While attackers hit the web server and established a beachhead
Mama with her EDR and I with my IDS
Were ready to tackle this hot infosec mess. /2
Twas the night before Christmas and all over the ‘net,
Not a creature was stirring except a few cyber threats
The firewalls were configured at the egress with care,
But that wouldn’t stop us from being hit by ransomware. 1/
While attackers hit the web server and established a beachhead
Mama with her EDR and I with my IDS
Were ready to tackle this hot infosec mess. /2
I logged into my dashboard to see what was the matter.
This thing had better work, it cost so much cash.
How in 2020 can this thing STILL require Flash?! 3/
But it’s because the threshold for alerting was configured so low.
When what to my wondering eyes did appear,
But 300 false positive alarms. I thought “I’ll be here all year.” 4/
Was really the Russians, masters of supply chain break-ins.
We need some new vendors said the CISO, and the salespeople came. 5/
Now AlertDashboard, Now FaceDancer, Now PacketPrancer, and CyberOxen.
On DarkComet, On WebCupid, On DataDumpDonner, and BlinkenBoxen! 6/
The Russians said “why even bother to deploy a firewall!
The off-site DFIR team prepared here to fly,
But with no logging configured, things were going awry. 7/
So their rootkit crashed a critical server with a death screen of blue.
“It might not be Russia, the packets could be a spoof!”
“But attribution is nuanced, and you’ll never have proof” 8/
Saying “there’s nothing we missed, supply chain attacks are profound”
The CEO was worried Russians wanted his secrets to loot,
But the CISO said “we told you that’s China, you’re not being astute.” 9/
Still fell victim to this insidious cyberattack.
The alarms on the dashboard – oh how they twinkled! This one’s gonna be hairy…
The CISO admitted “this one is bad, I’ve never seen malware so scary!” 10/
But the CISO said “this isn’t CSI:Cyber, it’s going to be slow”
The boss said “this was preventable but your skills are beneath”
The CISO responded “stop insulting my team or I’ll knock out your teeth” 11/
And said “follow the 3-2-1 rule so we aren’t all so smelly!”
The budget was plump, a sign of cybersecurity health,
Everything purchased had been installed – nothing bit-rotting on the shelf. 12/
Soon gave me to know infosec misogynists would be dead.
“Why?!” said the analyst, “we’re just having fun at work!”
She said “Stop being a Neanderthal, a dope, and a jerk!” 13/
Working incidents through the holidays absolutely blows
The IR team remediated the issue and one of them let out a whistle.
The team lead said “if you leak to the press, expect a dismissal.” 14/
Happy whatever you celebrate from all of us at @RenditionSec to you and yours! /FIN
If you prefer the recorded version, here it is too.https://t.co/tWUuuXF864 https://t.co/duAOgZyFBg
— Jake Williams (@MalwareJake) December 24, 2020
More from Internet
Many conversations happening on #WhatsApp (WA) groups about new #WhatsAppPrivacyPolicy .
This thread has arguments to help ditch WA & move to @signalapp:
https://t.co/En4fe9VxUN
Share, use, copy-paste, modify with understanding as you deem fit on any platform in whole or part
1/n
Note: No affiliations, conflict of interest
Info presented with NO bias, prejudice, malice or indemnity.
Open to corrections: individual tweets may be deleted, tweets added to thread or corrected as replies.
Points that are unclear or uncertain are marked with "(?)".
2/n
CONTENT OF WA MESSAGES SHALL REMAIN ENCRYPTED END TO END.
BUT, there's data: contacts, group affiliations, co-affiliations, locations (live?), frequency of contacts, *tags* generated when we send or forward a message or file to contacts or groups, links, clicks on links, etc.
3/n
It is unclear whether this data is anonymized.
NOTHING in latest policy *prevents* the collection, retention, sharing or sale by FaceBook (FB: owner of WA) of this data in part or whole whether with identifying information or anonymized.
Meme source:
https://t.co/nMDTUlb0rl
4/n
Companies need to make money & generate profits:
To create software, install & maintain infrastructure.
Google, FB, Insta, Amazon etc sell data created from our content & data generated from our interactions (searches, clicks, purchases etc).
This makes many uncomfortable.
5/n
This thread has arguments to help ditch WA & move to @signalapp:
https://t.co/En4fe9VxUN
Share, use, copy-paste, modify with understanding as you deem fit on any platform in whole or part
1/n
Note: No affiliations, conflict of interest
Info presented with NO bias, prejudice, malice or indemnity.
Open to corrections: individual tweets may be deleted, tweets added to thread or corrected as replies.
Points that are unclear or uncertain are marked with "(?)".
2/n
CONTENT OF WA MESSAGES SHALL REMAIN ENCRYPTED END TO END.
BUT, there's data: contacts, group affiliations, co-affiliations, locations (live?), frequency of contacts, *tags* generated when we send or forward a message or file to contacts or groups, links, clicks on links, etc.
3/n
It is unclear whether this data is anonymized.
NOTHING in latest policy *prevents* the collection, retention, sharing or sale by FaceBook (FB: owner of WA) of this data in part or whole whether with identifying information or anonymized.
Meme source:
https://t.co/nMDTUlb0rl
4/n
Now that #WhatsApp have updated their terms, forcing users to share their data with #Facebook, here's our suggested update to that notification you see at the top of your chats.#WhatsappNewPolicy #WhatsappPrivacy pic.twitter.com/FjxFGBm6Q8
— Privacy International (@privacyint) January 7, 2021
Companies need to make money & generate profits:
To create software, install & maintain infrastructure.
Google, FB, Insta, Amazon etc sell data created from our content & data generated from our interactions (searches, clicks, purchases etc).
This makes many uncomfortable.
5/n
