Podcast appearances and mentions of cliff stoll

The Macintosh's year in review for 1988: some reached milestones, some threw stones, and some wished they'd stayed at home. Original text by the late Charles Seiter, Macworld, January 1989. Macworld: In Memoriam. Charles was just 58 when he passed. If you ever spotted a heavy math, science, or programming and development tool-related article in Macworld, you could be certain to find Charles' name nearby. I believe this particular article was, unfortunately, his only excursion into humorous editorials. I had a little contact with Charles back in 2004 after I thanked Macworld's team of contributing editors for teaching me that, contrary to what I had been taught in school, writing could be fun. Clip of Jean-Louis Gassee's story about having dinner with John Sculley from the 2011 “Steve Jobs' Legacy” event at the Churchill Club. Even the Newton marketing team acknowledged people sort of looked down upon John Sculley's technical background. Gassee's new book “Grateful Geek” is out now. His old book is too. nVIR clip from Don Swaim interview with Cliff Stoll, author of The Cuckoo's Egg. The WayBack Machine does not have the source file but I do. The Computer Chronicles' whirlwind tour of Boston Macworld Expo 1988. Bill Gates' observation about borrowing ideas from Xerox. On the DRAM crisis of 1988. Mainframe and VAX connectivity makes up a fairly large percentage of the marketing material coming out of Apple in the late ‘80s, as you can see from The ReDiscovered Future and the Apple User Group VHS Archive. As told by Bob Supnik and many others, DEC was already thoroughly doomed by the late 1980s. Pre-QuickTime Video production on the Mac II was, by today's standards, weird and expensive. WordPerfect 1.0 and 2.0 weren't heralded as very Mac-like, unlike v3.5, which shipped around the time Microsoft Word 6 ate everyone else's lunch. Not all early CD-ROM titles were as compelling as Myst: About Cows v3.09, $40USD. How AutoCAD was ported to the Macintosh II–with a dirty hack. Apple and Stephen Wolfram pushing Mathematica 1.0. The first few years of fax software on the Macintosh were a bit of a disaster. Apple'e entry was particularly embarrassing. Macworld even called the AppleFax software/hardware package “beleaguered”. 1989 was the year John Norstad's Disinfectant began to spread like wildfire. We usually received a new version every 3-6 months via my father's employer. It's remarkable software distribution at that scale happened at all when you think about how few people people had modems back then.

What began as a supposed accounting error landed Cliff Stoll in the midst of database intrusions, government organizations, and the beginnings of a newer threat—cyber-espionage. This led the eclectic astronomer-cum-systems administrator to create what we know today as intrusion detection. And it all began at a time when people didn't understand the importance of cybersecurity. This is a story that many in the infosec community have already heard, but the lessons from Stoll's journey are still relevant. Katie Hafner gives us the background on this unbelievable story. Richard Bejtlich outlines the “honey pot” that finally cracked open the international case. And Don Cavender discusses the impact of Stoll's work, and how it has inspired generations of security professionals.If you want to read up on some of our research on ransomware, you can check out all our bonus material over at redhat.com/commandlineheroes. Follow along with the episode transcript.  

Many people think we're on the verge of another Cold war, a cyber war, in which skilled hackers will break into systems abroad and wreak havoc with them. But back in the 1980s, such a concept was still such a noveltythat intelligence agencies and police didn't pay much attention to it. That is, until 1986, when an astronomer at the Lawrence Berkeley National Laboratory made a startling discovery. Cliff Stoll was a systems administrator at the lab, and noticed an unusual pattern of usage in the lab's computer network. In a groundbreaking game of cyber cat and mouse, stole eventually traced the activity back to a KGB recruit in Germany named Markus Hess. Stoll told the amazing story in his 1989 bestseller The Cuckoo's Egg. I spoke with him about that book, and again a year later when they paperback version came out.

