Monday, June 26, 2017

What I'm Reading 6/26/2017

So here I am trying to get this thread started again.  One of the thing I need to do I think is weed my RSS feeds;  I just have to much stuff coming in and it is getting overwhelming to go through.Anyway I'll try and be a little more consistent.

NY Times - Supreme Court Takes Up Travel Ban Case, and Allows Parts to Go Ahead -
WASHINGTON — The Supreme Court cleared the way on Monday for President Trump to prohibit the entry of some people into the United States from countries he deems dangerous, but the justices imposed strict limits on Mr. Trump’s travel ban while they examine the scope of presidential power over the border.
Honestly, I don't know how anyone has looked at the way the Supreme Court has ruled on immigration issues in the past and didn't expect this result.  Especially given that the 6 countries affected were chosen as especially dangerous by the Obama administration and it is codified in the CFR.  I also don't this the exceptions to the ban are nearly as broad as the NY Times would have you believe.  All in all this was a pretty resounding victory for Trump.

Seattle Post-Intelligencer - UW study: Seattle's increased minimum wage hurts workers -
In a paper published by the National Bureau of Economic Research, researchers from the school's Daniel J. Evans School of Public Policy and Governance found that the city's current minimum wage of $13 an hour for smaller employers increased hourly wages by about 3 percent. To lower workforce costs, however, employers decreased hours by about 9 percent, resulting in lower take-home pay for low-wage workers, about $125 less per month.
"The wages went up, but the loss of hours was sufficiently large that on balance though they make more per hour, they made less money overall," said professor Robert Plotnick, one of the study's authors.

I have worked more than my share of minimum / slightly above minimum wage jobs and this has always been my experience.  Any increase in labor costs is immediately offset by layoff or cutbacks on hours.

USA Facts - Founded by Steve Ballmer this site puts together an annual report on the US Government in the form of a corporate 10-K report.  Also has a bunch of Infographics.

Dark Reading - Look, But Don't Touch: One Key to Better ICS Security -
How do we fix industrial control systems cybersecurity? 
Experts say better visibility is essential to improving ICS/SCADA security. But infosec teams will never gain that visibility until they stop trying to observe ICS environments through the eyes of IT professionals.  
There are fundamental differences in IT and OT (operational technology) gear, processes, and people, say experts.   
"Overall, IT has no idea what goes into operating an OT environment," says Paul Brager, senior staff product security leader, cybersecurity and risk, for GE Oil and Gas.
The introduction of anything new to the operational environment - a new pump, a software patch, an upgrade, a new security tool - is approached with caution, because any disruption in availability or integrity could have irreversible, expensive, even dangerous physical impacts.

This is an important lesson and one I learned the hard way.  About 4 years ago I went and did vulnerability scans on a network that I didn't know had ICS/SCADA gear attached.  I shut down a bunch of DFR's, some non-essential relays, and ports on substation gateways.  Fortunately none of it was mission critical equipment.  I've been working with that stuff since 2012 now, and gone and gotten my GICSP (indicating I have a base level of knowledge) and I still am leery about scanning any sort of ICS device in a production environment.   Despite this I routinely run into cybersecurity types who will tell me that IT / OT environments should be treated exactly the same.  Sorry - no.  Companies are making efforts to resolve these issues but it is still going to me a number of years before there is anything approaching the level of visibility in Enterprise IT environments, so we should learn this lesson well.

Network Computing - 14 Essential Network Troubleshooting Tools -
At Interop ITX in May, network troubleshooting expert Mike Pennacchi identified the essential toolkit for network engineers. These tools, most all freely available, do everything from helping measure throughput to capturing and analyzing packets, as well as presenting data in handy charts to provide a view into network health.
The open source collection includes popular tools such as iperf, Wireshark, nmap, and Snort. The tools fall into one of three platforms, as described by Pennacchi: laptop, centralized, and remote troubleshooting.

Post a Comment

The Ultimate "Get Psyched" Playlist

I am busily loading up a playlist for DefCon so of course I had to turn to "The Ultimate Get Psyched" Playlist as published by Bar...