MGDec 19

I’m a bit concerned about the non-inquisitive celebration from infosec on this.

Where is the “what does keystroke latency even mean?” Without that, you can’t implement it for yourself, nor can you identify weaknesses.

~3yrs I was privately proposing similar options. So, AS SOMEWHAT OF A KEYBOARD EXPERT MYSELF 🤔💅, let’s look…

Show threadAlexDec 19
@mg real question is why tf amazon tracking this. it kind of makes sense, but at the same time, micro managing like this is creepy.
Show threadMG

@alex02 not really. It’s all about HOW the data is used. EDR sees tons of “invasive” info already. Capturing useful data for a threat that’s been building for the last 5 years? A better question is why it took so long.

Especially when the threat is a hostile nation state gathering funds that feed their weapons program.

Dec 19 at 8:43pmWeb
Show threadAlexDec 19
@mg except checking latency like this could affect legitimate employees or so I would think.
Show threadMGDec 19

@alex02 why is that a problem? As I posted in the 2nd longer reply: this is NOT definitive proof of wrong doing. They are simply turning a mountainous hay stack into a fistful of hay that a human can quickly sift through to look for other indicators.

That’s how ALL of these investigations go.

Show threadAlexDec 19
@mg so you're in for micro managing and spying on employees because this type of stuff can return false positives or be abused, but I'm not going to try to further explain because "experts" tend to unable to think outside their own narrow and quite frankly shallow pov even though even experts aren't always correct.
Show threadScarab (Sarah)Dec 20
@alex02 @mg If you read MG's thread, you'll see "The arms race will continue. And it’s mostly because HR and Hiring Managers don’t want to do deeper background checks needed to identify fake/stolen identities. 🤷‍♂️"
Show threadRogan DawesDec 22

@alex02 @mg do you accept the need for EDR products on workstations?

Because if you do, there’s already equally invasive monitoring happening. EDR just doesn’t report it like that.