Profile picture
Robᵉʳᵗ Graham 🤔 @ErrataRob
, 11 tweets, 2 min read Read on Twitter
1/ Other cities should heed what happened to Atlanta. Such problems are coming to many cities in the near future.
2/ They'll misinterpret what happens here. They frequently get individual desktops infected with ransomware, so they falsely believe they are on top of the situation. What happened in Atlanta is a wholly different attack, where ransomware spread to the servers.
3/ All the news stories are asking how the ransomware got inside their network. This is the wrong question, it doesn't matter. The question they should be asking is, once inside, how it spread. It spread because it got "admin" credentials.
4/ The SamSam ransomware is notorious for this. It aggressively looks for admin credentials on any system it effects and uses them to spread to other systems on the local network.
5/ Atlanta reports that 911, police, fire, and the local airport were unaffected by the attack. That's because systems were on different domains, firewalled, or used other operating systems (like Linux).
cnn.com/2018/03/27/us/…
6/ People think "Oh, the police had smarter IT staff, and that's why it wasn't infected". What really happened is there was a firewall blocking port 445, or simply they were on a different Windows domain, with different credentials.
7/ According to news reports, the city has been working with Microsoft, Cisco, SecureWork, Georgia Tech, Homeland Security, and the Secret Service to figure out what happened. This is nonsense. We know what happened.
8/ We know how such attacks get in: the hacker sends obvious phishing emails or uses obvious exploits against exposed servers. Then, once in, it uses whatever credentials it finds on the infected systems to spread to other systems.
9/ According to news reports, Atlanta has Windows-based web servers with port 445 exposed. It doesn't matter if that was the particular vector SamSam used -- it matters that no sane organization would have those ports exposed.
10/ Atlanta's flaw is failing to do the very basics. It's kinda pointless asking which of the basic flaws was the one that let SamSam in their network.
11/ Which wraps around to [1/] of this tweet storm: municipal, county, state governments are notoriously bad at doing the basics of IT and cybersecurity. Thus, what happened to Atlanta is likely in their future as well.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵉʳᵗ Graham 🤔
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
1/ So I thought I'd write up a few notes on Trump's oval office address (transcript here). The reason I'm writing this is up is because Pelosi/Schumer derided Trump on the "facts" -- and then provided none of their own.
nytimes.com/2019/01/08/us/…
2/ First of all, I think the context is that Trump wants to declare a "state of emergency" to bypass congress. He's either trying to convince us, or test the waters to see if we'll accept it. We should not let him, this would be a horrible abuse of power, what despots do.
3/ There is legitimately a "humanitarian crisis" going on. As this Wikipedia article describes, there has been waves of refugees, including a lot of children, coming from the three countries immediately south of Mexico since 2014.
en.wikipedia.org/wiki/2014_Amer…
Read 28 tweets
Profile picture
1/ Well, to answer this, sign up for the phone company's family plans designed to allow you to track your children. It's hit or miss, sometimes very accurate, sometimes not.
2/ Modern phones and towers have multiple abilities to track your location. For one thing, because of speed-of-light delay, the tower must know your distance from the tower to within 100 meters.
3/ Next, towers know which directional antenna your signal arrives on. This gives them a 120° arc within which to locate you, the closer you are to the tower, the more accurate that is, of course.
Read 13 tweets
Profile picture
1/ In regards to my tweets today about "institutions" that make us great, let's talk about journalism and "both-sides-ism". Nobody likes it, but those who disagree with us are still reasonable people, the are multiple sides to every debate. This is why a free press is valuable.
2/ Let's take "anti-vaxxers" for a moment, which I assume you'll agree are "batshit crazy" and not "reasonable" in any fashion. Yet, we still have a "both sides" issue. Even if "vaccines cause autism" argument is garbage, we still debate whether governments can force vaccines.
3/ It's the same argument whether governments can force you to donate a kidney. Or force you to donate bone marrow (which is relatively harmless to the donor). Or force a woman to cary a baby to term.
Read 9 tweets

