SANS Orlando 2018

I know we are just starting Blackhat / DefCon season, but I am wondering who is planning on going to SANS Orlando in April 2018 (no link available yet).  At this point I am.  It would be nice if we could kind of build a list and schedule some sort of meetup.  (Look at me pretending I have readers).  I have to start planning early so I can get a second job delivering pizza or something to pay for the trip.

The top three classes I am interested in:

ICS515 - ICS Active Defense and Incident Response
ICS456 - Essentials for NERC Critical Infrastructure Protection
SEC460 - Enterprise Threat and Vulnerability Assessment

but they haven't published the course list yet so who knows what will be offered.

Updates

Just catching people up -

Been a busy couple weeks.   I mentioned that I had onboarding training at work.  It sucked horribly and sucked the life from me.  Still recovering.

Since then I have been doing the Cyber-Physical Systems Security Course on Udacity.  It's not bad, but it's also not as in-depth as it could be..

Getting ready for defcon.  Mainly by imaging my laptop so that I can wipe it and restore when I get home.  I have a throwaway phone that I will be using while there and building the cash stash.

Finally, was in a car accident, got rear ended at a stoplight.  My car is still driveable, but it did get tore up some.  Trying to get that fixed.

So there you go a 5 minute update on my life.  I'll try and get back to the news roundups soon.

This is how I spent my high school years

I am in the yellow Marine Corps shirt.  This must have been 1981 (Jr. Year) so I am 16.  I am wearing glasses which I didn't have to do full time until then and I am drinking Miller which I couldn't afford until then.

The guy in the center of the picture is Chris from Carnifex.org and it's his picture (I blatantly stole it).  I'm guessing this was a Christmas party at his house, although in that time frame it might have been at Leigh Sampson's.

Harvard Business School Style Cyber-Security Case Studies

Recently I was reading "The Golden Passport" a history / critique of Harvard Business School and the overall deleterious (didn't think I knew that word did you?) effects it has had on American business.  On of the recurring themes is the prevalence of the case study at the school.  I had one class once upon a time that used a graphic novel version of a HBS case study on cyber-security but I was wondering if anyone knows of others?  On the off chance that anyone reads this and you do, please let me know.

In the meantime as I was searching I found this class syllabus from either last year or 2015 which looks like it has some interesting readings in it.

Update:  Harvard Business Review sells case studies.  I may buy one just to check it out.

ICS CERT Releases 2016 Assessment Summary Report

via

ICS-CERT conducted 130 assessments in the fiscal year 2016, which is more than in any previous year. Monitor newsletters published by ICS-CERT this year show that it has already conducted 74 assessments in the first half of 2017.

...

Similar to the previous two years, inadequate boundary protection remained the most common flaw – 94 discoveries representing more than 13 percent of all weaknesses identified during assessments. Boundary protection issues can result in failure to detect unauthorized activity in critical systems, and an increased risk to control systems due to the lack of proper separation from the enterprise network.

This may sound like a simple to avoid issue, but business demands and security demands often conflict and if you aren't very careful it's easy to breach your boundaries without realizing it.  (Or whoever is in charge just doesn't care, or the system was installed before control system security became a big deal and people don't want to mess with what's working. )

Today, I declared myself an American hero!

I am in new hire training all week.  It sucks.  As in it's sucking the life right out of me.  Literally in the middle of training today I just wanted to lay on the floor and die.  The only reason I didn't was because I thought it might scare the interns.  Because I was so altruistic I decided I am a Real American Hero.

On top of this I am doing Udacity's Cyber-Physical Security course.  Alot f it is a repeat from stuff I already knew and  SANS ICS410, but it is one of the few free ICS security course I have found and I want to give it a fair eval.

William Shatner Got Reported for a Post on Facebook

Extremely Offensive

So a member of my Facebook Group reported my post. This is the post. 👇🏻🙄 pic.twitter.com/k1Pi8Pujtj

— William Shatner (@WilliamShatner) July 8, 2017

I think his response should be to commission a sequel to Shatnerquake in which all the Shatner's fight the embodiement of all George Takei's roles and then mail it to Takei and ask for a blurb. If you are going to be ostracized be ostracized for something fun.

 (I suggested this because the link where I saw this initially someone suggested Takei is the one who reported him)

(Also:  For some reason it didn't link but the post was "Hello Everyone, How are You")
(another also:  I misinterpreted initially since I saw this on Twitter, he was actually reported on Facebook.  I changed the title - Man this is a lot of work for a lame Shatnerquake joke)

Free Cyber Security Training

From Georgia Tech in coordination with Udacity

Network Security - This course provides an introduction to computer and network security, including cryptography, cryptanalysis, and systems security.

Cyber-Physical Systems Security - This course provides an introduction to security issues relating to cyber-physical systems including industrial control systems and critical infrastructures.