A honeypot is basically a computer made to look like a sweet, yummy bit of morsel that a hacker might find yummy mcyummersons. This is the story of one of the earliest on the Internet. Clifford Stoll has been a lot of things. He was a teacher and a ham operator and appears on shows. And an engineer at a radio station. And he was an astronomer. But he's probably best known for being an accidental systems administrator at Lawrence Berkeley National Laboratory who setup a honeypot in 1986 and used that to catch a KGB hacker. It sounds like it could be a movie. And it was - on public television. Called “The KGB, the Computer, and Me.” And a book. Clifford Stoll was an astronomer who stayed on as a systems administrator when a grant he was working on as an astronomer ran out. Many in IT came to the industry accidentally. Especially in the 80s and 90s. Now accountants are meticulous. The monthly accounting report at the lab had never had any discrepancies. So when the lab had a 75 cent accounting error, his manager Dave Cleveland had Stoll go digging into the system to figure out what happened. And yet what he found was far more than the missing 75 cents. This was an error of time sharing systems. And the lab leased out compute time at $300 per hour. Everyone who had accessed the system had an account number to bill time to. Well, everyone except a user named hunter. They disabled the user and then got an email that one of their computers tried to break into a computer elsewhere. This is just a couple years after the movie War Games had been released. So of course this was something fun to dig your teeth into. Stoll combed through the logs and found the account that attempted to break into the computers in Maryland was a local professor named Joe Sventek, now at the University of Oregon. One who it was doubtful made the attempt because he was out town at the time. So Stoll set his computer to beep when someone logged in so he could set a trap for the person using the professors account. Every time someone connected a teletype session, or tty, Stoll checked the machine. Until Sventek connected and with that, he went to see the networking team who confirmed the connection wasn't a local terminal but had come in through one of the 50 modems through a dial-up session. There wasn't much in the form of caller ID. So Stoll had to connect a printer to each of the modems - that gave him the ability to print every command the user ran. A system had been compromised and this user was able to sudo, or elevate their privileges. UNIX System V had been released 3 years earlier and suddenly labs around the world were all running similar operating systems on their mainframes. Someone with a working knowledge of Unix internals could figure out how to do all kinds of things. Like add a program to routine housecleaning items that elevated their privileges. They could also get into the passwd file that at the time housed all the passwords and delete those that were encrypted, thus granting access without a password. And they even went so far as to come up with dictionary brute force attacks similar to a modern rainbow table to figure out passwords so they wouldn't get locked out when the user whose password was deleted called in to reset it again. Being root allowed someone to delete the shell history and given that all the labs and universities were charging time, remove any record they'd been there from the call accounting systems. So Stoll wired a pager into the system so he could run up to the lab any time the hacker connected. Turns out the hacker was using the network to move laterally into other systems, including going from what was ARPANET at the time to military systems on Milnet. The hacker used default credentials for systems and leave accounts behind so he could get back in later. Jaeger means hunter in German and those were both accounts used. So maybe they were looking for a German. Tymenet and Pacbell got involved and once they got a warrant they were able to get the phone number of the person connecting to the system. Only problem is the warrant was just for California. Stoll scanned the packet delays and determined the hacker was coming in from overseas. The hacker had come in through Mitre Corporation. After Mitre disabled the connection the hacker slipped up and came in through International Telephone and Telegraph. Now they knew he was not in the US. In fact, he was in West Germany. At the time, Germany was still divided by the Berlin Wall and was a pretty mature spot for espionage. They confirmed the accounts were indicating they were dealing with a German. Once they had the call traced to Germany they needed to keep the hacker online for an hour to trace the actual phone number because the facilities there still used mechanical switching mechanisms to connect calls. So that's where the honeypot comes into play. Stoll's girlfriend came up with the idea to make up a bunch of fake government data and host it on the system. Boom. It worked, the hacker stayed on for over an hour and they traced the number. Along the way, this hippy-esque Cliff Stoll had worked with “the Man.” Looking through the logs, the hacker was accessing information about missile systems, military secrets, members of the CIA. There was so much on these systems. So Stoll called some of the people at the CIA. The FBI and NSA were also involved and before long, German authorities arrested the hacker. Markus Hess, whose handle was Urmel, was a German hacker who we now think broke into over 400 military computers in the 80s. It wasn't just one person though. Dirk-Otto Brezinski, or DOB, Hans Hübner, or Pengo, and Karl Koch, or Pengo were also involved. And not only had they stolen secrets, but they'd sold them to The KGB using Peter Carl as a handler. Back in 1985, Koch was part of a small group of hackers who founded the Computer-Stammtisch in Hanover. That later became the Hanover chapter of the Chaos Computer Club. Hübner and Koch confessed, which gave them espionage amnesty - important in a place with so much of that going around in the 70s and 80s. He would be found burned by gasoline to death and while it was reported a suicide, that has very much been disputed - especially given that it happened shortly before the trials. DOB and Urmel received a couple years of probation for their part in the espionage, likely less of a sentence given that the investigations took time and the Berlin Wall came down the year they were sentenced. Hübner's story and interrogation is covered in a book called Cyberpunk - which tells the same story from the side of the hackers. This includes passing into East Germany with magnetic tapes, working with handlers, sex, drugs, and hacker-esque rock and roll. I think I initially read the books a decade apart but would strongly recommend reading Part II of it either immediately before or after The Cukoo's Egg. It's interesting how a bunch of kids just having fun can become something far more. Similar stories were happening all over the world - another book called The Hacker Crackdown tells of many, many of these stories. Real cyberpunk stories told by one of the great cyberpunk authors. And it continues through to the modern era, except with much larger stakes than ever. Gorbachev may have worked to dismantle some of the more dangerous aspects of these security apparatuses, but Putin has certainly worked hard to build them up. Russian-sponsored and other state-sponsored rings of hackers continue to probe the Internet, delving into every little possible hole they can find. China hacks Google in 2009, Iran hits casinos, the US hits Iranian systems to disable centrifuges, and the list goes on. You see, these kids were stealing secrets - but after the Morris Worm brought the Internet to its knees in 1988, we started to realize how powerful the networks were becoming. But it all started with 75 cents. Because when it comes to security, there's no amount or event too small to look into.

