🗣 Rob Rosenberger Profile picture
#Retired I debunk #cybersecurity hysteria. Co-founder of critically acclaimed (now inactive) Vmyths•com that employed #sarcasm #burlesque #irony #satire
Nevada S. Huaute 🇺🇦🧙‍♀️Witch, Resisting🧙‍♀️ Profile picture d1n3sh 🇮🇳 Profile picture 2 subscribed
May 8 7 tweets 5 min read
He's subtweeting me for all the right reasons -- and phone calls I've been on reveal he's not the only one.

I've gone soft on @CISAgov in appreciation for the fact they're not like their direct descendant, FBI NIPC.

I've gone soft on @CISAJen because she's not like her… …predecessor, Michael Vatis.

More specifically, though, I've gone soft on @CISAJen because she's building the right relationships with @DragosInc and @RobertMLee, who himself will play the role of "Daddy Warbucks" in the first true #cyberwar.

Everything @ErrataRob subtweeted…
Mar 3 5 tweets 4 min read
I agree 💯 with @mikko here.

BUT--

--he might be missing the Pentagon's perspective. So, let me fill y'all in.

Tanks, missiles, etc. are #classic: they deploy everywhere to strike anything. Need to put a hole in something? Tank. Obliterate? Missile. Crater? Bomb… …but a cyber weapon is #unique as @mikko said. It deploys against a particular version(s) of Windows, or Linux, or even #antivirus software.

At this point you'd be totally correct to say "Rob, you can't drop a 30lb incendiary bomb to take out an underground bunker!" But the… Image
Mar 3 10 tweets 6 min read
🧵
"#Antivirus software is a future Trojan horse."

There. I said it.

"But Rob! You were defending Kaspersky just a few days ago!"

NO.

I've fought a crude #UrbanLegend in our industry that's simmered since the FBI threw a shit-fit over something they've never proven. Worse, our own global community has never proved it -- and we've got every good reason to prove it if true.

But hey, our industry turned the tables on Kaspersky the day his dictator launched a genocide campaign.

Because we're just like that. We've always been like that.
Feb 28 11 tweets 6 min read
🧵
Steve Morgan continues his unashamed touting of absurd guesstimates (see below).

So, let's chart his multi-trillion annual "global cost of cybercrime" as the individual cost to every man, woman, and child on Earth:

cc: @sawaba @KimZetter @shanvav @JMBooyah @nicoleperlroth Image Steve Morgan's guesstimates stretch from 2015 to the end of 2025. This chart shows how, in less than two years, everyone on Earth will be on the hook for $8,441 of his "global cost of cybercrime."

And that's just by 2025! It gets WAY worse as you project a few years forward... Image
Feb 24 36 tweets 15 min read
🧵
Today marks the first anniversary of the Russia-Ukraine #cyberwar that killed <checks Microsoft's & Mandiant's reports> no one.

Let's go over last year's mass cyberwar #panic. We'll begin with one of the earliest calls to #boycott @Kaspersky:
There was an immediate feeling that everyone must cancel all Kaspersky subscriptions, as if customers -- especially corporate clients -- had a competitor's product waiting in the wings to replace it in some trivial fashion:
Jan 5 10 tweets 8 min read
"in which I address some criticisms (some fair, others not)" ⤵️🤨

Let's talk cybersecurity.

Historically, those who were critiqued felt victimized. These victims often lumped non-critique #heckling with legit #criticism to shield their egos.

The use of #comedy tools in… …legitimate criticism led many (perhaps most) victims in #cybersecurity to cry out that humor negates legitimacy: "the stakes are too high for <THIS|ME>to be taken so lightly!"

Yet these same victims adore e.g. Jon Oliver for his brutal use of #comedy in legitimate criticism.
Dec 19, 2022 10 tweets 8 min read
553 days ago, Steve Morgan's astronomically large yet unexplained #guesstimate for "the cost of cybercrime" exceeded the entire U.S. national debt.

