Current status: in hotel room trying to repair MacBook broke by software update, trying to backup files before reinstalling OS
Anybody know how to get WiFi working while in SafeMode?
Current status: twiddling thumbs for next ~30 minutes. Which I wouldn’t mind if I were at home
So I guess I’ll spend this time updating this app to this years version #defcon26

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham😷, provocateur

Robᵉʳᵗ Graham😷, provocateur Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Oct 9, 2018
So Schneier has a book on how IoT will doom us based on the same reasoning why Windows was going to doom us all ten years ago. Yet, Windows didn't doom us, and neither will IoT.
It's like Paul Ehrlich's book "Population Bomb": all his predictions have spectacularly failed to come to pass, yet this doesn't stop True Believers, because it's Moral Truth.
IoT is secure. You don't believe it because of your religious faith, but mathematically, it's true. There's 10 billion IoT devices in the world but only tiny problems due to this.
Read 4 tweets
Oct 9, 2018
It's amazing watching Bloomberg doubling down on its bad hardware hacking story. Instead of addressing the bad reporting pointed out in the original story, it continues with the bad reporting in new stories.
This is technical gibberish, telling techies nothing. Is it one MAC address or two? Or two IP addresses on one MAC address? Networking isn't so complex that you have to avoid sufficient details.
Vagueness and confusion in such simple technical details is an indication the journalist or the source is fudging them.
Read 4 tweets
Oct 8, 2018
So this New Yorker story quotes me as the lone dissenter on the Trump-Alpha scandal. At least it gets some details correct, like how the server in question is located in rural Pennsylvania and not Trump Tower.
newyorker.com/magazine/2018/…
To clarify my position: the DNS lookups may be evidence of some sort of relationship, some extraneous artifact of some other communications, but are not themselves part of a covert communications channel.
The Trump Organization had no control over the server. The server is just a bulk spam/marketing email sender and had no ability to communicate otherwise. The DNS lookups lead to nowhere.
Read 7 tweets
Oct 8, 2018
1/ So in today's sermon, I thought I'd point that you are wrong obsessing about the three-way-handshake in establishing TCP connections. How connections are closed is far more important than how they are opened.
2/ You can see this in the TCP state diagram. There's 4 states for opening a connection, and 7 (almost double) for closing a connection. The reason you like the three-way-handshake is because you understand it, but don't really understand how they are closed.
3/ One thing missing from this diagram is the 'shutdown(fd,SHUT_WR)' system call that closes only one side of the connection. It sends a FIN to the remote side, which ACKs it, but that only closes that direction. Data can flow in the other direction, until a FIN happens there.
Read 12 tweets
Oct 4, 2018
In case you were wondering, the "baseband managment controller" is a wholly separate computer inside your computer, either layered on top of your existing Ethernet controller, or even with it's own separate Ethernet port.
supermicro.com/products/nfo/I…
It runs it's own operating system, often Linux. Putting your own flash chip, or even updating the correct flash chip with your own image, allows you to subvert the code and install your own malware/virus into the computer, regardless of the "real" operating system installed.
Thus, your BMC "virus" can then contact a C&C server on the Internet and download more interesting things to the server. This more complex code can first check the "real" operating system installed.
Read 5 tweets
Oct 4, 2018
1/ We can see flaws in the Bloomberg story even if can't verify the truth.
2/ Not only is Bloomberg overly relying upon anonymous sources, they aren't even first hand sources, or secondhand, but people vaguely "brief" on the subject. At this point, it's rumor in the intelligence community they are passing along.
3/ What's important about this is that whenever you pass technical details through multiple layers of non-techies, they get garbled. There may be something true about this story that's still unrelated to translated version in the story.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(