Primordial Fire

[Dave Aitel <dave.aitel () gmail com>]

I've moved to a part time contract with AppGate and I'm focused largely on
INFILTRATE now, which gives me some time to attend cyber policy briefings.
Most cyber policy briefings are the same 200 people, and they tend to be
held under Chatham House rules, which means they are not recorded and you
can't quote anyone directly. I'm not sure why, since getting someone in
Cyber Policy to say anything controversial is as impossible as getting them
to think about any kind of change that doesn't involve giving more money to
CISA, for some reason.

As part of prepping for INFILTRATE, like many of you, I've been attending a
suite of online security conferences, from SANS (Zoom+Slack), to Summercon
(Youtube), to Matt Suiche's OPCODE <https://www.opcde.com/opcdex/> (Youtube)
to today's ACM Program Analysis conference
<https://www.youtube.com/watch?v=81V2ifmW-4c> (Youtube), still going on !

That program analysis conference is AMAZING btw. The first talk, by Peter
O'Hearn <https://en.wikipedia.org/wiki/Peter_O%27Hearn> is on point, as he
starts off with some high level lessons learned trying to transfer his
academic work on static analysis into Facebook's efforts, then three
quarters of the way through dives like a pelican into the depths of
concurrency analytics theory. He talks about what worked and what didn't
work and how to scale.... and I dunno how to explain it. It's just a
nuclear sub of a talk, rising from the icy sea with advanced technology and
primordial fire.

INFILTRATE is not going to be a purely virtual conference. A lot of what
you do at a good conference is have conversations you can't have over a
Chinese teleconference system, sometimes with a beverage of choice. We're
going to have a hybrid conference - there's some amazing things about
virtual conferences but they're not everything, as I'm sure you're aware.

I've also had time to try to catch up with the exploit firehose. This bug
<https://github.com/guhe120/Windows-EoP/blob/master/CVE-2020-1281/CVE-2020-1281.pdf>
in particular - an integer overflow in Variant processing in the core
feature of Windows. That would have been an amazing 0day to have. Or maybe
not? It's hard to know without writing the exploit, looking at the target
space, testing a lot of things. Recently one of the people in a policy
conference asked "What is it that makes a government different anyways?"
And the answer, of course, is vertical integration. When you find an 0day,
it's hard to know anything about it other than it gets you a shell! And
there's so much to know - much of which you want to talk about over fried
alligator with music just loud enough to keep recording devices guessing.

-dave

_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org