Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
🗣 Rob Rosenberger Profile picture
🗣 Rob Rosenberger
@vmyths
#Retired I debunk #cybersecurity hysteria. Co-founder of critically acclaimed (now inactive) Vmyths•com that employed #sarcasm #burlesque #irony #satire
2 subscribers
Apr 11 12 tweets 4 min read
The Pentagon's @DAF_CDAO office should have long ago prioritized its dissection of current AND PAST Air Force #cyberwar doctrine to see where it would have gotten U.S. airmen killed in Ukraine's land war.

But HAF/A6 has a problem: 🤦

They don't ponder doctrine like HAF/A3 does. "Wait a minute, Rob. It's not @DAF_CDAO's job to ponder doctrine. The DAF has an air staff dedicated to that task!"

NO, THEY DON'T.

The office you're thinking of will LISTEN to anyone who believes doctrine must [to use the correct term] "evolve" in some way. This is why… Image
Mar 8 9 tweets 2 min read
Sooooo… Let's begin with a quick assessment.

The book's index highlights Dr. Fred Cohen, whose thesis underpins the concept of a computer virus; Robert T. Morris, whose computer worm almost very nearly destroyed his father's NSA career; and Victor Zhora, who has refused to… …provide a death toll from all the horrifying[ly mysterious] "cyber war crimes" he insists must be prosecuted in a new "cyber court" in The Hague that can pronounce death penalties.

Yet there's no mention of Vmyths[.]com nor Attrition[.]org nor Snopes[.]com nor folks' names…
Dec 4, 2023 12 tweets 4 min read
I want to revisit this supposedly rhetorical question.

Historically, we in #cybersecurity labeled traditional events "cyber" simply because the players were computer experts, e.g. Robert Hanssen was the world's first "cyber spy" because he identified a local computer vuln and… …installed a password cracker on his work computer and used a Palm PDA.

Now we believe *every* spy is a #cyber spy because they all use computers in some way.

So, we've gone back to the lazy way of calling them just "spies" — but NOT for the right reasons.
Sep 15, 2023 21 tweets 8 min read
1/21
Wow! I'm high on life after a follow-up physical at a Navy clinic where I got tossed onto an exam table with my blood pressure checked 3 times, after which they did 2 EKGs, then took my blood, etc. etc.

So let's talk cybersecurity #management. It's late 1996 and I've... 2/21
...just transferred @robtlee off MY ops floor, 😈 making me DoD's first Enlisted Information Warfare Crew Commander and setting Rob on his amazing career path -- a fact he learned at the meeting below where our mutual mentor confirmed it. So, ...
Jul 26, 2023 7 tweets 3 min read
1/7
 It pains me to agree.

Historically, a new "infosec" office found its authority by teaming up w/ the HR office (holding the authority to test & fire employees) and the firm's webmaster (holding the authority to set password security policies for employees & customers alike) 2/7
 Historically, a newfound infosec office couldn't send emails to "all" because the IT staff controlled that -- coincidently to stop #hoax computer virus alerts that once rampaged email servers worldwide.

IT *ignored* the new infosec manager's ✌️assumed✌️ authority, saying…
Jul 15, 2023 18 tweets 6 min read
1/18
Monday would be #NickoSilar's birthday. Our industry spouts an #UrbanLegend that she died in a hospital #ransomware attack … yet the truth is a bit complicated for our collective reductionist beliefs.

Let's study the facts surrounding this baby's tragic death, shall we? https://t.co/TVbwbQ7wTJ
Image 2/18
First, I need to caveat my role in this sad affair. I've offered my expertise pro bono to the law firm representing the attending physician who delivered #NickoSilar on that fateful day. My specific goal is to protect Dr. Parnell from Springhill Medical Center's legal team.
Jul 11, 2023 21 tweets 6 min read
No jokes, no satire, no sarcasm.

Listen to me carefully.

I WANT TO BE PROVEN WRONG for my #skepticism in cybersecurity.