Field Day Debrief and EmComm Software with Gaston Gonzalez KT1RUN. Our Website - http://www.hamradioworkbench.com/ Follow us on Twitter -  https://twitter.com/hamworkbench Contact us -  http://hamradioworkbench.com/contact Connect with us on Facebook - https://www.facebook.com/groups/hamradioworkbench/ BrandMeister Talkgroup 31075 - https://hose.brandmeister.network/group/31075/ QSO TODAY Ham Radio Expo August 14th and 15th - https://www.qsotodayhamexpo.com/ HRWB will host a live event Friday the 13th night starting at 6 PM PDT George will present the trailer build project Mark will present on Measuring 1:1 Balun/Common Mode Choke Designs With A NanoVNA Vince will present on Disaster Communications and Leadership imperatives Mike will present a spin-off on “death of the RS-232 port” Anyone else? **Digilent  Coupon Code HamRadioWorkbench2021 **Available at digilent Ham Radio Workbench will participate in the QSO Today Virtual Ham Expo August 14th and 15th Booth + conference tables to meet and chat https://www.qsotodayhamexpo.com/ Segment 1 - What's on your workbench Gaston Raspberry Pi 3B+ CPU cooling: case evaluation and software/hardware optimization What: Looking for perfect RPi 3B+ field case for a software project Why: Sonoran Desert & field operations How: Added CPU temperature telemetry (app + cron job) + journal/graphs Baseline: CanaKit Raspberry Pi 3 B+ (B Plus) with Premium Clear Case and 2.5A Power Supply iUniker Raspberry Pi 3 B+ Case, Raspberry Pi Fan ABS Case with Cooling Fan Unistorm Raspberry Pi 3 Model B+ Aluminum Case with Dual Cooling Fan Metal Shell Black Enclosure Flirc Raspberry Pi 3B Case (not yet tested) Pi 4 testing TBD with Argon ONE V2 Raspberry Pi 4 Case with Cooling Fan  Cases: Findings: active vs passive cooling Mark Looking at M17 again. They've come a LONG way since I started the protocol spec doc a year or so ago.  Provided a couple minor updates in a pull-request, mostly around Crypto protocols.  I have a couple MD380s that I intend to use for M17 hacking. Haven't done anything yet though. Another Field Day, another single episode working on my Contest Station Audio Interface Thingamajig. Debating between two designs: Single unified device, one board with all cables going in and out, all mixer controls in a single place. Distributed devices, with an RJ-45 bus connecting them. Puts controls nearer to the operators/radios, but is more complex.  Allows for further expansion. Playing a bit with my shiny new toy: Flex6400. Book recommendation: The Cuckoo's Egg, Cliff Stoll, K7TA. Not ham radio related, but I suspect will be of interest to hams. (AWESOME BOOK - RH) Rod Partial Tear down of my Covid Office / Ham shack to install a new (to me)  50 inch LG Digital sign (Like you see at Malls)  to run the GeoCron and also as an information radiator. Got this on an online auction. Live feed of data. LG Model 49SM5KE-BJ Studio A: Two 31 inch curved monitors at eye level - plus Macbook in centre Radios to the right (controlled by PC plus VFO Audio podcast gear to the Left (Rodecaster, etc) Below Monitors Studio B: (Spin around - a U shaped desk) Work related Hardware / tools plus Video Editing Ergonomics - Credit to Foundations of Amateur Radio Podcast - Onno (VK6FLAB) ‎Foundations of Amateur Radio on Apple Podcasts For the Ergonomics discussion Still working on a talk on the  future of all this Zoom fun “After” Covid?  Covid forced content back into prominence - How do we keep “Content” as king? George Maiden voyage of the radio trailer Presentation at the QSO Today virtual ham radio expo Playing with the ESP32 WiFi LoRa Arduino module Shipped out a pile of PackTenna trekmount antennas … thanks to Gaston New RigExpert AA-650 analyzer Tram 2m/UHF yagi $99 not bad Michael Operating -- conditions on 6M for the last 10 days have been amazing for us in VE3 land.   I have a Morseduino to build Improving power control to the rotator controller and Steppir controller installed at the base of the Tower - I have LAN at the tower base so a KMTronic switch mounted there now AT100 tuner kit for the IC-705 Vince W8BH.net Morse Tutor Kits update Next round parts have been ordered, now we wait Send email to Vince - ve6lk [at] rac [dot] ca The original project source is http://w8bh.net  PA0RDT mini-whip waiting on parts McHF repair waiting on parts KD2C Panadapter tap will, one day, go into my go-kit FT-857D Prepping for QSO Today conference UHF packet station project started Every SMC job … https://twitter.com/VE6LK/status/1411515481907859459     Segment 2 - Field Day Debrief George Trailer was great ! Best features Screen doors ! External powerfilm solar panels and DC extension cords SOK battery - $570 for 100 Ah vs Battleborn $949 for 100 Ah https://www.youtube.com/watch?v=RxMIs0PXrBw https://www.youtube.com/watch?v=RjpkI8quyzQ&t=534s Carbon fiber masts - Gigaparts Flex 6400 + Maestro   Vince Socially Distant FD a success! Visitors from all over North America via Zoom Local Deputy Mayor and Fire Chief in attendance Adult beverage delivery actually happened! Aim high when you ask club members to contribute! http://field-day.arrl.org/fdentriesrcvd.php to check on entries Gaston - https://www.youtube.com/watch?v=uUoEuaQ_l2Q Location: Tonto National Forest - evening/overnight operation X-factor: heat Man portable: 58.5 lb pack including 8L of water (17.5 lbs) Conditions: 101- 85 degrees (F) Did not participate in FD activities Gear:  PackTenna Linked Dipole: 20m/40m (80m not used) PackTenna TrekMount with Comet BNC-24 antennas for 2m SSB FT-818 with ARMOLOQ TPA pack frame, 4.5Ah LiFePO4, 20 watt Powerfilm solar panels, Buddipole PowerMini EmComm Tools testing successful: APRS text msg (SMSGTE), 40m Winlink status email, call lookup Mark N6EOF 2A Santa Barbara. 