Saturday, September 10, 2016

Now For Something A Bit Different...

I had the chance to attend a non-security conference this week.  It was the Rocky Mountain Fiction Writers Conference.  Thanks to my good friend Warren Hammond we presented on Hacking. 

“Advice? I don’t have advice. Stop aspiring and start writing. If you’re writing, you’re a writer. Write like you’re a goddamn death row inmate and the governor is out of the country and there’s no chance for a pardon. Write like you’re clinging to the edge of a cliff, white knuckles, on your last breath, and you’ve got just one last thing to say, like you’re a bird flying over us and you can see everything, and please, for God’s sake, tell us something that will save us from ourselves. Take a deep breath and tell us your deepest, darkest secret, so we can wipe our brow and know that we’re not alone. Write like you have a message from the king. Or don’t. Who knows, maybe you’re one of the lucky ones who doesn’t have to.” 

I love that quote and it makes me consider what I blog about some times, the tone and the content...

It was good for me to engage in conversations and dialogue COMPLETELY out of my normal infosec circles.  I had the chance to attend a session on "Weapon Systems Of The Future" For Science Fiction writers. 

I was struck by the conversation about how much imagination drives reality.

Here is a basic example:

I was struck with the idea, what are imagining for offense and defense.  What will our attacks and defense look like in 10-15-25 years.  

Its hard to know for sure. 

I just wonder what role does our ability to use our imagination and creativity to block/detect certain attacks.  It may not exist yet, but "What if IT DID."  And if so how could we build it...

So, I've created some space this weekend to do some imagining and brainstorming on attacks and defense.  

So far I've had 1 breakthrough on the Application Whitelisting front, I hope to be able to blog about soon.  I want to prove some ideas a bit first.  

Some classic reading for DFIR

Here are some things to consider...This article was written and published in 1988...

"The intruder conjured up no new methods for breaking operating systems; rather he repeatedly applied techniques documented elsewhere. Whenever possible, he used known security holes and subtle bugs in different operating systems..."

"By studying the printouts, we developed an understanding of what the intruder was looking for. We also compared activity on different dates in order to watch him learn a new system, and inferred sites he entered through pathways we could not monitor. We observed the intruder’s familiarity with various operating systems and became familiar with his programming style. Buried in this chatter were clues to the intruder’s location and persona, but we needed to temper inferences based on traffic analysis."

And Lastly...
"Perhaps no computer or network can be totally secure. This study suggests that any operating system will be insecure when obvious security rules are ignored. From the intruder’s widespread success, it appears that users, managers, and vendors routinely fail to use sound security practices. These problems are not limited to our site or the few dozen systems that we saw penetrated, but are networkwide. Lax system management makes patching utility software or tightening a few systems ineffective. 

We found this intruder to be a competent, patient programmer, experienced in several operating systems. Alas, some system managers violate their positions of trust and confidence. Our worldwide community of digital networks requires a sense of responsibility. Unfortunately, this is missing in some technically competent people."

So, this weekend I am reflecting back and forward a bit to see where it may lead ;-)

Anyway.  Hopefully this is interesting to you you.

Thats all I have for today.



No comments:

Post a Comment