Profile cover photo
Profile photo
Corey Thuen
Hacker
Hacker
About
Corey's posts

Post has attachment
At S4xJapan in Tokyo I presented on a couple things, this post is about Havex. During the talk I am speaking slowly and plainly as the conference was being simultaneously translated into Japanese. Altering your speaking style to help translators is a good exercise that everyone should do. It forces you to be concise and use simple language.

There has already been some excellent articles/research published on the ICS relevant aspects to Havex. Regarded as the second major ICS malware, Havex garnered some media attention which prompted the need for more analysis, writeups, and talks like this.

Post has attachment
Bad FUD machine! Bad!

The reason the countries in question show up are related to two research projects:
Shodan - shodan.io 
Redpoint - https://github.com/digitalbond/Redpoint

http://www.digitalbond.com/blog/2014/03/26/redpoint-discover-enumerate-bacnet-devices/

Both projects have been fairly public but I can see how if you aren't familiar with the space you might not know. Regardless, firing off wild guesses to raise some FUD isn't helping anyone.

Post has attachment

Post has attachment
Hey all. We got a recording of the talk we gave on Post-Apocalyptic SCADA at DEFCON 22. It was the first year we had an ICS Village there and I think it went really well. It was interesting to talk ICS Security with a community of security experts who have no understanding of the industry. I'll probably write a longer post on that and on the setup itself. Thanks to all who helped.

Post has attachment
Here is the (amateur) recording of the Post-Apocalyptic SCADA talk given in the ICS Village for DEFCON 22.

Post has attachment

Post has attachment
#defcon ICS Village coming together. A lot if people doing a lot of work to make first ICS Village badass. #totallynotamethlab
Photo
Photo
8/7/14
2 Photos - View album

Post has shared content

Post has shared content
OK. If there is one video you watch this month, this should be it: it is 13 minutes of your life which will be well-spent. Because at the end of it, you will actually know what is going on with net neutrality, (or as he calls it, "preventing cable company fuckery") and exactly what the sleazy deals are behind it, but you will also be laughing your ass off, because John Oliver is hilarious.

Net neutrality is kind of amazing, because destroying it manages to screw over almost everyone.

Small companies get screwed over because they can't afford to pay off the cable companies to get access to their customers. Oh, you had an idea for a business using the Internet? Well, I hope your business plan includes a few million bucks to pay for your customers to be allowed to reach your site.

Big companies get screwed over because they're shaken down for (literally) billions of dollars by cable companies -- "That's a nice business you have there. Pity if someone were to make sure your customers could never reach you again" -- and that's assuming that the cable companies don't see them as competitors (if, say, they were doing something like streaming video...), at which point those companies could just shut them off outright.

People who use the Internet get screwed because the sites they want to connect to can't pay these extra fees, or are just being shut down outright by the cable companies. What, you wanted to watch a movie tonight? Sorry. Maybe you should have rented it from Comcast, instead, sucker!

In fact, nearly everyone in the entire country gets screwed over by this. So why, you ask, would the government be considering such a thing? 

Well. There is one group who doesn't get screwed over by it at all. Your friends and mine at Comcast, Time-Warner, Verizon, and AT&T. But don't worry; they have your best interests at heart. And the service guy will be there between 2 and 6. 

Really.

Honest.

Post has shared content
This sounds awfully familiar....
Zenimax is basically claiming that whatever Carmack learned during his tenure at Zenimax is their property. Carmack clarified, Zenimax owns any code he wrote, but not all of VR:

"No work I have ever done has been patented. Zenimax owns the code that I wrote, but they don't own VR."
https://twitter.com/ID_AA_Carmack/status/461918500307472384

Like school, a job is often a continuation of your education. We are always learning. Can a company really own a piece of a former employee's career path and development when they move onto another venture?
Wait while more posts are being loaded