Related threads

Profile picture
Here's the best place to start where you can find all my threads. I've already rewritten the entire Christian Pulisic thread. And like I mentioned, am not his biggest fan, but am just trying to salvage the situation and look for positives.
One of Christian Pulisic's biggest strength is acceleration, so how exactly is that helpful? Let's first take a look at this video of Cristiano Ronaldo sprinting against Angel Rodriguez. Rodriguez is a Spanish champion over 100m
From this video it's clear that Rodriguez is quicker in a straight sprint, obviously. But much slower than Ronaldo in a zigzag sprint over the same distance. Pulisic isn't Ronaldo but he's quick, he likes taking on defenders & dribbling because he's fearless, a bit like Hazard.
Read 40 tweets
Profile picture
Here I'm starting a separate thread which discusses the leaked Xafinity @TrinCollCam's assessment of #USS and the risks of DB for the sector as a whole, rather than @TrinCollCam in particular. 1/
A striking feature of the @Xafinity document is that it implies that the closure of DB to future accrual as a major source of risk to the sector as a whole. In fact, Secs 4.3 & 4.4 model the risks of closure of DB to future accrual in the near future. 2/
I.e., it models the risks to the sector if #USS had followed through on @UniversitiesUK's Jan 2018 proposal to (at least de facto) close the scheme to all future DB accrual and hence suddenly cease all future DB contributions, soon rendering the scheme cash flow negative. 3/
Read 20 tweets
Profile picture
Here's the truth about Brexit, the "punishment" that some people claim the EU is trying to inflict on the UK, and the real consequences of "no deal". Buckle in, it's quite long. Better to be thorough than to leave stuff out! 1/19

#marr #bbcsp #ridge #pienaar #newsnight #bbcqt
The EU isn't punishing the UK for Brexit. We are punishing ourselves. Losing all the benefits of EU membership IS punishment. Just like no longer being able to use the fitness equipment or the weights is punishment for quitting the local gym. 2/19
You might well put on weight because you cancelled your gym membership. But you wouldn't turn around and say "Hey, the gym's punishing me for leaving by making me fat!" That's the consequence of losing your gym membership, not the fault of the gym. 3/19
Read 21 tweets
Profile picture
THREAD. For many it is the near the start of the fall semester. Here I will share my teaching and learning posts. Some of these are for faculty and some are for students.
2/ I'll start with posts that just deal with students. My first recommendation - ditch that scientific calculator. It's overpriced and not nearly as good as python wired.com/story/ditch-th…
3/ Three things to learn for physics lab: unit conversion, graphing, and looking past the instructions wired.com/2017/01/wanna-…
Read 14 tweets
Profile picture
here is what I am scared of

I am scared that US economic collapse is a historical inevitability due to structural weaknesses in almost every aspect of society, and with it will go the best chance for genuinely new human capabilities for at least a century
new technologies are extremely capital intensive. robots are fucking _hard_ you guys. they could make life so much better for so many people, they are the longest possible economic lever that has ever existed.
but let me tell you, the first everyday deployments of robots will be subsidized by wealthy people

and when wealth disparity, as one of many factors, causes the entire thing to fucking implode, nobody is going to work on robots, they will be too busy trying to stay alive
Read 12 tweets
Profile picture
US needs low yield nuclear weapons, @US_Stratcom Cmdr @usairforce Gen John Hyten tells #SASC hearing - "That capability's a deterrence weapon to respond the threat that #Russia in particular is portraying"
"The #Russia|n doctrine will be to use a low-yield nuclear weapon on the battlefield in case of a conventional over-match with an adversary" per Gen Hyten, citing Vladimir Putin's own words
"Our defense is deterrent capability" per @US_Stratcom's Gen Hyten, when asked about threat from #Russia #China #hypersonic missiles "We don't have any defense that could deny the deployment of such a weapon against us"
Read 16 tweets

Trending hashtags

#corruption #Liberal #defeat #commandments #ZIONISTS #lie #bitcoin #political #wealth #ATL #money #history #responsibility #clergy #newdad #nationalsecurity #Ethiopia #cyber #Cypriot #warn #preach #Yahshua #Cuban #extreme #govt

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!