Joe Uchill Profile picture
Founded Axios Codebook cybersecurity newsletter | Also: The Hill, Motherboard, SC Media | CyberCyberCyber | @[email protected]
Nov 20, 2022 6 tweets 2 min read
I'm going to say something that a lot of you won't like.

If you stay on Twitter to make fun of Elon, you aren't fighting the man. You're doing the thing Elon wants.

He is the main character driving user engagement. Posting space Karen memes isn't a protest. It's the product I posted this on another site. It's true here, too.

If you stay on this site, even to make fun of Elon Musk, advertisers will come back. Advertisers don't care why you're here, just that you see their thing.
Nov 19, 2022 4 tweets 1 min read
This would actually mean Elon Musk is dumber than he looks.

High school sports is a monopoly. If you go to Jefferson High, and you don’t like the coach at Jefferson High, you can’t move to City High, where City High will also give you a raise.

If Jefferson High’s football team sucks one season, it gets new players in the same district automatically. It doesn’t ruin recruiting forever.
Nov 18, 2022 4 tweets 1 min read
Twitter's office is closed because they are worried employees will sabotage the company.

Musk had recently complained that too many employees were working remotely.
Jul 10, 2022 9 tweets 2 min read
Cybersecurity has a lot of really weird internal drama. I'm going to skip rebroadcasting the latest one, except for one claim: A guy said someone who only had a bachelor's degree couldn't critique his PhD-level research.

This is a thread about cybersecurity and the institution. Moreso than any other field I'm aware of, law enforcement, investigation, crime prevention and national security tasks are shifted to the private sector.

Almost all research happens outside academia and - until very recently - nearly all training did as well.
Apr 24, 2022 7 tweets 3 min read
This article gives a false impression that Taylor Lorenz or the Internet Archive did something extraordinary by remove her tweets.

Here's why I have a problem with the story, why I deleted my original thread, and why I'm posting it again.

foxnews.com/politics/taylo… The Internet Archive has always allowed creators to request their work be taken down. People do it all the time.

If the Wayback Machine is "facing criticism," it's because people don't understand what the Wayback Machine is and isn't.
Apr 24, 2022 4 tweets 1 min read
I deleted a thread about Fox News framing a story badly because I think the problem may be an editing mistake. Here's the sentence that's a problem
Apr 22, 2022 9 tweets 2 min read
Authenticating all real humans would not be sustainable without dramatically changing what Twitter is and extraordinary expansion of staff.

The fact that Musk hasn’t spoken to people in content moderation about what’s possible is not a good sign. Image Authenticating people means continuous moderation of things like their bio, their name, their profile pic, and what claims they make about themselves.

I have a blue check. You don’t want me to change my name and pic to Joe Biden and declare war on Guam.
Aug 21, 2021 6 tweets 1 min read
Caesars Entertainment, which hosts @defcon in Paris, Bally's and sometimes Planet Hollywood, is hosting a QAnon Conference in Las Vegas.

DEF CON has a contract with the hotel group.

The people who attend DEF CON, pay for hotels, bars and restaurants do not.
Jun 9, 2021 52 tweets 6 min read
Any minute now, the House Homeland Security Committee will host a critical infrastructure cybersecurity hearing with Joseph Blount, president and CEO of Colonial Pipeline.

THREAD Chair Bennie Thompson calls the system of (largely) voluntary cybersecurity guidelines in critical infrastructure into question.
Jun 7, 2021 9 tweets 1 min read
DOJ's Colonial Pipeline presser appears ready to start. Lisa Monaco: "The Department of Justice is announcing a significant development in the ransomware attack on the Colonial Pipeline."
May 15, 2021 12 tweets 2 min read
I'm a big fan of @ciaranmartinoxf.

Here's a thread about why this might not work.
In the simplest possible terms, the goal of banning paying ransom is to reduce the profitability of ransomware.

It isn't the only way to do that, and it very likely isn't the most effective way to do that. Let me explain.
Apr 5, 2021 7 tweets 1 min read
I had a thread yesterday about why banning payment of ransomware is not an easy solution to the problem
Just to go through some of the other policy options that are worth considering or combining into a comprehensive package:
One idea is to impose know-your-customer laws and mandatory intervention with warrants on cryptocurrencies sold on legitimate exchanges.

It would help recover funds and impose an extreme cost on criminals trying to stay anonymous.

Speculators would super hate it.
Apr 4, 2021 6 tweets 2 min read
With respect to Chris Vickery and other people who've made this suggestion, it's not that easy. Illegalizing ransoms is actually something with historic precedent. It's shown success against kidnappings in the past
But here's the thing...
Apr 3, 2021 4 tweets 1 min read
This is a weird article, but not for the reasons people seem to think it's a weird article.

nbcnews.com/think/opinion/… The article makes the assertion that 200 years in the future, only the Beatles and Bob Dylan will be remembered.

If you're angry about that name three 1760s composers.
Mar 10, 2021 36 tweets 4 min read
CISA leadership will be testifying before the House Appropriations Committee's Homeland Subcommittee in about an hour about "Modernizing the Federal Civilian Approach to Cybersecurity."

I'll be live-tweeting it. 🧵 Interesting notes to consider in advance.

- Brandon Wales will testify as Acting Director.
While the Biden administration has discussed a task force in the wake of Hafnium, there's no confirmed CISA director, someone you'd expect on the task force.
Mar 9, 2021 4 tweets 1 min read
The interesting thing about gaffs is not that they happen.
They happen to everyone. Today, I forgot the word acronym. What's interesting is how the ones that stick are ones that confirm what people already suspect about the person who said them. That's not to say legitimately not knowing something important isn't a problem. But if you give 4 hours of speeches a day, you're going to trip over words.

Yet no one honestly thought Obama didn't know how many states there were when he said he visited 53 of them.
Feb 12, 2021 11 tweets 2 min read
There's a ton of stuff we don't know about Bloomberg Supermicro 1 and 2 that I'm not sure we're going to know. Here's what I do know about Supermicro 1, the original story: I know a ton of national security and cybersecurity reporters and contractors who tried to substantiate the first story without success.

I tried to substantiate the first story without success.
Feb 10, 2021 19 tweets 3 min read
The EAC is about to vote on the Voluntary Voting System Guidelines 2.0.

The most contentious point in VVSG is that it says wireless technology should be disabled and not completely removed from voting machines. I'll try to live-tweet anything interesting, but am also expecting a call for work. So this thread may cut short at any time.

It could be very dramatic.
Jan 7, 2021 5 tweets 1 min read
The natsec/infosec implications of the coup attempt are staggering - not just in Pelosi's office.

They'll need to assume all systems and physical files were compromised, and catalog what of each was stolen, altered or destroyed In the long run, they need an evacuation failsafe for computer systems.
Jan 2, 2021 133 tweets 15 min read
I AM GOING TO CONTINUE TO WATCH CSI:CYBER
By the end of the first season, over the course of several investigations, the FBI had hacked into Boston's transportation system, an online casino that was cooperating with the investigation and the camera on a teenage girl's home computer.

Where will they CSI:CYBER next?
Jan 1, 2021 5 tweets 1 min read
The passage of the NDAA means that the Executive Branch gets a new staff member: the National Cybersecurity Director. The position is modeled after the U.S. Trade Representative, and is one of the Cybersecurity Solarium’s suggestions.