I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Yes. Our report is typically going to include pointers for making things better going forward. This is where we can (kindly) point out the gaps our investigation has discovered.
6
Oh my friend! I am more sorry than I can say to hear this news. Though this is not a path that you would have chosen, you are not alone. You are loved.
1
20% of Americans feel so isolated and unheard that they will subscribe to lunatic fringe beliefs just to feel like they have a group to belong to.
1
1
From the top down, management needs to be clear—in both word and deed—that they are looking for solutions and not scapegoats. Once blame conversations start happening, everybody retreats to their personal foxholes and things start going sideways.
10
16
3
194
Later in the engagement, several people from all levels in the IT staff said they appreciated those words and the timing and it helped them move on from the initial FUD stage of the incident and be more productive. Your mileage, as always, may vary.
16
13
580
“We are the good people. The ones who are trying to figure out what happened and make things better. This is a team effort that is going to require everybody’s help. Nobody is to blame, we are all just trying to fix this mess we find ourselves in.”
2
6
254
“You are not the assholes here. The assholes are the ones who took that vulnerability and used it to drop ransomware all over your network. Just because you forgot and left your door unlocked doesn’t make it right for somebody to come in and trash your place.”
4
15
1
303
“And NONE of that is YOUR FAULT. All organizations are vulnerable, because I have yet to meet an org whose security budget exceeds their attack surface.”
4
22
3
377
So on a recent case, during our engagement kick-off call, I laid it out like this. “We’re going to investigate and figure out where this started. And it will be an unpatched system, or somebody clicking a link, or somebody just being unlucky with a web site they visited.”
3
14
3
263
Whether they’re embarrassed or afraid of being shown up or for whatever other reason, they’re uncooperative or in some cases actively working against our investigation.
2
6
1
252
Lately I’ve been dealing with a lot of ransomware cases. And often our team runs into issues with the IT staff from the victim organization.
33
260
56
1,306
Vaccine canvassing—neighborhood by neighborhood, door by door. “Here’s your shot, we’ll fill out the paperwork, and we’ll be back in three weeks for the second dose.”
8/
You: “They need to be on the hustle like them folks registering people to vote. I’m dead serious.”
Me: “I know you are.”
You: “That’s how I got registered to vote. A random dude with a clipboard.”
*silence*
You: “Tell the truth—I got some good ass ideas, don’t I?”
1
I am taken back to the 1980’s era of Sendmail back doors. At least this intentional back door is unlikely to cause an Internet outage, but almost certainly will be used as a pivot to deploy ransomware.
For years, a backdoor in popular KiwiSDR product gave root to project developer.
arstechnica.com/gadgets/2021… [quite the debugging feature... would you like root with that?]
1