Robert Graham

@[email protected]
8.3K Followers
344 Following
912 Posts
Created BlackICE, Sidejacking, Masscan, and other infosec things.
bloghttps://blog.erratasec.com
bloghttps://cybersec.substack.com
githubhttps://github.com/robertdavidgraham
Show threadRobert GrahamFeb 14, 2024
@postmodern they can appear about 30 seconds later
Show threadRobert GrahamFeb 13, 2024
@sokrates @MrsMouse I suspect every field of study evolves over time, redefining things until they become absurd, at which point we have to stand up and say "enough is a enough, this just needs to be discarded instead of redefined".
Show threadRobert GrahamFeb 13, 2024
@minusavenue In college I worked for the computer science center where they stuck me in a room where the Token Ring hubs were located, where I heard the things clicking open and closed all day long.
Robert GrahamFeb 13, 2024
Show threadMrs Mouse at workFeb 13, 2024

@ErrataRob
We’ve reached an absurd state of affairs where everybody knows the OSI Model is false, where everyone is confused by most of it. Yet, people still defend it, claiming some of it is helpful. Many remember some epiphany, where OSI helped them “get” a difficult concept. The problem is that these cases are almost always misconceptions, such as “layers”.

I love this already.

Robert GrahamFeb 13, 2024
What's a MAC address and Ethernet frame header for? Why don't packets simply start with an IP header?
Show threadRobert GrahamFeb 13, 2024

Consider Ethernet. It's trivially simple frame format with destination and source address, followed by a type field, and faster versions are the outgrowth of the latest technology.

But STILL, you really don't understand until understand history. Why is there an Ethernet separate from the Internet? Why not just have the frame start at the IP header, getting rid of the Ethernet header completely???

Show threadRobert GrahamFeb 13, 2024
Computer science is like art history: almost everything was created in reaction to the status quo. You won't understand it until you first understand the status quo of the time.
Robert GrahamFeb 13, 2024
Them: "I don't really get Z"
Me: Well, yea, it's because you are trying to understand it outside the context of history.
Me: <Gives hour long history lesson>
Them: <eyes glaze over>
Show threadRobert GrahamFeb 13, 2024
@tarheel I see he has experience in SNA, that would explain why he's not a fan of OSI.
Robert GrahamFeb 12, 2024

How do you understand the term "Zero-Trust"?

I wrote up a blogpost about how I understand it, where I try to provide a serious answer instead of just cynicism and sarcasm. I mean, the cynical/sarcastic/humorous answers are better, but at some point, we need a serious discussion, too.

https://cybersect.substack.com/p/a-serious-definition-of-the-unserious

A serious definition of the unserious "zero-trust" buzzword

A saw a tweet that went something like this: “I have 10 years of experience and several certifications, and I still don’t know what the heck ‘zero-trust’ is” A lot of responses are sarcastic and humorous, so I thought I’d write up something sincere and serious, defining what this word actually means.

Cybersect