631 QSOs: 351 SSB, 94 Digital (FT4 and FT8), 186 CW. 100W so 2x multiplier.  1822 Total QSO points, 350 Bonus points. Final score: 2172 points! (but it's totally not a contest.) Had a great turn out! About 12 people total, 7 active hams who played with the radios at least a bit. Ran entirely on solar power, only spun up the generator for a couple minutes to make sure it worked, and show another person how (it's mod'd for Propane.)  2 stations, 100W both, using nothing but solar. I'm really proud of that. SSB station: FT-920, on an EFHW, cut for 40m (so resonates on 40/20/15/10m), but added a loading coil and stub to add 80m. It worked really well, but required more tuning at the radio than I anticipated. The loading coil was 13 turns of antenna wire around an FT140-43 (which should have been about 110uH, except that it totally isn't, it's 150uH, I should have done 11 turns… Oops…)  All the designs I've seen show a linear coil of antenna wire around a form, not a toroid. I'm wondering if the capacitive coupling of the toroid was different enough from the linear coil to affect tuning on 40m and above.  (The wrong inductance should have only negatively affected 80m, which definitely was tuned too low.) Used the feedline as a counterpoise, put a current choke 1:1 balun about 12 feet from the feedpoint: 13 turns of RG-8X around an FT240-43. You think wrapping magnet wire around toroids is a pain? CW/Digital station: Club member brought his Packtenna clipped dipole. Used it with his Flex6600 and Maestro. Worked a charm. 20m SSB was CHEEK BY JOWEL... Rod VA3ON  Teamed up with my friend (and Elmer) Peter West VE3HG to create a small scale field day for us and our two Padawans, Iuliya VE3UHA  and Dante VA3DNF. (4 total) Both teenagers licenced as Basic with Honours during the pandemic shutdown, but had yet to operate HF. Used the Oakville club call VE3HB. At the scenic “West Estate” we got a few antennas up (Dipoles, horizontal Endfed and verticals) 5 Watts on two Elecraft KX2 Stations (Commonality of rigs, preserved learning): Station A: CW  Station B: Phone and FT8 on the other New HRWB Logger appliance (with N1MM) - Avita Magus II [WT9M10C44] 10 Inches Intel Celeron 4GB RAM 64GB Storage Touch 2-in-1 Windows 10 Tablet PC Black     - rocked Conditions Phone was horrific on Saturday FT- not much better - could hear lots but nothing worked well CW great (as usual) To make CW workable we used a CW reader and keyer with preloaded exchanges and a keyboard. An approach I've not used before with rookies to shortened the learning curve. Emphasis on learning and getting the tempo. We may be seeing a lot more of these two as CW contesters - they were aggressive! Segment 3 - EmComm Software Project by Gaston KT1RUN What is the purpose? API and web app for field expedient digital communications platform that runs on RPi Offgid, mobile-first and 1-click digital operations Headless: eliminate need for VNC and/or external display/keyboard/mouse Lightweight: small footprint memory, CPU and disk => conserve power What does it do? Allows headless operation of various ham radio tools (Pat, YAAC,direwolf, etc.) on a RPi (everything runs on the Pi; the web browser is the interface) Streamlines mode switching: Winlink ARDOP, Winlink packet and APRS Streamines messaging for both Winlink and APRS through templating engine Offline callsign lookup - includes approx. distance calc based on GPS Status information: time (local/UTC, hostname, IP, CPU temp, GPS, grid square) Remote shutdown What did you use to develop it?  App and API decoupled Backend: (API) Java JDK 11 Spring Boot: DI, uber jar, systemd, oh my Lucene: IR library (search background) Custom YAAC plugin: Light-weight HTTP API (REST-like)   Frontend: (not my area) Prototype: Bootstrap and jQuery Prod: React.js: What is the project status?  Do you want people to try it out? Status: Prototype, field experimentation Limited beta tentatively schedule for fall 2021 First round: Operators with FT-817/818 or FT-857D (maybe FT-991A) Second round: Any all band, all mode radio (HF + 2m) RPi 3B+ Build and giveaway on the channel Weekly project updates: https://www.buymeacoffee.com/thetechprepper     Wrapup / Outro If people want to get in touch with you, what is the best way? Gaston Email: info@thetechprepper.com  YouTube: https://www.youtube.com/c/TheTechPrepper/videos EmComm Tools Project: https://www.buymeacoffee.com/thetechprepper Instagram: https://www.instagram.com/thetechprepper/ Twitter: @thetechprepper1 Mark Twitter @smittyhalibut Rod Twitter @VA3ON YouTube https://www.youtube.com/Cycle25 www.cycle25.ca Vince Twitter @VE6LK  Web www.VE6LK.com George DMR TG 31075 From all of us at the Ham Radio Workbench, 73. NOTES Reminder to Jeremy, post notes for HRWB132 onto web

