This S4 keynote by Andrea Jones-Rooy was so good. As a big fan of standup, and also a former aerials student, it was really cool to see those things come together in this discussion of data complexity.

I wish I could have been there in person to see. #s4x23

https://www.youtube.com/watch?v=kEcm5vYH7lE

What I am Reading 2/26/23 - Back from Miami Beach edition
http://kurulounge.blogspot.com/2023/02/what-i-am-reading-22623-back-from-miami.html
#infosec #cybersecurity #reading #S4x23

It was a busy couple weeks traveling to Miami Beach, attending S4x23, and then coming home and dropping back into the grind, but I haven't forgotten about you guys. Without further ado a couple weeks worth of reading:

The maze is in the mouse: What ails Google and how it can turn things around.

https://medium.com/@pravse/the-maze-is-in-the-mouse-980c57cfd61a

Sensitive US military emails spill online

https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/

Place your bets

https://www.antipope.org/charlie/blog-static/2023/02/place-your-bets.html

Dragos Report Identifies Two New Threat Groups

https://www.itsecurityguru.org/2023/02/15/dragos-report-identifies-new-threat-groups/?utm_source=rss&utm_medium=rss&utm_campaign=dragos-report-identifies-new-threat-groups

Traditional PAM solutions aren’t working, Keeper Security study finds

https://www.itsecurityguru.org/2023/02/15/traditional-pam-solutions-arent-working-keeper-security-study-finds/?utm_source=rss&utm_medium=rss&utm_campaign=traditional-pam-solutions-arent-working-keeper-security-study-finds

Cyberwar Lessons from the War in Ukraine

https://www.schneier.com/blog/archives/2023/02/cyberwar-lessons-from-the-war-in-ukraine.html

The return of Flat Earth, the grandfather of conspiracy theories

https://arstechnica.com/science/2023/02/the-return-of-flat-earth-the-grandfather-of-conspiracy-theories/

US says Google routinely destroyed evidence and lied about use of auto-delete

https://arstechnica.com/tech-policy/2023/02/us-says-google-routinely-destroyed-evidence-and-lied-about-use-of-auto-delete/

Ukraine suffered more data-wiping malware than anywhere, ever

https://arstechnica.com/information-technology/2023/02/ukraine-suffered-more-data-wiping-malware-than-anywhere-ever/

Seattle becomes first US city to ban caste discrimination

https://www.bbc.com/news/world-us-canada-64727735?at_medium=RSS&at_campaign=KARANGA

US Supreme Court wary of removing tech firms' legal shield in Google case

https://www.bbc.com/news/world-us-canada-64727712?at_medium=RSS&at_campaign=KARANGA

Technical debt? Don't spend more than one-quarter of your time dealing with it

https://www.zdnet.com/article/technical-debt-dont-spend-more-than-one-quarter-of-your-time-dealing-with-it/

Lab Leak Most Likely Origin of Covid-19 Pandemic, Energy Department Now Says

https://www.wsj.com/articles/covid-origin-china-lab-leak-807b7b0a

James Bond books edited to remove racist references

https://www.telegraph.co.uk/news/2023/02/25/james-bond-books-edited-remove-racist-references/

Beej's Guide to C Programming

https://beej.us/guide/bgc/html/split/index.html

The Capitalist Road to Serfdom

https://jacobin.com/2023/02/capitalist-road-to-serfdom-surveillance-wage-labor

High-skilled visa holders at risk of deportation amid tech layoffs

https://www.washingtonpost.com/us-policy/2023/02/24/temporary-visa-h1b-tech-layoffs/

U.S. corn-based ethanol worse for the climate than gasoline, study finds

https://www.reuters.com/business/environment/us-corn-based-ethanol-worse-climate-than-gasoline-study-finds-2022-02-14/

Even Neal Stephenson doesn't seem keen on crypto anymore

https://www.gamedeveloper.com/culture/even-neal-stephenson-doesn-t-seem-keen-on-crypto-anymore

There is a worrying amount of fraud in medical research

https://www.economist.com/science-and-technology/2023/02/22/there-is-a-worrying-amount-of-fraud-in-medical-research

Stanford Faculty Say Anonymous Student Bias Reports Threaten Free Speech

https://www.wsj.com/articles/stanford-faculty-moves-to-stop-students-from-reporting-bias-anonymously-cbac78ed

Companies Can’t Ask You to Shut up to Receive Severance, NLRB Rules

https://www.vice.com/en/article/dy7a7x/companies-cant-ask-you-to-shut-up-to-receive-severance-nlrb-rules

How India’s caste system manifests in Seattle-area workplaces and beyond

https://www.seattletimes.com/seattle-news/how-indias-caste-system-manifests-in-seattle-area-workplaces-and-beyond/

The age of Agile must end

https://uxdesign.cc/the-age-of-agile-must-end-bc89c0f084b7

5th person confirmed to be cured of HIV

https://abcnews.go.com/Health/5th-person-confirmed-cured-hiv/story?id=97323361

The Silicon Valley Loop How the dot-com crash created Palo Alto’s clueless investor class.

