The proliferation of devices that include computers in some form or another is on the rise. With the advent of the much heralded Internet-of-Things (IoT), the number of computerized devices will only become higher. And all of them will have to be maintained in some fashion. Maintained in a sense that we would like to install new features on them or upgrade them to fix existing problems in the currently running software. All of us using computers are aware of this maintenance and we (more or less) regularly patch our computers. However, extending this patching to other “non-standard” devices, such as appliances in our houses, may not be that easy. My previous post talked about the necessity to patch cars, and in this post we will examine what problems we may encounter along the way. Bear in mind that the previous post that focused on patching cars was just one example of the need for us to upgrade other devices. This discussion is applicable to many other devices we may have in or around our houses (e.g., smart gas meters, heating, air conditioning, etc.).
I rarely blog, and when I do it’s almost always about an event, rather than a person. This entry is an exception in no small part to draw attention to a seminal moment, and an illustrious career of someone who is finishing one chapter and about to start another.
On March 9, 2012, the United States Federal Bureau of Investigations (FBI) announced its top cybersecurity leader would retire at month’s end. Shawn Henry, the FBI’s Executive Assistant Director (EAD), has been at the forefront of the FBI’s response to cybersecurity crimes and investigations for the past several years, albeit his career at the FBI spans multiple decades and his responsibilities are broader than just cyber.
EAD Henry helped establish the National Cyber Investigative Joint Task Force (NCIJTF) to mitigate and disrupt cyber attacks threatening national security in the US as well as other countries. He was instrumental in restructuring the Bureau’s cyber strategy and investigative programs, and recognized that his work in the United States alone would not be enough. He and his team reached out to national law enforcement agencies in Amsterdam, Romania and Estonia to make the necessary differences in those regions.
I was fortunate to work with EAD Henry during my time as a commissioner on the CSIS Commission on Cybersecurity for the 44th Presidency, at the National Cybersecurity Forensics Training Alliance (NCFTA), as well as on strategies and discussions to determine how we can make the Internet safer for all users.
As a leader, EAD Henry was quick to credit his team and not ever seek credit for himself. He built a bench at the Bureau that will carry the hard work into tomorrow. His influence spanned the public-private and law enforcement communities in the US and abroad, even if the mission was challenging.
The sacrifices he and his family made during his tenure were non-trivial; we all owe him, his family, and the women and men at the Bureau a debt of gratitude for their hard work. His understanding of the threat landscape, his passion and accomplishments, and his commitment to making the world a safer place has made him a hero to me – and one that will be missed at the FBI. That’s ok, though. He leaves a great team in place to take their next step, and he will be in the private sector still fighting the good fight, just from a different angle. And that’s good, because we need him to.
This is an update to the original video/blog post Cisco Ironport Web Security Appliance Deployment on the Cisco Security Incident Response Team (CSIRT) deployment of the Web Security Appliance.
We have completed the global deployment at Cisco and wanted to share some experiences and feedback via the following video:
I recently began working on a toolset to aid with analyzing binary protocols and I decided to use it as an exercise to get more familiar with the Immunity Debugger. I have been using Windbg for a while now, however, I was constantly reading articles discussing how great Immunity Debugger is for exploit development and I had been meaning to take the time to become more familiar with it.
Actually, I did it on Saturday afternoon, that way I had time to test the patch and roll it back if necessary and still have the car ready for Monday.
So… when do you patch your car? Interesting, albeit fictitious, conversation that will relatively soon become reality. New cars are sophisticated artifacts. They look nice and enable you to travel from point A to point B in great comfort (well, most of them), and they are packed with electronics. Inside the car there are multiple processors and computers executing hundreds of thousands of lines of code to ensure your safe journey. The programmers who wrote that code are as equally adept as the ones writing modern operating systems and applications – which means that there are some errors in the algorithms that monitor and maintain many aspects of your car, and in their implementation.