulate what good speech is vs. harmful speech.
This UK law is similar to the "Section 230" fights in the US, where each side is trying to get big tech platforms like Facebook and Google to simultaneously defend their side's speech and crack down on the opposing side's speech.
Read 4 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
12 May
1/n It's a bludgeon instead of a scalpel. It drives up the cost of "compliance" with generalities. It assumes people aren't "taking security seriously" so bullies or bribes them into doing so.
whitehouse.gov/briefing-room/…
2/n Thus, it appears that instead of "addressing threats", the federal government is going to spend the next two years "addressing compliance".
3/ For all the vendors saying "buy my EDR" or "buy my ZeroTrust", your lobbying of the government has successful -- expect big orders soon.
Read 11 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
11 May
One of the problems with "indicators of compromise" is that the list of clearly "bad" things also includes a list of "good" things that hackers happened to also use.
It's like that time they claimed the Vermont power grid was hacked because the government listed Yahoo.com servers, because the hackers sent things via Yahoo. When a worker opened Yahoo mail in the mornin, alarms went off.
It's not invalid listing "good" things that hackers used, when reviewing logs it'll help show context of what happened. It's just that they need a separate label, that it's not actually an indication you've been compromised.
Read 4 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
10 May
CEOs: your main exposure to ransomware comes from the ease of spreading within an organization, getting "domain admin". Just hire a pentester, give them an account on a typical employee desktop, and ask them to get domain admin.
"DarkSide" is simply a bunch of standard pentesters. They are doing the same sorts of things like running mimikatz. They'll find simple errors. Hire pentesters, give them a standard employee desktop, watch how they spread and get admin credentials.
I hate simple proscriptions like "just use multifactor authentication". Your problems might be different. For example, maybe your problem is that you've got the same local admin credentials in the image for all your desktop builds.
Read 6 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
10 May
This kind of nonsense is why we have NFTs. Stupid old reporters steeped in decades of DeBeers advertising falsely believe "natural" diamonds are better. They aren't -- they are worse than high quality manufactured diamonds in every way.
If people had any brains they'd pay more for manufactured diamonds, the quality is much better. And I'm not even talking about the environmental degradation, slave labor, and 'conflict' that comes from mining 'natural' diamonds.
I mean, I appreciate the certificate that comes with my "natural" diamond documenting the tons of earth that was strip mined (average 250 tonnes per carat), the lives lost, the limbs amputated, and so on. This certainly evokes emotions in me -- though maybe not the right ones.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ErrataRob has new unrolls!

Check out other threads from @ErrataRob!

Read all threads by @ErrataRob

:(