Bryan Hurd, Vice President, Chief of Office, Aon Cyber Solutions (Stroz Friedberg) joined Grayson Brulte on The Road To Autonomy Podcast to discuss the current state of cybersecurity and why cyber intelligence is critically important for Governments and Publicly Traded Companies.The conversation begins with Bryan discussing the founding of the U.S. Navy's First Cyber-Counterintelligence Program at Naval Criminal Investigative Service (NCIS). Expanding upon the founding of the program, Bryan goes onto discuss Cliff Stoll, “Hanover hackers” and nation-state cyber attacks.Then there is the emerging threat of the non-nation state of hackers which are having an impact on society.Popular culture makes it cool to be a hacker. – Bryan HurdGrayson asks Bryan what assets hackers are looking to steal and compromise. International organized crime is focused on ransomware and IP Theft, while nation-state hackers are focused on gathering intel and plans on how the military develops planes and sensitive military assets.The dwell times for these bad actors vary depending on the sophistication of the organization and what they are looking to achieve. At times international organized crime will gather all of the data they want, then lock the data and demand a ransom that is paid in crypto coin.Ransomware is a clear and present danger to the United States. – Bryan HurdWith ransom being paid in crypto coin, Grayson and Bryan go onto discuss the potential regulation of Bitcoin and the impact it would have on the market if a “know your customer” regulation would be put into place. Shifting the conversation to transportation, Bryan discusses the founding of the No Fly List and how it was developed using machine learning.As society beings to shift towards electric vehicles, Grayson asks Bryan why there is not a larger conversation taking place on how you secure the energy grid from a potential cyber attack. Securing the energy grid is critically important as millions of consumers begin to drive charge their electric vehicles.Securing intellectual property (IP) for large knowledge-based companies is also critical as the valuations of those companies are partly based on their IP portfolios. Using the Waymo vs. Uber lawsuit as an example, Grayson brings up Exhibit 22 from the trial as an example of why cyber intelligence and on-the-ground intelligence is critically important for companies developing new technologies.If your entire company's net worth is based on intellectual property (IP), a formula for a soft drink, a vaccine formulation, or intellectual property on how to make the next driverless automobile, then that is information that needs to be protected from an IT and tagging/data loss prevention and employee contracts for the level that is appropriate to your company. – Bryan HurdThis raises the question of how connected should the Board of Directors be to the industry of the company of the board that they are sitting on?Just the right bit of intel at the right time can either save you billions in research and development or get you there faster than the people who actually founded it. – Bryan HurdLooking at the current state of the world and events shaping the global economy, Grayson asks if bad actors are looking at the economic and supply-chain damage that the Ever Given container ship caused when it blocked the Suez Canal as an idea for a possible cyber attack. What if cyber terrorists could take control of container ships to cause economic harm globally?Bryan talks about the current state of cyber terrorism, what bad actors are targeting and what the response could look like in the future. As society becomes more and more connected, it will be inherently important for companies to build trust around their products and services.Trust is not only to the brand. It is to the uptick of any new technology or service. Spending a little bit more at the beginning to ensure that trust has a good foundation is going to be a more central discussion. – Bryan HurdWrapping up the conversation, Bryan discusses what we can do as a society to stay pro-active and why cyber intelligence will continue to be top of mind for Government, companies and individuals.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In this week's episode, Chris undertakes long-running background jobs that are performing duplicate work and adding significant load on the database. Steph shares her initial take of the book "Soul of a New Machine", a non-fiction account that chronicles the development of a mini-computer in the 1980s. They also dive into the question "how can teams turn a slow, hard to maintain test suite from a liability into an asset?" and touch on how to identify highly-functioning teams. This episode is brought to you by: ScoutAPM (https://scoutapm.com/bikeshed) - Give Scout a try for free today and Scout will donate $5 to the open source project of your choice when you deploy. HelloFresh (https://HelloFresh.com/bikeshed80) - Visit HelloFresh and use code bikeshed80 to get $80 off including free shipping. ExpressVPN (https://www.expressvpn.com/bikeshed) - Click through to can get an extra 3 months free on a one-year package. Sidekiq (https://github.com/mperham/sidekiq) The Soul of a New Machine by Tracy Kidder (https://www.tracykidder.com/the-soul-of-a-new-machine.html) Bike Shed Episode 236 - Featuring "The Cuckoo's Egg" by Cliff Stoll (https://www.bikeshed.fm/236) Hackers (https://en.wikipedia.org/wiki/Hackers_(film)) WarGames (https://en.wikipedia.org/wiki/WarGames) Labyrinth (https://en.wikipedia.org/wiki/Labyrinth_(1986_film)) Therapeutic Refactoring by Katrina Owen (https://youtu.be/KA9i5IGS-oU) Goodhart's law (https://en.wikipedia.org/wiki/Goodhart%27s_law) Drive by Daniel Pink (https://www.danpink.com/drive./) Become a Sponsor (https://thoughtbot.com/sponsorship) of The Bike Shed!

