The vulnerability MS17-010, patched on 14 March 2017 but rising to prominence with the Shadow Brokers leak of an exploit called ETERNALBLUE in mid-April 2017, has fueled multiple information security headaches. First and among the most prominent was the global WannaCry ransomware event in May 2017 (two months after the Read more
A topic I’ve complained about previously (and one of the motivating reasons for the existence of this blog) is the impermanence of knowledge within the information security discipline. Specifically, information security as a field of study and area of practice remains pitifully immature relative to other disciplines as so much Read more
Many public discussions on information security tend to identify or claim the existence of an “information security community”. On its face, this seems a rather innocuous term that merely designates a collective of individuals dedicated toward relatively similar goals or ends – yet when delving a bit deeper, the term Read more
“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean—neither more nor less.” – Through the Looking Glass, Lewis Carroll FireEye recently published a blog covering the tactics, techniques, and procedures (TTPs) for the “TRITON actor” when preparing Read more
Recently Juan Andreas Guerrero-Saade and Silas Cutler presented new research on the cluster of activity encompassing Stuxnet, Duqu, and Flame at the Kaspersky Lab-sponsored Security Analyst Summit. (Note for those reading this from US, Canadian, and related government networks: accessing the research link previously will display potentially leaked, non-public information Read more
In Germany (as well as Austria), there is a type of company referred to as the “Mittelstand”. Generally speaking, these are small- to medium-sized companies, non-public and typically family-owned, providing technical expertise (if not excellence) in a specific niche, usually manufacturing or engineering oriented. Although small, such organizations have outsized Read more
I attended an interesting presentation at the EnergySec Pacific Rim summit discussing the role of machine learning and artificial intelligence (ML/AI) in network security and ICS operations. The talk was mostly an overview of potential applications and niches for ML/AI within these spaces, which in itself is refreshing as ML/AI Read more
A common statement heard in information security circles these days is “the perimeter is dead.” The concept behind the statement is simple and seemingly obvious. Historically, security professionals only dealt with two networks: the “home” network (which was managed, safe, and trusted) and the “outside” or “external” network (regarded as Read more
The concept of praise and blame – or moral responsibility more generally – is a central concept in ethics that features many responses. Of note in evaluating various approaches to the problem is the concept of human fallibility in the face of ethical decision-making. For Aristotle, humanity is intrinsically flawed Read more
As we move into late December (I started writing this on 23 December 2018), all eyes in the information security and especially the industrial control system (ICS) security space typically turn to Ukraine. In 2015 and again in 2016, malicious entities – likely Russian in origin – gained access to Read more