Kenna's top10 vulns match up to the top triggered sigs on every Snort install ever.pic.twitter.com/7z4W7LLo3p
CEO @trailofbits, organizer @EmpireHacking, director @hack_secure. Open DMs.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
Kenna's top10 vulns match up to the top triggered sigs on every Snort install ever.pic.twitter.com/7z4W7LLo3p
That should have been a major hint that they weren't measuring anything at all, but somehow...pic.twitter.com/AAOneIzBws
If you missed that, Kenna thinks attackers are successfully exploiting FREAK and an RDP DoS and so you should prioritize them above new CVEs
This dataset and their analysis is misleading and harmful. Enterprises that follow that advice are worse off after reading it.
Dan Guido Retweeted the grugq
There's a total disconnect between real incident data and Kenna's synthetic dataset, here's another take on it:https://twitter.com/thegrugq/status/727002988250730496 …
Dan Guido added,
Dan Guido Retweeted the grugq
Microsoft is combining crash data with on-host agent data here. They can track process execution. This data is REAL:https://twitter.com/thegrugq/status/727002988250730496 …
Dan Guido added,
It still confuses me why Verizon didn't use their own incident data for tracking successful exploitation. It's concrete and reliable.
If there are issues with quantity, then get your collaborators to improve their data collection until it's statistically reliable!
Instead, Verizon worked with Kenna to make up a bunch of data then masked it in "data science" to make it look like more than garbage.
Or, exploitation is dramatically easier to detect on-host. Partner with an agent vendor: "If iexplore.exe launches cmd.exe then popped=true"
Dan Guido Retweeted Thomas H. Ptacek
Several others have cogent analysis of the Verizon/Kenna data. See here: https://twitter.com/thegrugq/status/726986083381055488 … and here:https://twitter.com/tqbf/status/726989872913739777 …
Dan Guido added,
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.