This year I decided to attend Dale Peterson’s S4 Conference, I had high hopes on getting up to date on the latest technology and information in the SCADA security world. After my first two sessions I felt like I was suffering from depersonalization disorder, floating above the room watching the inept presenters attempt to discuss systems and technologies that they too do not fully understand. Not that I am an expert by any means however I would like to feel like I’m getting information from those who do. Having presented at several conferences I too have fallen into the feeling that I needed to include some of the latest buzzwords and attempt to entice interest. I have since discovered that it is always better to stick with what you really know well. We have all had to have dinner with your wife’s friends’ house, whose husband spent 4 solid hours talking about his floor tile business. At dinner that can induce thoughts of suicide by stabbing yourself in the heart with a butter knife, in the right crowd he is a guru. My suggestion, if your presenting, dive deep your expertise and avoid buzzword surfing….
If Bruce Schneier is correct in his assessment of hackers: “In this same vein, computer networks have been plagued for years by hackers breaking into them. But these people aren’t breaking into systems for profit; they don’t commit fraud or theft. They’re breaking into systems to satisfy their intellectual curiosity, for the thrill, and just to see if they can… Hackers’ traditional and common defense is that they’re breaking into systems to test their security. They say the only way to learn about computer and network security is to attack systems. Never mind that these hackers don’t own the systems they’re breaking into; that’s just the excuse.” He points out that there is an ongoing controversial discussion about whether hackers are genuinely committing criminal acts while intruding into a network: “”I was only testing security” is not a valid defense. For years, we in the computer security field have heard that excuse. Because the hacker didn’t intend harm, because he just broke into the system and merely looked around, it wasn’t a real crime. Here’s a thought for you: imagine you return home and find the following note attached to your refrigerator: “I was testing the security of back doors in the neighborhood and found yours unlocked. I just looked around. I didn’t take anything. You should fix your lock.” Would you feel violated? Of course you would.” Continue reading
There’s a place lurking beneath the Internet you use every day.
Brad’s article is a good place to start understanding the hidden alleys of the internet.