I want Victor Zhora to quit telling me to visit Ukraine to learn how many people died in a Russian quasi-military cyber attack. I want him to give a number. I want Tarah to give us an authoritative number on how many patients were murdered in the 2017 NHS #ransomware attack:
Jun 20, 2023 9 tweets 7 min read
1/🧵
Two years ago on June 14th, Steve Morgan's astronomically large yet unexplained #guesstimate for "the cost of cybercrime" exceeded the U.S. national debt.

This week the national debt officially topped $32 trillion, and the World Bank revised its global GDP projections… 2/🧵
…so let's revisit the #absurdity of Steve Morgan's ✌️predictions✌️ for "the cost of cybercrime."

We'll incorporate the latest numbers from the U.S. gov't debt website and the World Bank's global GDP projections.

Strap in. This absurdity is HUGE.
Jun 16, 2023 11 tweets 7 min read
1/🧵
So, I'm quietly asked my opinion of @mikko's somewhat ... grandiose claims for artificial general intelligence (AGI) going forward. I invite my questioner to jump in with their own thoughts, but here's mine as cybersecurity's eldest #critic:
2/🧵
My short answer is "I'm okay with anyone making bold claims like this." There's simply no #fearmongering here. @mikko states the obvious and paints a future.

My longer answer centers on the fact @mikko wields a strong character in our industry...
May 8, 2023 7 tweets 5 min read
He's subtweeting me for all the right reasons -- and phone calls I've been on reveal he's not the only one.

I've gone soft on @CISAgov in appreciation for the fact they're not like their direct descendant, FBI NIPC.

I've gone soft on @CISAJen because she's not like her… …predecessor, Michael Vatis.

More specifically, though, I've gone soft on @CISAJen because she's building the right relationships with @DragosInc and @RobertMLee, who himself will play the role of "Daddy Warbucks" in the first true #cyberwar.

Everything @ErrataRob subtweeted…
Mar 3, 2023 5 tweets 4 min read
I agree 💯 with @mikko here.

BUT--

--he might be missing the Pentagon's perspective. So, let me fill y'all in.

Tanks, missiles, etc. are #classic: they deploy everywhere to strike anything. Need to put a hole in something? Tank. Obliterate? Missile. Crater? Bomb… …but a cyber weapon is #unique as @mikko said. It deploys against a particular version(s) of Windows, or Linux, or even #antivirus software.

At this point you'd be totally correct to say "Rob, you can't drop a 30lb incendiary bomb to take out an underground bunker!" But the… Image
Mar 3, 2023 10 tweets 6 min read
🧵
"#Antivirus software is a future Trojan horse."

There. I said it.

"But Rob! You were defending Kaspersky just a few days ago!"

NO.

I've fought a crude #UrbanLegend in our industry that's simmered since the FBI threw a shit-fit over something they've never proven. Worse, our own global community has never proved it -- and we've got every good reason to prove it if true.

But hey, our industry turned the tables on Kaspersky the day his dictator launched a genocide campaign.

Because we're just like that. We've always been like that.
Feb 28, 2023 11 tweets 6 min read
🧵
Steve Morgan continues his unashamed touting of absurd guesstimates (see below).

So, let's chart his multi-trillion annual "global cost of cybercrime" as the individual cost to every man, woman, and child on Earth:

cc: @sawaba @KimZetter @shanvav @JMBooyah @nicoleperlroth Image Steve Morgan's guesstimates stretch from 2015 to the end of 2025. This chart shows how, in less than two years, everyone on Earth will be on the hook for $8,441 of his "global cost of cybercrime."

And that's just by 2025! It gets WAY worse as you project a few years forward... Image
Feb 24, 2023 36 tweets 15 min read
🧵
Today marks the first anniversary of the Russia-Ukraine #cyberwar that killed <checks Microsoft's & Mandiant's reports> no one.

