Yea, John Oliver is pretty funny, but you really shouldn't pay attention to his advice on ransomware or anything. It's not based on technical authority but moral authority, that we should "take it seriously" and do annoying things that have little effect.
Here's a simple test you can use to assess whether somebody is giving good cybersecurity advice: do they say "don't click on suspicious emails/attachments"? If they say that, don't listen to them, they are useless.
That's the favorite advice of the "moral authority" crusaders, because yes indeed many attacks come from people clicking on things via emails.
But that's like saying since bank robbers come in through the front door with guns, that banks should simply lock their front doors and ban guns. It's silly advice that makes you feel happy that you "took bank security seriously".
If it's not nuanced and technical, it's probably useless advice.
For example, the most important thing companies need to do is tiered domain privileges so that desktop admins remotely connecting to infected desktops do not give hackers domain admin privileges.
For example, the most important thing companies need to do is tiered domain privileges so that desktop admins remotely connecting to infected desktops do not give hackers domain admin privileges.
The point of that last tweet isn't that you go off and immediately try to follow my advice (this takes more thinking than that).
The point is that what actually needs to be done is nuanced and technical.
The point is that what actually needs to be done is nuanced and technical.
I'm not saying you should click on suspicious emails. I'm just saying that if you are suspicious about an email, you are already probably going to avoid clicking on it, and that when you click on something, it's probably because you weren't suspicious of it.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
