Share this page!

Robᵉʳᵗ Graham😷, provocateur Profile picture
Twitter logo
27 Jun, 9 tweets, 2 min read
Victim blaming is to become the basis for cyber policy in Washington. It's easier to punish the victims inside our country than going after the bad actors in other countries.
voanews.com/silicon-valley…
Most people believe that cyber victims are guilty of some moral weakness: ignorance, sloth, greed, lust, etc. Thus, whenever cyberattacks happen, they blame the victim for being weak.
That's why you see phrases like "basic cyber hygiene". That's not a thing. There's no standard anywhere that defines this. Ask 10 experts what those steps are and you'll get 12 different answers.
Instead, saying "you must adopt cyber hygiene" is claiming that you don't have hygiene now, that you are cyber slovenly -- in other words, a moral weakness.
What we don't have is any expertise on how ransomware happens, such how most use mimikatz to spread inside the network, which can be fixed by changing how Windows domain trust works.
Such technical discussion is completely unwelcome in discussions of "what should we do about ransomware?" Instead, such discussions are non-technical, of the form "they just need to take cybersecurity more seriously".
Ransomware happens become mainstream organizations just want to do things the same way as their peers. They want a blueprint to follow "Here's how organizations like yours stop these big ransomware attacks".
Microsoft has some great documents to read that can get you started:
microsoft.com/security/blog/…
docs.microsoft.com/en-us/security…
"Securing privileged access" is what you need to be doing. Other things help, like MFA and network segmentation, but securing how Windows domain privileges work is the #1 thing your org needs to be looking at.
docs.microsoft.com/en-us/security…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham😷, provocateur

Robᵉʳᵗ Graham😷, provocateur Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robᵉʳᵗ Graham😷, provocateur Profile picture
25 Jun
So I looked in this.
Committing crimes like arson won't get your license suspended.
It's ethics violations like lying to the court that gets your license revoked.
The court cited numerous clearly false statements by Giuliani claiming election fraud.
Giuliani's defense is that he didn't know all those election fraud statements were lies. The court doesn't believe him. The breadth of his lies was so huge it wasn't difficult for the court to document them.
cnn.com/2021/06/24/pol…
Note that these aren't things that people still disagree about, that some believe are true.

These are statements which the court proves are untrue, which even Giuliani admits were not true.
Read 4 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
25 Jun
Companies should support BYOB allowing employees to use personal devices, especially phones and laptops, for work. Only REALLY sensitive things need to be segregated, like admins who can destroy the company with ransomware.
In other words, even from a cybersecurity perspective, companies need to be tolerant of the fact that they cannot control employee devices.
I say this first before pointing out that employees need to keep work and private life separate. It's not for the company's sake, it's for your own sake. Your should have a separate email account (like Gmail.com or Outlook.com) for private stuff.
Read 10 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
25 Jun
#1 McAfee was never the face of cybersecurity
#2 he struggled with addictions long before he created his anti-virus program
McAfee disappeared from the hacking/infosec scene in 1994 when he was pushed out of his own company after it went public.

It reappeared in 2013 after he was pushed out of Belize because of a murder investigation. Every serious person knew not to take him seriously.
It's hard for me to call him a "charlatan" because nobody serious took him seriously. He was instead very fun and entertaining.
Read 8 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
24 Jun
Q: What is a TPM?

Microsoft announced Windows 11 will requirement one, so what is it, and why do you need it?
A: A type of cryptographic vault. It stores (and validates) cryptographic keys on an impenetrable* chip. Even if somebody steals your device, they can't recover the keys.
It's roughly the same thing as the chip on your credit card, Historically, credit cards simply used a long number that could be read from the front of the card, or read from the magnetic strip on the back....
Read 20 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
23 Jun
Analogies comparing "economics" and "cybersecurity" usually understand neither.

That's demonstrated in the item below using economics concept "market for lemons".
The report this article refers to is below, as is the Wikipedia article on economics principle.
debatesecurity.com/downloads/Cybe…
en.wikipedia.org/wiki/The_Marke…
"Information asymmetry", the fact the sellers know more than buyers, but it's an issue for ALL buyers/sellers.

The "market for lemons" describes one case of this overall issue, with specific criteria. Image
Read 11 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
16 Jun
It's amazing how clueless people are. In this case, the person is clueless about both Section 230 and Libertarians. Section 230 doesn't say what this person thinks, and there's no way Libertarians support the "speech" policies this person wants.
Everybody suggesting a change to Section 230 doesn't understand Section 230. It's weird how common this is. It's because they don't care what it currently says -- only what it might make it say in the future.
And the thing they want it to say in the future is something something suppress speech they don't like and something something promote speech they do like.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ErrataRob has new unrolls!

Check out other threads from @ErrataRob!

Read all threads by @ErrataRob

:(