Hello my fellow cyberscouts, I have plenty of news to share with you and I need your help today!
Warning: there are some words in this email, but I promise it's a VERY short one. Strings are everywhere my dude/dudette.
- I am changing domains soon, going back to an oldie of mine: quasarops.com. So if you receive the next Tales of a Cyberscout newsletter from quasarops.com, rest assured that it is none other than your humble servant here doing it with full intention.
- If you are getting this email, you are one of the 143 subscribers in the Tales of a Cyberscout. I am proud of my number of subscribers, not because of how this number stacks against popular folks out there, but because I know I am writing for a select few who actually find my writing meaningful. It sucks to compare yourself against other people using these kinds of quantitative metrics, everybody is on a different journey and that's what matters. At the end of the day, I am not running a popularity contest, I just want to create meaningful interactions through my writing. My writing is more than that though, as Henrik Karlsson would put it, it is a very long and complex search query to find fascinating people and create new connections that didn't exist before. That's what this is about.
- On the above, I suck at promoting my research and selling myself out there, I don't follow SEO best guidelines, I don't "post" regularly, I don't do Instagram, Tik-Tok, etc. If I don't have something meaningful to say, why say anything at all? Above all, I value my time for deep connection with the people that give meaning to my life. My writing is a way to share meaning with you on the other side.
- Do you want to talk to me? Do you have ideas you want to throw at this convoluted network of neuronal pathways I call a brain? Do you need advice on anything cyber-related that will help you trigger meaningful progress in your area or career? Well if that is you, I am offering my time for free to connect with my readers. That's how much I appreciate people who appreciate me. Because this is free, I can only do so much and my availability will be very limited, but it is there. Simply go to my personal calendar page here and book a slot 😸
- Are you interested in joining my Active Cyber Defence Community in Discord? Look I'm not going to lie: it's still VERY early days over there. You can expect to have potential interesting chats with me and other people in the community and I will be streaming there soon-ish, talking about all things threat hunting, cyber deception, threat intelligence and detection engineering. Keen? I will soon share details, reach out if you want to talk about things you would expect from a community like this. Not keen? not a problem at all!
- Do you want to write with me in the Tales of a Cyberscout? Get in touch! I get bored of just reading my own words. We need a multiplicity of voices to increase discoverability of great ideas.
A lovely couple of weeks?
It's been around two weeks since a curious PostgreSQL developer from Microsoft saved OpenSSH around the planet from being backdoored by APT-level malware. Thousands of incident responders are probably thanking him.
How on earth were we saved from this one? You need to thank two things: curiosity and antifragile systems. We tend to underestimate the value of curiosity, and we tend to overestimate the value of calculative rationality with predictable risk management results. What happens when you cannot reliably mitigate social engineering threats? You cannot tell C-Suite execs out there to "embrace randomness". Well, what do you think you are doing when you talk about "unknown unknowns"? You cannot systematize, formalize, and program randomness. By its own definition an "unknown unknown" is something you absolutely without a shadow of a doubt cannot predict and risk manage. Perhaps we need to revisit this commonplace vocabulary we use to describe things in the cyber world. I've written about this extensively in the past.
There remains a thread that leads to an interesting pattern though: to fight back in our current perilous times is to remain deeply curious about the transient states of the world, just like Andreas was, doing benchmarking work and getting curious about the slightly higher-than-normal CPU usage of sshd. Yeah, that is it guys.
I have words a plenty to share about the XZ Utils backdoor but there are some more pressing matters. This email is to let you know that I haven't forgotten about you on the other side of this envelope for thoughts mounted on top of an SMTP protocol bike.
Next week I plan to release the first part of the Research concepts of R1D3 framework, something I've briefly mentioned in my last long post.
Until then, stay tuned and have a great week!