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick are joined by Information Security Analyst and author Chris Sanders. The team talk BBQ and Chris’s new book Intrusion Detection Honeypots: Detection through Deception. Resources from the podcast: -Read Rick's Blog Recap: www.digitalshadows.com/blog-and- research/discussing-deception-with-chris-sanders/ -Chris’s Book Intrusion Detection Honeypots: Detection through Deception: https://www.amazon.com/Intrusion-Detection-Honeypots- through-Deception-ebook/dp/B08GP8X86L -Rural Tech Fund: https://ruraltechfund.org/mission/ -The Cuckoo’s Egg Course: https://chrissanders.org/training/cuckoosegg/ -Chris's Website: https://chrissanders.org/ -Chris’s Twitter: https://twitter.com/chrissanders88 -Chris’s LinkedIn: https://www.linkedin.com/in/chrissanders88/ -Email Chris at chrissanders.org Additional Links: -SANS CTI Summit Keynote Cliff Stoll: https://www.youtube.com/watch? v=1h7rLHNXio8 -The Cuckoo’s Egg by Cliff Stoll: https://www.amazon.com/Cuckoos-Egg- Tracking-Computer-Espionage/dp/1416507787

On this week's episode, Chris and Steph discuss recent challenges associated with upgrading React Router and uploading files to Amazon S3. Steph also shares her latest reading adventure in cybersecurity and Chris reflects on his time at thoughtbot, how his approach to web development has shifted over the past seven years, and what he plans to do next. The Cuckoo's Egg by Cliff Stoll (https://amzn.to/3aqoWJM) GNU (https://en.wikipedia.org/wiki/GNU) UNIX (https://en.wikipedia.org/wiki/Unix) POSIX (https://en.wikipedia.org/wiki/POSIX) PAX (https://www.paxsite.com/) React Router (https://github.com/ReactTraining/react-router) Enzyme (https://github.com/enzymejs/enzyme) React Testing Library (https://github.com/testing-library/react-testing-library) Amazon S3 (https://aws.amazon.com/s3/) FTP (https://en.wikipedia.org/wiki/File_Transfer_Protocol) Inertia.js (https://inertiajs.com/) New Pepperjuice Track! (https://soundcloud.com/encorebroderskab/bomlowpromo/s-bty8u) *Correction - The Cuckoo's Egg helped pioneer cybersecurity techniques

Es un gran honor poder platicar con Cliff en la cocina de su casa, donde incluso se nos olvidaba la existencia del micrófono para grabar este podcast. Mucho que reflexionar y aprender de este gran personaje icono del medio forense digital.

In 1986, Cliff Stoll's boss at Lawrence Berkeley National Labs tasked him with getting to the bottom of a 75-cent accounting discrepancy in the lab's computer network, which was rented out to remote users by the minute. Stoll, 36, investigated the source of that minuscule anomaly, pulling on it like a loose thread until it led to a shocking culprit: a hacker in the system.

This episode, we survey the history of cyberwarfare — from the ascent of China-linked hackers this century to the arrest of a Soviet-linked hacker 30 years ago, and a lot in between. Find a transcript of this episode, along with a table of 50 key events in the history of the domain, here: https://www.defenseone.com/ideas/2019/07/ep-50-cyberwarfare-yesterday/158750/ Find the full C-Span interview with Cliff Stoll in 1989, here: http://www.booknotes.org/Watch/10122-1/Clifford-Stoll

Computer hackers, Klein bottles and searching for a lost teacher - Cliff Stoll is a man with stories to tell. Cliff's Klein bottle website The man with 1000 Klein bottles under this house Cliff Stoll videos on Numberphile The Cuckoo's Egg by Cliff Stoll Silicon Snake Oil by Cliff Stoll Boing Boing article about Cliff's predictions With thanks to MSRI Meyer Sound Also check out Numberphile on Patreon Numberphile T-Shirts and stuff

Mark Leonard speaks with Andrew Wilson, Kadri Liik and Nicu Popescu about the Kerch Strait ship capture, what this means and how the international community could react to the latest tensions. The podcast was recorded on 26 November 2018. Bookshelf: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll http://www.simonandschuster.com/books/The-Cuckoos-Egg/Cliff-Stoll/9781416507789 Why doctors hate their computers by Atul Gawande https://www.newyorker.com/magazine/2018/11/12/why-doctors-hate-their-computers Cyberwar: How Russian Hackers and Trolls Helped Elect a President - What We Don't, Can't, and Do Know by Kathleen Hall Jamieson https://global.oup.com/academic/product/cyberwar-9780190915810?cc=gb&lang=en& Network Propaganda - Manipulation, Disinformation, and Radicalization in American Politics by Yochai Benkler, Robert Faris, and Hal Roberts https://global.oup.com/academic/product/network-propaganda-9780190923631?cc=gb&lang=en& Distant love by Ulrich Beck and Elisabeth Beck-Gernsheim https://www.wiley.com/en-us/Distant+Love-p-9780745661803 Picture credit: Vladimir Putin at celebrating the 70th anniversary of D-Day by Kremlin.ru, available via https://commons.wikimedia.org/wiki/File:Vladimir_Putin_at_celebrating_the_70th_anniversary_of_D-Day_(2014-06-06;_06).jpeg, CC BY 3.0 https://creativecommons.org/licenses/by/3.0

