howelloneill

@howelloneill@infosec.exchange

Lead cyber operations analyst @ MITRE

This profile is from a federated server and may be incomplete. Browse more on the original instance.

jerry, to random

I think I need a fedibreak.

howelloneill,

@jerry take a break, ignore us, rejuvenate, it's fine

howelloneill, to random

"China launched an offensive media strategy to push narratives around US hacking operations following a joint statement by the US, UK, and EU in July 2021 about China’s irresponsible behavior in cyberspace." https://www.sentinelone.com/labs/chinas-cyber-revenge-why-the-prc-fails-to-back-its-claims-of-western-espionage/

howelloneill, to random

I’m glad it’s up top, so that’s good, but this is an embarrassing minimizing headline from the Times obfuscating the fact that he’s encouraging war in Europe

howelloneill, to random

Trump says he would 'encourage' Russia to attack Nato allies who don't pay their bills https://www.bbc.com/news/world-us-canada-68266447

jerry, to random

Someone needs to go stunt hack something so the media can move on from this toothbrush story

howelloneill,

@jerry did someone else post about it?

howelloneill,

@jerry 😩

howelloneill, to random

while i'm tooting out toothbrush-related takes, we all recognize that the "just say no to iot" dogma that some people in infosec tout is, at best, sisyphean, right? That's not the world we live in, look at any statistics whatsoever on that matter. a more realistic and constructive approach might be to direct people to better iot devices, vendors, and practices. we're not turning back the iot tide, I'm sorry to break this. Improving standards, talking about who does it well, calling out bad actors, these things can be helpful. But "just say no" works about as well here as it is ever has.

howelloneill,

@GossiTheDog my old apartment had a smart thermostat, it was great. more comfortable, more savings, more sustainable. wish I had one in my current place.

howelloneill, to random

i've seen literally 50x more people complaining about the toothbrush thing compared to actual blogs, which is funny to me but okay, I understand.

It's probably significant that all the places i've seen publish it are mass production reblog factories. all due respect, these are not well regarded news outlets. maybe that's not obvious to the general public or even the cyber expert public? There's a difference.

contrary to the viral outrage, this is absolutely not an example of "a dozen well-regarded news outlets" being tricked. It's still worth learning from as an example of the pitfalls of aggregation but you all could act a little less outraged, if I didn't know better I'd think this thing was just published on the front page of the washington post. everyone, drink a glass of water and get some air. This is not a big deal :)

howelloneill,

@GossiTheDog I must be misunderstanding the independent, I see it badly and slowly aggregating tech news all the time but I'm not a brit. And the front page of Microsoft news is almost always garbage. In fact, normally it's more impactful garbage that i unfortunately have to see regularly. Sorry, I still don't think that's a huge deal.

If the BBC published it, okay, that would warrant the reaction. As it is, it's a minor and very silly misunderstanding. I'm open to the idea that I'm missing something but right now it just looks like a funny fixation on a strange little story that no one outside of cyber cares about anyway. We're in a bubble.

This isn't meant to be an attack on you btw. I think the work you do to respond to media issues is super valuable. I just think, in aggregate, this community is overreacting.

howelloneill,

@GossiTheDog yeah I just saw some posts talking about how this was an example of highly trusted outlets going astray and, to be blunt, I just don't see any highly trusted outlets there is all. I see aggregation noise. Again, not good and worth examining! Just not worth this level of group outrage imo

howelloneill,

@zackwhittaker @GossiTheDog I think aggregation with no vetting is not going away any time soon, unfortunately, and that's ultimately what this is about.

your concern about desensitization is valid and real. however, the issue of cyber fatigue is so vast that I am extremely skeptical that one weird little toothbrush story makes significant impact. Every six months we have a new worst vulnerability ever headline, a huge breach, mass exploitation, etc.

Again, you're totally right to have an issue here! Maybe the best case scenario is that this helps the general reader understand which publications are aggregation factory and which do actual reporting. That would be a good outcome.

I just think any time the outrage goes more viral than the bad story itself, we can all take a step back and consider how much it really mattered

howelloneill,

@GossiTheDog fair enough, maybe the viral outrage prevents further harm in a big way. that's an interesting hypothesis and could very well be true. as it is, the outrage went more viral than the story from my anecdotal perspective, and that warrants some self-examination imo. my optimistic hope is that this leads the outraged readers to be better at identifying which outlets are primarily aggregation machines rather than journalism outlets

howelloneill,

@GossiTheDog @BruceMirken now anti-ai hype outrage, that I'm completely onboard for

howelloneill, to random

is this a good time to start my smart bathroom cybersecurity company?

howelloneill, to random

Anyone in cyber should be interested in how the National Transportation Safety Board works compared to the Cyber Safety Review Board, so it's worth paying attention to this investigation and what happens next: https://www.cnn.com/2024/02/06/business/ntsb-boeing-alaska-door-plug-blowout-faa/index.html

howelloneill,

Here's a worthwhile comparison of NTSB vs CSRB https://cyberscoop.com/csrb-hearing-authority-transparency

howelloneill,

Well, it probably wasn't because of polite suggestions https://www.cs.columbia.edu/~smb/talks/cyber-ntsb-fda.pdf

howelloneill,
howelloneill,

I'm imagining the counter-argument being that airplane technology simply moves too fast for slow regulation to keep up, like how can a stodgy old law possibly mandate that doors on airplanes should be securely closed?! This is what cyber sounds like sometimes.

howelloneill,

Credit to @SteveBellovin for this whole presentation

howelloneill,

@SteveBellovin @adamshostack oh was he involved too? My fault! Also, love the rock creek heron photo to wrap it up. Beauty.

howelloneill, to random

I’m gonna re-up @ivory for another year. It’s a the best app I’ve tried for this site and I appreciate that they’re trying new things

howelloneill, to random

The IRS is putting more scrutiny on the rich https://www.npr.org/2024/01/30/1227851166/tax-return-irs-danny-werfel

howelloneill, to random

"Over 2 percent of the US’s electricity generation now goes to bitcoin"

This news won't resonate because 2% feels like such a small number but it is in fact an insane amount of energy: "that's roughly the equivalent of having added an additional state to the grid over just the last three years." https://arstechnica.com/science/2024/02/over-2-percent-of-the-uss-electricity-generation-now-goes-to-bitcoin/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • mdbf
  • InstantRegret
  • ngwrru68w68
  • magazineikmin
  • thenastyranch
  • Durango
  • rosin
  • Youngstown
  • slotface
  • khanakhh
  • tacticalgear
  • megavids
  • ethstaker
  • cubers
  • cisconetworking
  • normalnudes
  • modclub
  • everett
  • osvaldo12
  • GTA5RPClips
  • Leos
  • anitta
  • tester
  • provamag3
  • lostlight
  • All magazines
    •