Share this page!

Robᵉʳᵗ Graham Profile picture
Twitter logo
11 Nov, 6 tweets, 2 min read
I used "sidejacking" for 10 years before I got tired of it, wrote a tool to make it obvious, and released it at BlackHat 2007.
"Sidejacking" was a variant of cookie hijacking, grabbing them by sniffing the network instead of by tricks within a webpage. Back then, websites would protect your login with SSL, but the rest of the session would not use SSL, and cookies would be sent in the clear.
It meant I could walk by any Starbucks with public WiFi and instantly access their Gmail, Yahoo Mail, or other webmail sessions. Or any active website connection, really.

Also, worked well with corporate WEP encrypted networks before WPA2.
Poor @dave_maynor got REALLY paranoid around me, knowing that I could access his Gmail at any time. The thing is that I wouldn't, and never did (without his permission and presence), but that didn't solve the paranoia.
Moments after getting email confirmation for Wayne Brady tickets, I mention to him that Wayne Brady is "a triple threat". It was actually @LawyerLiz who told me shortly before, but the timing with the email was so close it was hard to not think I was reading his email in realtime
Pfft. His email wasn't even worth reading anyway, full of Mandalorian slashfic.

This is the sort of joke I'd avoid making. Because what if his recent email exchanges were actually about the Mandalorian? Then I'd be in REAL trouble.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham

Robᵉʳᵗ Graham Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robᵉʳᵗ Graham Profile picture
11 Nov
1/ I fully support the idea that people should question authority. I don't like how when people have questions about covid vaccines, they are told to shut up and comply with authority rather than getting answers.

So I'm going to attempt to answer this question:
2/ Yes, yes, it doesn't look like a reasonable question (not even a ? question-mark). It looks like combative statements and snark from a conspiracy theorist who has all the answers. Maybe. But this is also what real questions look like. Questioning authority means debate.
3/ The statements it makes are false. The 'myocarditis' effect is rare, around 1 in a million. It's just that with millions of doses being given, exceedingly rare events become measurable.
Read 11 tweets
Robᵉʳᵗ Graham Profile picture
31 Oct
1/ I finally got around to debunking that Daniel Jones report on the AlfaBank-Trump affair mentioned by @briankrebs.

The most important debunking is Finding #5, as it clearly shows the nature of conspiracy-theory.
blog.erratasec.com/2021/10/debunk…
2/ The Wikipedia defines "conspiracy-theory" thusly. It's an unsatisfying definition because much of the time, there is no alternate explanation.

That's why I use the definition "when the lack of an alternate explanation is claimed as proof of the conspiracy".
3/ In this case, the NYTimes contacted AlfaBank on Sept 21, 2016, and two days later, the domain name (mail1.trump-email.com) disappeared.

This is too much of a coincidence to happen just by chance. As the Jones report describes it:
Read 15 tweets
Robᵉʳᵗ Graham Profile picture
31 Oct
1/ It's weird how much this Rachel Maddow episode repeats Mike Lindell almost verbatim. Both assure us that data showing a conspiracy has been validated by cyberexperts, and that no credible expert has refuted it.

I'm a credible expert, and I refute both.
2/ There is no "Trump server". The Trump org had no control over the domain, and barring some vast convoluted theory probably involving space aliens, no control over the "server" that the domain pointed to.
3/ The domain was created by Cendyn, a hotel marketing company. Among their marketing activities is sending bulk emails, which they outsource to a company called Listrak.
Read 17 tweets
Robᵉʳᵗ Graham Profile picture
29 Oct
This is "Cybersecurity Awareness Month". It's a good time to remind people that it's stupid.

The idea of "security" is inherently irrational and political. The following is a good example. There's never the political will to not be scared. The only question is "how scared".
It's like "active shooter" drills in school. All the evidence points to them being ineffective.

This won't stop schools from doing them, because security is important.
shrm.org/resourcesandto…
Same with armed security guards in school. There's no evidence they help. There's a lot of evidence they make other things worse, elevating normal disciplinary issues into law enforcement issues.
contemporarypediatrics.com/view/can-armed…
Read 5 tweets
Robᵉʳᵗ Graham Profile picture
29 Oct
1/ Yes, yes, most of the health misinformation really is crazy conspiracy nonsense spreading like memes on the Facebook.

But at the same time, Dr. Murthy is one of the jack-booted thugs angry at the fact that their authority is being challenged.
2/ Take vaccines and masks, the things that people get really angry about. The scientific data supporting the "safety" and "efficacy" of vaccines is really, REALLY good.

But the data for masks is shitty, REALLY shitty. And yet, we can't acknowledge this.
3/ There's good reason to believe that masks help reduce the spread. It may be only a little, but it may be the factor that reduces R₀ from 1.1 down to 0.9, meaning a small effect can have huge consequences.

So there's good reasons to support mask mandate policies.
Read 7 tweets
Robᵉʳᵗ Graham Profile picture
28 Oct
I'm confused. Which is she saying?
a) politicians should interfere with the independence of prosecutors
b) politicians should not interfere with the independence of prosecutors
In our system, prosecutors are independent. That's why it's so important when Trump coerced Ukraine politicians to prosecute Hunter Biden. It's also why it's so important Biden isn't involved in Jan 6 prosecutions.
politico.com/news/2021/10/1…
Politicians deciding who should (or should not) be prosecuted based on politics is a very bad thing.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ErrataRob has new unrolls!

Check out other threads from @ErrataRob!

Read all threads by @ErrataRob

:(