Well Rick, thanks for joining us. Just introduce yourself.My name is Rick Moy. I'm the chief marketing officer at a company called Acalvio Technologies. We are a Deception 2.0 company. We are creating a distributed deception platform that brings automated deceptions at scale and authenticity to organizations of any size. The goals is to make it easy to manage, deploy, and implement deception strategies in the network in order to do a better job of detecting attackers who have gotten past the prevention that is deployed on the perimeter and on the endpoints. Yeah. Such a great background and experience and fit for some of the conversations that we've been having. We're seeing the realization in the market that static systems aren't secure, they're just not. If an attacker can see what you're doing, they're going to be able to penetrate it.I know you guys have been around a while. Walk through where Deception and changes have happened. What that history looks like.Yeah. Well, so first of all, to set the context like I talked about in my talk this morning, deception has been around for a long time. It exists in nature. You have the Venus Flytrap, the angler fish, you think of those fun things. So, nature's got them. We've used deception in warfare, kinetically, so military use smokescreens, false retreats, fake units, right, during D-Day, we created some inflatable tanks to fool the Germans.In cyber, it really started around 1989 with the German attacker who was breaking into Lawrence Livermore. A guy named Cliff Stoll is one of the first documented deception campaigns, where he actually created fake systems, fake files, and even fake departments logically in the company, and a fake secretary who he gave an account on the system in order to mislead the attacker. So, deception is part of our world, whether we realize it or not.Attackers use deception against us in phishing campaigns, in malware, polymorphic malware. We use deception to sinkhole botnets. We use it to gather threat intelligence externally. The field of honeypots, which most people think about, has been around for 20 years, and that's great. A lot of open source, community level projects. It solves a certain problem, but the change we've noticed over the last few years is that making those enterprise ready, right. What does that mean? No one has time to manage another platform. It takes time to figure out well what kind of campaign do I want to run. There's some manual effort required.The new phase of deception, we call Deception 2.0 has a couple key principals. It's got to be manageable. It's got to be automated. It's got to be authentic. It's got to interoperate with your existing infrastructure fabric. All those things have to be true. That's really only become viable within the last 12, 18 months I would say. There's a lot of Deception offerings that I call more point products. They solve a specific part of the problem, but they aren't as fluid and dynamic as the modern enterprise would like. Keep in mind, developers have been talking about Devops for five years or so now, so that's really become part of the mantra within the CIOs organization. We've gotta be Agile. We've got to adapt to a digital transformation, that's still ongoing.Yeah. You brought up so many good things there. I think that pain point that you talk about where you're already seeing 10,000 threats a day, maybe a million incidents a day, and if you were going to create another system where you're going to create even more incidents. You already are overwhelmed. The idea of how do I handle more when I'm already drinking from the fire hose. How do you guys, both your own technology but what do you see in the market in terms of that filtering, that understanding what is noise on the network and what is the really high-risk elements.That's perfect, right. It's true. There's organizations I've worked with that get millions of alerts a day. That's exactly the problem with the prevention or traditional detection type of technology. Where deception comes in is really a great blessing for the organizations. It's a totally different philosophy.With prevention you're trying to find the bad guy hiding in the crowd. With deception, you've set out fake assets, decoys that will attract them. By definition, anyone whose interacting with that decoy is not following business process. If they're an employee, they're not following the business process. If they're an attacker, they're looking for some data to either steal or ransom back to you. “Deception 2.0 has a couple key principals. It’s got to be manageable. It’s got to be automated. It’s got to be authentic. It’s got to interoperate with your existing infrastructure fabric. ” — Rick Moy The definition of deception is it gives you high-fidelity alerts, so a very small number of them because, in general, they don't occur very often. They're designed specifically to detect lateral movement. Someone who has gotten a foothold on a workstation or a server inside an organization is now trying to pivot and find some of that important treasure to, again, steal or ransom back to you. By doing that, trying to figure out what machines are next to me, what services are in the environment, how do I connect to them ... all those activities could potentially reveal their existence if they connect to them. That's where we come in. Deception's a great compliment to a very noisy existing infrastructure that most organizations already have set up. These two things can be complimentary and used together.Yeah. When you think about when you're creating a network and, essentially, trying to replicate something that looks like your existing environment and putting assets there. How do you do that in a way that's efficient, easy, and that also is believable to an attacker. In many cases, sadly, a lot of organizations don't even know what their network looks like and what's on it. How do you stand one up that's an image of it, a copy of it, that's real ... at least real enough to an attacker?That's a great question. That's exactly one of the shortcomings of the previous generations of honeypot technologies. Modern approaches will allow admins and organizations to use gold images.You can take systems that are actually deployed, dirty images. We call them gold, but a lot of them call them their copper or pewter or their fairly tarnished. They're not necessarily a precious thing. That's exactly what you want. You want to replicate and mimic the actual systems in your environment. If it's too clean, it's going to be suspicious. If it's too locked down, it's probably not going to be a good lure for an attacker. It needs to have the same kinds of flaws that your other systems have.Not to get too technical because we have an audience that spans the range from security professionals to individuals who are tangentially involved, but can you dig in a little bit to one layer deeper in terms of how you do that? Is that done through virtual machines? What's the way you deploy a network?To be honest, there are some that are out of the box that are just standard. There's a whole matrix of different types of deceptions you can deploy. Out of the box, you would get some basic things like SMB file shares, certain Windows operating versions, Windows 7, Windows 8, and Windows 10, Server 2012, etc. Those generally we provide. Others can be virtualized or containerized. We call it in our lingo, "service reflection." The process of wrapping an image that's already in production and then mimicking its existence on different VLANs. We have technology that really simplifies that. It's all about making it easy for an organization to roll out a deception campaign.So you're deploying stuff both on prem as well as in the cloud? How is the deployment typically? “There’s a certain investigative, James Bond nature to it ... what’s going on, who’s inside the castle walls, what information do I have, how can we lay some traps to have that person reveal themselves. ” — Rick Moy Acalvio is a cloud first company. Everything we design is meant for organizations who are going to be moving to the cloud or deploying from the cloud. That same engineering discipline allows us to deploy cloud-ready apps on premises in a very efficient DevOps manner. We've done the design for the hard stuff first, but are also deployable on prem.Where are things going? What's new? What do you think people should be really excited and trying out in this phase? What's cutting edge in deception right now?Cutting edge, I'd have to say it's probably the boring part of just making it operational. A couple of years ago, cutting edge was putting up a lone honeypot on the outside of your network and getting external threat intelligence. Well, that's something that a lot of people know. If you put something on the outside of your network, within about 5 minutes, you're going to start getting attacked, right?What's really critically important to the organization, as well as kind of fun I think and so maybe this is the definition of cutting edge, is finding the bad guys who are already inside your network. There's a certain investigative, James Bond nature to it ... what's going on, who's inside the castle walls, what information do I have, how can we lay some traps to have that person reveal themselves. You get into this detective mode, and you start to think well what tools do I have to do that. There really isn't anything more exciting in my mind than the deception arsenal of tools that you have.The honeypot is your actual server, you can put services out there that maybe just like a FTP service, which was used, for example, in the Sony hack. File sharing ... you can put fake spreadsheets out there. You can have false, misleading data in database servers that would, if that data was ever used in public you would know that you had been breached. There's really creative ways that you can think about marking content that if it's touched or used somewhere else will be an indicator. It really forces you, as the security guy, to think a little more holistically about what business are we in. Are we in healthcare ... is it patient records? Are we financial services ... is it bank account information? Are we a R & D shop designing semiconductors, so then it may be IP around a particular laser etching technology or layout of a microprocessor. I would want to have different strategies around each of those. That's what's interesting, and frankly invigorating, for a security person who maybe last week their top priority was applying a patch or responding to some malware on Jane's computer. Now he gets to think more strategically about the business and the threats that it faces. It's something that's typically reserved for the C-level suite, but in reality it's the people who are hands-on that have to implement that. I think it's a great opportunity from many perspectives.Sounds very cool. As people are thinking about adding deception to their strategies, what would you say is the best way to climb the curve, to educate themselves? Are there some resources out there? Are there some books they should check out? What sort of way to get involved there?Actually it's a great question. It's almost a setup. We actually have a couple of books that we've written.Cool.You can go on Amazon. There's a couple historical books you can look at. The Cuckoo's Egg is one. Kevin Mitnick has written a book about deception.We have two free books. One's a Dummies book, Deception for Dummies. It's a very short read. It's actually quite entertaining.You don't have to be a dummy. It does a really good job of explaining it. Then we have an advanced field guide for the advanced practitioner whose had more experience with some honeypot technologies.Awesome. Thanks for taking the time. This is your opportunity if you've got a soap box ... what would you like the community to know if you had 30 seconds, a minute, to say, "Gosh, you know you really need to be thinking about this." I would encourage the community to recognize that deception is all around us. We use it every day, and it's used against us every day, whether it's in advertising, social relationships, and in cyber it's used. Let’s use deception to change the dynamics. The attackers are using automation and forcing us to do manual review of the problems they've created. Deception is the only platform that allows us to lie back to the attacker and change that dynamic and make them do some work.From that perspective, when you look at the technologies at your disposal ... huge points for that. When you also consider that it's lower cost to deploy than a number of other technologies and more effective and lower noise, there's a lot of reasons to look at it. I'd encourage people to have an open mind and to read up on what Gartner says is the number three of the top technologies for the next year.Yeah. Awesome. This is great. Thanks so much.Thanks for the time. 