Morgan has bragged that his wild-ass guess is already larger "than the global drug trade":
1/🧵
"Staggering" is ✌️right✌️ — it amazes me how often Steve Morgan's absurdities #dupe cyber experts like @dralissajay, @WaleMicaiah, @lhmphaphuli, @KenBeattyJr, @eSentire, @LilyLopate, etc.

So, let's chart him against the GLOBAL GROSS DOMESTIC PRODUCT
Dec 16, 2022 5 tweets 3 min read
Yes: John McAfee.

What we call "the cybersecurity industry" [d]evolved from the #antivirus industry that formed in 1988 when John proposed "NCSA" as a media con game. It later split in two (think "Good/Evil Kirk"), and the good stuff became what we know today as ICSA Labs. John's antics appealed to reporters infatuated with the newfangled idea of a computer virus. Some vendors (e.g. Solomon's) shunned it but others (e.g. Panda) couldn't help but play along.

Still, the allure of media exposure tainted nearly everything it touched. There was no…
Nov 28, 2022 11 tweets 9 min read
Let's talk cybersecurity #jokes while we still can.

You probably don't take on a company like @McAfee or a person like @CybersecuritySF like *I* do. But most of you DO enjoy a joke that uses #sarcasm, #burlesque, #irony, and/or #satire to make its point…
thehill.com/opinion/judici… …and that's something I've done in our industry for three decades. PC Magazine columnist @THErealDVORAK labeled me "a comic provocateur" for using the comedian's tools of the trade. My "#antivirus industry persona" predates The Colbert Report. I was…
Aug 4, 2022 16 tweets 11 min read
1/🧵
An innocent questioner came to me asking "Why do you start [see chart below] at 2021?"

And it stumped me. Because I've studied Steve Morgan's tweets enough to know he's touted "$3 trillion" since at least 2018.

So, why DID I start at 2021? Quite simply… 2/🧵
…I had Morgan's more recent #guesstimates in front of me when I first decided to "chart the math."

Really, though, his multi-trillion $$$ guesstimates date back to 2016. And they're not … exactly … "scientific," if you know what I mean:
Jul 1, 2022 19 tweets 12 min read
Monthly reminder that I study today's global medical PANdemIC through the lens of many past computer virus panics. Click the "panic button" to read more!
twitter.com/i/events/12437… 1/18
Yesterday was #NickoSilar's birthday. Our industry spouts an #UrbanLegend that she died in a hospital #ransomware attack … yet the truth is a bit complicated for our collective reductionist beliefs.

Let's study the facts surrounding this baby's tragic death, shall we? Image
Jun 26, 2022 9 tweets 4 min read
This thread pays homage to every woman by name in the U.S. who got arrested by state police because she installed a period tracking app on her cell phone:

0.

Remember this when somebody tells you to "delete any period tracking apps you use!" #ASCII46
28K retweets for this hysterical advice to delete period tracker apps because state police can now haul women off to menstrual concentration camps
Jun 20, 2022 19 tweets 5 min read
1/17
Many of us have a #cybersecurity horror story about "an employee who got fired as a precaution, only later for the firm to realize their mistake, but HR just wished them thoughts & prayers because they couldn't bear to face up to their hasty firing assumptions." 2/17
We in cybersecurity insist we operate on data, facts, and logic.

But the truth is we love a good #ConspiracyTheory, and right now it's all about BSides Cleveland.

You'll find any number of people, e.g. @MalwareTechBlog, who believe whats-his-name had inside help.
Jun 20, 2022 14 tweets 5 min read
Exactly, sir!

Let's talk a "Cybersecurity No Fly List."

Ostensibly, I placed a $500 bet with Marcus Hutchins at 2:1 w/ the payout going to charity because I'm half-confident many of you jumped to the wrong conclusion about BSides Cleveland.

Realistically, though... ...I placed the bet because I worry our industry will create a "Cybersecurity No Fly List" (CNFL).

We'll do it hastily. We won't think it out properly.

