Thoughts, Musings, and Other Items from the Worlds of Infosec, ICS, and Beyond

The Specter of MS17-010

The vulnerability MS17-010, patched on 14 March 2017 but rising to prominence with the Shadow Brokers leak of an exploit called ETERNALBLUE in mid-April 2017, has fueled multiple information security headaches. First and among the most prominent was the global WannaCry ransomware event in May 2017 (two months after the patch was released and one month after the exploit), although the vulnerability continues to be used through various “copycat” cryptominer campaigns to the present. Most Read more

By Joe, ago

Historical Memory and Information Security

A topic I’ve complained about previously (and one of the motivating reasons for the existence of this blog) is the impermanence of knowledge within the information security discipline. Specifically, information security as a field of study and area of practice remains pitifully immature relative to other disciplines as so much information, knowledge, and experience remains codified in hard-to-access or impermanent forms: conference presentations (even if recorded), “Tweets”, and similar output. Meanwhile, mature fields of study Read more

By Joe, ago

Extracting Community from the Communitarian

Many public discussions on information security tend to identify or claim the existence of an “information security community”. On its face, this seems a rather innocuous term that merely designates a collective of individuals dedicated toward relatively similar goals or ends – yet when delving a bit deeper, the term brings with it a host of additional considerations that make the flippant referrals to such a construct seem either misguided or profoundly misunderstood. Before proceeding, Read more

By Joe, ago

A XENOTIME to Remember: Veles in the Wild

“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean—neither more nor less.” – Through the Looking Glass, Lewis Carroll FireEye recently published a blog covering the tactics, techniques, and procedures (TTPs) for the “TRITON actor” when preparing to deploy the TRITON/TRISIS malware framework in 2017. Overall, the post does a commendable job in making public findings previously only privately shared (presumably by Read more

By Joe, ago

Adversary Attribution: It’s ‘Complicated’

Recently Juan Andreas Guerrero-Saade and Silas Cutler presented new research on the cluster of activity encompassing Stuxnet, Duqu, and Flame at the Kaspersky Lab-sponsored Security Analyst Summit. (Note for those reading this from US, Canadian, and related government networks: accessing the research link previously will display potentially leaked, non-public information which could be construed as a spillage event, so click with caution depending on where you are.) The technical analysis accompanying this work is quite Read more

By Joe, ago

The Peril of the Mittelstand and the Possibilities of Competitive Advantage

In Germany (as well as Austria), there is a type of company referred to as the “Mittelstand”. Generally speaking, these are small- to medium-sized companies, non-public and typically family-owned, providing technical expertise (if not excellence) in a specific niche, usually manufacturing or engineering oriented. Although small, such organizations have outsized influence on much larger organizations by providing critical technical capability in very specific areas such as tool and die work, specialty manufacturing, machine tool production, Read more

By Joe, ago

The Devil’s in the Algorithm

I attended an interesting presentation at the EnergySec Pacific Rim summit discussing the role of machine learning and artificial intelligence (ML/AI) in network security and ICS operations. The talk was mostly an overview of potential applications and niches for ML/AI within these spaces, which in itself is refreshing as ML/AI is frequently touted as a dramatic, overall solution for numerous security problems as opposed to just another tool in the information security toolbox. More importantly, Read more

By Joe, ago

Network Security is Like an Ogre – It Has Layers

A common statement heard in information security circles these days is “the perimeter is dead.” The concept behind the statement is simple and seemingly obvious. Historically, security professionals only dealt with two networks: the “home” network (which was managed, safe, and trusted) and the “outside” or “external” network (regarded as risky, if not outright dangerous, and uncontrolled). Separating these two was the “perimeter” – the classic example of a firewall governing what traffic is permitted Read more

By Joe, ago

Moral Responsibility, Weakness of the Will, and the Information Security Profession

The concept of praise and blame – or moral responsibility more generally – is a central concept in ethics that features many responses. Of note in evaluating various approaches to the problem is the concept of human fallibility in the face of ethical decision-making. For Aristotle, humanity is intrinsically flawed due to the experience of emotion and feeling, resulting in a “weakness of the will” (akrasia) – thus an individual may very well know or Read more

By Joe, ago

Electric Sector Targeting in Context

As we move into late December (I started writing this on 23 December 2018), all eyes in the information security and especially the industrial control system (ICS) security space typically turn to Ukraine. In 2015 and again in 2016, malicious entities – likely Russian in origin – gained access to and successfully manipulated Ukrainian electric distribution and transmission (in 2015 and 2016, respectively) to create outages within the greater Kiev/Kyiv region. The last two years Read more

By Joe, ago