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Chris-Sistrunk-NSM-101-for-ICS.pdf NSM 101 for ICS Chris Sistrunk Sr. ICS Security Consultant, FireEye Is your ICS breached? Are you sure? How do you know? The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available. In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation will show how NSM should be part of ICS defense and response strategy, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS security program. Free tools such as Security Onion, Snort IDS, Bro IDS, NetworkMiner, and Wireshark will be used to look at the ICS environment for anomalies. It will be helpful if attendees have read these books (but they aren't required): The Cuckoo's Egg by Cliff Stoll, The Practice of Network Security Monitoring by Richard Bejtlich, and Applied Network Security Monitoring by Chris Sanders and Jason Smith. Chris Sistrunk is a Senior Consultant at Mandiant, focusing on cyber security for industrial control systems (ICS) and critical infrastructure. Prior to joining Mandiant, Chris was a Senior Engineer at Entergy (over 11 years) where he was the Subject Matter Expert (SME) for SCADA systems. He has 10 years of experience in SCADA systems with tasks such as standards development, system design, database configuration, testing, commissioning, troubleshooting, and training. He was the co-overseer of the SCADA, relay, and cyber security labs at Entergy for 6 years. Chris has been working with Adam Crain of Automatak on Project Robus, an ICS protocol fuzzing project that has found and helped fix many implementation vulnerabilities in DNP3, Modbus, and Telegyr 8979. Chris helped organize the first ICS Village, which debuted at DEF CON 22. He is a Senior Member of IEEE, Mississippi Infragard President, member of the DNP Users Group, and also is a registered PE in Louisiana. He holds a BS in Electrical Engineering and MS in Engineering and Technology Management from Louisiana Tech University. Chris also founded and organizes BSidesJackson, Mississippi's only cyber security conference. Twitter: @chrissistrunk https://www.facebook.com/chrissistrunk