And then we'll have the equivalent of a U.S. "No Fly" list.

Our very own #doxx list for cybersecurity can...
Feb 27, 2022 14 tweets 8 min read
To all my "OG" readers:

Let's take a step back in time to 1996.

I sit across from Rob T. Lee on the 609th Information Warfare Squadron operations floor. He's my crew commander; I'm his crew chief.

Lee knows I run "the Computer Virus Myths home page," which has grown so... ...popular that it's eating up all my free time. In December of that year the Ziff-Davis publishing empire will crown CVMhp "the world's #1 most useful website."

Trivia: Lee corrected a web page I wrote where I talked about Start Trek spaceship orbits!
Feb 21, 2022 6 tweets 5 min read
@taco_x86 @threadreaderapp Not yet.

Let me begin by recognizing that more than one person has yelled at me for RT'ing a debate re: cyber where I feel my followers should see both sides of the issue. Generally speaking: they don't want me to highlight our public conversation. I'm always like "WTFO?"
@taco_x86 "OG" readers like you know I view cyber from a similar perspective as #Doctrine_Man and #Mother_of_Tanks -- just two of many whom I've pissed off for QT'ing their tweets to reveal how insanely out-of-whack our industry's perception of #cyberwar really is.

Yet as a critic...
Feb 21, 2022 10 tweets 9 min read
@taco_x86 As a matter of fact I do! You're an "OG" CVMhp / Vmyths reader; you'll probably remember the column where I explained my Bacon Number to Roger Ebert is exactly 1:
@taco_x86 I continued conversing w/ Roger Ebert on CompuServe in the '80s & '90s. After his tirade re: "Highlander 2," I emailed him to explain how it broke the timeline for the sword Ramírez wielded. "Another reason to hate the movie," he replied! [paraphrased]
en.wikipedia.org/wiki/Highlande…
Feb 21, 2022 7 tweets 3 min read
It won't surprise me if Inglis an "OG" Vmyths reader. Consider this sentence:

"Cyber-professionals and policymakers are too often motivated more by a fear of risk than by an aspiration to realize cyberspace’s full potential..." He goes on to say 💯 "A durable [cybersecurity] solution must involve moving away from the tendency to charge isolated individuals, small businesses, and local governments with shouldering absurd levels of risk..."
Jan 27, 2022 18 tweets 16 min read
@thegrugq Your video promotes two #UrbanLegends at the 18:09 mark. I'll begin with the latter: that Ukrainian artillerymen are KIA over an infected phone app.

@CrowdStrike created this #myth in a hysterical report they were compelled to "update" in March 2017:
crowdstrike.com/blog/danger-cl… @thegrugq @CrowdStrike Ukraine's ministry of defense refuted CrowdStrike's "deadly" claims. An alleged source claims CrowdStrike made errors.

Regardless how plausible you think it is, there exists NO evidence of soldiers dying over the use of malware-laden phone apps.
voanews.com/a/crowdstrike-…
Jan 26, 2022 4 tweets 3 min read
This paragraph implies the global cybersecurity community sometimes *fails* to galvanize the IT community to stamp out a vuln that can kill hospital patients in an operating room.

But there IS a precedent. I will don the oldest hat in cybersecurity #criticism to reveal it... #thegrugq, who has 121K followers including the CISA Director herself, posted a video on "cyber warfare" the other day confirming cybersecurity's failure to save hospital patients' lives. Cyber MURDERS occur because IT & gov't don't yet care to stop it:
Jan 25, 2022 4 tweets 2 min read
Do you believe @thegrugq's claim that "there have been cases of people at hospitals who have died due to cyber incidents and it hasn't been publicized & pushed because there's not really a response that can be made to it... Until it's a huge big deal, it's sort of ignored"? Do you believe @thegrugq's claim that a "targeting app ... used by Ukrainian artillery crews ... [contained] malware [that] was specifically sending the GPS location of those phones ... to the Russian military ... [leading to] people being killed because they were using an app"?