https://nymag.com/intelligencer/2023/02/the-silicon-valley-loop-malcolm-harriss-palo-alto.html

Speech is violence? Not if we want a liberal, intellectual society

https://bigthink.com/thinking/is-speech-violence/

Big Tech’s massive layoffs will come back to haunt it

https://www.businessinsider.com/tech-jobs-recession-layoffs-gen-z-students-class-of-2023-2023-2

OT Network Security Myths Busted in a Pair of Hacks

https://www.darkreading.com/ics-ot/ot-network-security-myths-busted-in-a-pair-of-hacks

Attacks on industrial infrastructure on the rise, defenses struggle to keep up

https://www.csoonline.com/article/3687814/attacks-on-industrial-infrastructure-on-the-rise-defenses-struggle-to-keep-up.html#tk.rss_all

PLC vulnerabilities can enable deep lateral movement inside OT networks

https://www.csoonline.com/article/3687991/plc-vulnerabilities-can-enable-deep-lateral-movement-inside-ot-networks.html#tk.rss_all

The Energy Department’s Puesh Kumar on grid hacking, Ukraine and Pipedream malware

https://cyberscoop.com/puesh-kumar-energy-cybersecurity/

Is OWASP at Risk of Irrelevance?

https://www.darkreading.com/edge-articles/is-owasp-at-risk-of-irrelevance

Bill Fehrman - CEO Berkshire Hathaway Energy talking at S4x23

https://youtube.com/watch?v=ihvrqlxk5tA&feature=shares

So as I have mentioned multiple times (sue me) went to #S4x23 in Miami Beach last week. Saw a number of pretty good talks but the two I am trying to bring to bear immediately are New Adventures in Legacy System Modernization by Marianne Bellotti (@bellmar) and Building Great Incident Response Tabletops by Lesley Carhart (@hacks4pancakes). Hopefully my boss and coworkers will see some value.

My #S4x23 Trip Report https://www.amperesec.com/blog/s4x23-trip-report

Another great writeup on the #S4x23 conference by @msbrumfield with quotes from @hacks4pancakes and myself...

My #S4x23 Trip Report: Some bad, some good, some great - but excellent event overall. Still the best place in ICS/OT security to get motivated, informed and connected. https://www.amperesec.com/blog/s4x23-trip-report

Jobs posted on the Whova Community Board of #S4x23 https://whova.com/event-job/s4x23-job-opportunities/ < these are all of the jobs posted from the popular S4 OT/ICS cybersecurity event that happened this past week in Miami, FL. Anyone seeking a cybersecurity job consider in this field of amazing people working to keep our industrial world safe.

Heard from a few friends that they are positive for Covid after #S4x23. Test yo self! I’m negative this morning but laying low socially for the next week to be safe.

PWN2OWN MIAMI 2023!
Congratulations to the Masters of Pwn – Claroty! Uri Katz and Noam Moshe of Team82 dominated the competition, succeeding at all 10 of their attempts and earning a total of $98,500 + the $25,000 winner’s bonus.
#S4x23 busted all the records for ICS/SCADA security conferences! See you next year!

We had a great time at #S4x23! Thanks to Dale Peterson for such an awesome event. Wonderful to see old friends again and also meet so many new people coming into the industry. See you all next year!

“The 100 day sprint should have been the 100 day challenge to get your shit off the Internet” Megan Samford at the closing panel of #S4x23

#S4x23 #ICS #OT #Stuxnet #Langner

If this had only come out last week, everyone who heard me in the keynote interview at S4x23 would have a more ready answer to "Who is that dude?"

This will appear in the March edition of IEEE Spectrum, and is online now:

https://spectrum.ieee.org/eugene-h-spafford-profile-cybersecurity

#IEEESpectrum #S4x23 #CERIAS

Great minds think alike? #S4x23

Claire is at #S4x23 today repping the Rural Tech Fund. She set up a booth with a lot of the tech we donate to rural schools and libraries. You can play around with it, learn about our work, and talk with her about ways to help! She's also got stickers and is giving away a Chromebook.

Much love to Dale and the S4 team for inviting us to come set up as part of their Worthy Causes initiative

Claire is at #S4x23 today repping @RuralTechFund. She set up a booth with a lot of the tech we donate to rural schools and libraries. You can play around with it, learn about our work, and talk with her about ways to help! She's also got stickers and is giving away a Chromebook.

Much love to Dale and the S4 team for inviting us to come set up as part of their Worthy Causes initiative

New kicks #S4x23

Two Spafs for the price of one! @spaf and I met so many great folks during our book signing at the #s4x23 cabana sessions this afternoon. Thank you all for stopping by! #CyberMythsBook #CyberMythsAndMisconceptions

Going to start my own virtual event for those who can't/didn't make it to #S4x23 and launch a #Kibana session where we look through historian and process logs to try to find #ICS bad shit

Claire will have a Rural Tech Fund booth setup at the worthy causes space at #S4x23 tomorrow. She’ll have a bunch of the tech we distribute to schools on hand to play around with - robots, banana keyboards, and more. Stop by, say hey to her, and learn about our work!