Let's go over last year's mass cyberwar #panic. We'll begin with one of the earliest calls to #boycott @Kaspersky:
There was an immediate feeling that everyone must cancel all Kaspersky subscriptions, as if customers -- especially corporate clients -- had a competitor's product waiting in the wings to replace it in some trivial fashion:
Jan 5, 2023 10 tweets 8 min read
"in which I address some criticisms (some fair, others not)" ⤵️🤨

Let's talk cybersecurity.

Historically, those who were critiqued felt victimized. These victims often lumped non-critique #heckling with legit #criticism to shield their egos.

The use of #comedy tools in… …legitimate criticism led many (perhaps most) victims in #cybersecurity to cry out that humor negates legitimacy: "the stakes are too high for <THIS|ME>to be taken so lightly!"

Yet these same victims adore e.g. Jon Oliver for his brutal use of #comedy in legitimate criticism.
Dec 19, 2022 10 tweets 8 min read
553 days ago, Steve Morgan's astronomically large yet unexplained #guesstimate for "the cost of cybercrime" exceeded the entire U.S. national debt.

Morgan has bragged that his wild-ass guess is already larger "than the global drug trade":
1/🧵
"Staggering" is ✌️right✌️ — it amazes me how often Steve Morgan's absurdities #dupe cyber experts like @dralissajay, @WaleMicaiah, @lhmphaphuli, @KenBeattyJr, @eSentire, @LilyLopate, etc.

So, let's chart him against the GLOBAL GROSS DOMESTIC PRODUCT
Dec 16, 2022 5 tweets 3 min read
Yes: John McAfee.

What we call "the cybersecurity industry" [d]evolved from the #antivirus industry that formed in 1988 when John proposed "NCSA" as a media con game. It later split in two (think "Good/Evil Kirk"), and the good stuff became what we know today as ICSA Labs. John's antics appealed to reporters infatuated with the newfangled idea of a computer virus. Some vendors (e.g. Solomon's) shunned it but others (e.g. Panda) couldn't help but play along.

Still, the allure of media exposure tainted nearly everything it touched. There was no…
Nov 28, 2022 11 tweets 9 min read
Let's talk cybersecurity #jokes while we still can.

You probably don't take on a company like @McAfee or a person like @CybersecuritySF like *I* do. But most of you DO enjoy a joke that uses #sarcasm, #burlesque, #irony, and/or #satire to make its point…
thehill.com/opinion/judici… …and that's something I've done in our industry for three decades. PC Magazine columnist @THErealDVORAK labeled me "a comic provocateur" for using the comedian's tools of the trade. My "#antivirus industry persona" predates The Colbert Report. I was…
Aug 4, 2022 16 tweets 11 min read
1/🧵
An innocent questioner came to me asking "Why do you start [see chart below] at 2021?"

And it stumped me. Because I've studied Steve Morgan's tweets enough to know he's touted "$3 trillion" since at least 2018.

So, why DID I start at 2021? Quite simply… 2/🧵
…I had Morgan's more recent #guesstimates in front of me when I first decided to "chart the math."

Really, though, his multi-trillion $$$ guesstimates date back to 2016. And they're not … exactly … "scientific," if you know what I mean:
Jul 1, 2022 19 tweets 12 min read
Monthly reminder that I study today's global medical PANdemIC through the lens of many past computer virus panics. Click the "panic button" to read more!
twitter.com/i/events/12437… 1/18
Yesterday was #NickoSilar's birthday. Our industry spouts an #UrbanLegend that she died in a hospital #ransomware attack … yet the truth is a bit complicated for our collective reductionist beliefs.

Let's study the facts surrounding this baby's tragic death, shall we? Image
Jun 26, 2022 9 tweets 4 min read
This thread pays homage to every woman by name in the U.S. who got arrested by state police because she installed a period tracking app on her cell phone:

0.
Remember this when somebody tells you to "delete any period tracking apps you use!" #ASCII46
28K retweets for this hysterical advice to delete period tracker apps because state police can now haul women off to menstrual concentration camps