Intro to Information Security - The technical content of the course gives a broad overview of essential concepts and methods for providing and evaluating security in information processing systems (operating systems and applications, networks, protocols, and so on).

They also have a bunch of related course like Linux Command Line, Python, DevOps etc.

Beware,The China Syndrome - What I Am Reading 7/6/2017

NY Times - Hackers are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say -

Since May, hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the United States and other countries.

...

In most cases, the attacks targeted people — industrial control engineers who have direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material, according to two people familiar with the attacks who could not be named because of confidentiality agreements.

The origins of the hackers are not known. But the report indicated that an “advanced persistent threat” actor was responsible, which is the language security specialists often use to describe hackers backed by governments.

Reuters - U.S. job growth seen accelerating; unemployment rate steady -

U.S. employers likely stepped up hiring in June and boosted wages for workers, signs of labor market strength that could keep the Federal Reserve on course for a third interest rate increase this year.

According to a Reuters survey of economists, the Labor Department's closely watched employment report on Friday will probably show that nonfarm payrolls increased by 179,000 jobs last month after gaining 138,000 in May.

Slashdot - In the Knowledge Economy, We Need a Netflix of Education -

(...)The solution for the learning and development industry would be a platform that can make education more accessible and relevant -- something that allows us to absorb and spread knowledge seamlessly. Just as Netflix delivers entertainment we want at our fingertips, the knowledge and learning we need should be delivered where and when we need it.

I actually felt brain cells dying

Meme War!!! - What I am reading 7/5/2017

NY Times - How a CNN Investigation Set Off an Internet Meme War -

On Monday, a CNN reporter tracked down the identity of the user, who quickly deleted his posts, renounced his meme-creating ways, and apologized in a long, seemingly sincere post to /r/The_Donald. CNN declined to name the user, but said, somewhat mysteriously, that it “reserves the right” to publish his identity in the future if he continued to create offensive content.

To many on the right, that caveat felt like a threat issued by a powerful news organization to a private citizen: Fall in line, or we’ll expose you.

I read the article in question, my first thought before I even knew all this had ignited into a controversy was, "Wow, that seems a little over the line", followed by, "Why was CNN even investigating this?  It was stupid meme."  I guess I am a little naive about what matters to other people.  Given that I have a couple journalist followers on twitter, whom I respect and like, I might have been inclined to give the author of the piece the benefit of the doubt, but then it was pointed out that he was one of those leading the charge to destroy Justine Sacco back in 2010 so his goodwill is used up.

On the other had the Washington Post reports that groups are threatening to dox innocents including kids:

Others called for a very personal form of revenge against CNN, and Kaczynski specifically. A link to a pastebin page that appeared to contain the personal identifying information of Kaczynski, some of his family members and his colleagues circulated on 4chan Wednesday morning. And the neo-Nazi Daily Stormer website called for even more. A popular post called for CNN employees to quit their jobs and denounce the network, or face consequences if they didn’t:

“We are going to track down your parents.
We are going to track down your siblings.
We are going to track down your spouses.
We are going to track down your children. Because hey, that’s what you guys get to do, right? We’re going to see how you like it when our reporters are hunting down your children.” 

Definitely not cool (doxxing anyone that is)

A Little Clarification - If I thought Trump was seriously calling for violence against any news agency (or any group for that matter) my thoughts on this would probably be totally different, but I saw this meme over the weekend and I thought it was Trump (who I STILL think is totally unsuited to be President BTW) was celebrating the fact that the Supreme Court had basically given him a victory on his executive orders, and that CNN had to retract a story about a friend engaging in illegal activity with Russia.  A retraction which followed pretty closely on the heels of a pretty embarrassing correction on Jmaes Comey's testimony.  Taunting not incitement in other words.

Hell even Glenn Greenwald agrees with me:

There is also something untoward about the fact that CNN — the subject of the original video — was the news outlet that uncovered his identity. That fact creates the appearance of vengeance: If you, even as a random and anonymous internet user, post content critical of CNN, then it will use its vast corporate resources to investigate you, uncover your identity, and threaten to expose you if you ever do so again.

...

If you’re someone who believes that media corporations should expose the identity even of random, anonymous internet users who express anti-Semitic or racist views, then you should be prepared to identify the full list of views that merit similar treatment. Should anyone who supports Trump have their identity exposed? Those who oppose marriage equality? Those with views deemed sexist? Those who advocate communism? Are you comfortable with having corporate media executives decide which views merit public exposure?

Motherboard - Hackers Linked to NotPetya Ransomware Decrypted a File For Us -

 Hackers linked to the crippling NotPetya ransomware attack, which encrypts files on infected machines, have proved to Motherboard they have the ability to decrypt some locked files.

Security researchers have spent much of the last week debating whether victims of NotPetya will ever get their files back, with many arguing that the malware was designed to cause disruption rather than generate funds.

I don't think this means much.  I think everyone expected they would be able to decrypt files that weren't erased.