Conference:  Defcon 31

Authors: Cory Doctorow

2023-08-01

The enshittification of the internet follows a predictable trajectory: first, platforms are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. It doesn't have to be this way. Enshittification occurs when companies gobble each other up in an orgy of mergers and acquisitions, reducing the internet to "five giant websites filled with screenshots of text from the other four" (credit to Tom Eastman!), which lets them endlessly tweak their back-ends to continue to shift value from users and business-customers to themselves. The government gets in on the act by banning tweaking by users - reverse-engineering, scraping, bots and other user-side self-help measures - leaving users helpless before the march of enshittification. We don't have to accept this! Disenshittifying the internet will require antitrust, limits on corporate tweaking - through privacy laws and other protections - and aggressive self-help measures from alternative app stores to ad blockers and beyond!

Conference:  Defcon 31

Authors: Katie Inns Security Consultant, WithSecure

2023-08-01

In recent years, the use of internet-connected devices has become more prevalent in the healthcare sector, particularly as a means to communicate patient data. Therefore, it is essential that security testing is carried out against these devices to identify misconfigurations that could cause a severe impact, such as the prescription of incorrect drugs. Modern healthcare protocols such as FHIR (Fast Healthcare Interoperability Resources) use the HTTP protocol to communicate, making security testing relatively straightforward. However, the use of older protocols such as HL7 (Health Level Seven) is more widespread across medical devices in the industry. These protocols are bespoke and difficult to read or intercept using current commercial and open-source security tooling, making testing of these devices challenging and cumbersome. To address this challenge, I have developed a tool (HL7Magic) to provide security testers with an easier method of intercepting and changing HL7 messages sent to and from medical devices. This tool was created for the purpose of being integrated into Burp Suite as an extension, although it can exist independently. After talking about how the HL7Magic was created, I will give a short demonstration using the tool for security research purpose or to identify existing CVE’s across your estate. HL7Magic will be open sourced and collaborations to improve it further will be welcomed.

Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Ameer Abbas, Steve McGhee

2023-04-20

The presentation discusses the importance of starting with archetypes when building resilient platforms and services, and the trade-offs between reliability and effort.

• Archetypes provide known good starting points for building resilient platforms and services
• Applications have multiple services and microservices should be used to degrade gracefully
• Resilient teams are necessary to build robust platforms that can handle risks
• There are trade-offs between reliability and effort, and exponential curves show the increasing effort required for higher levels of reliability

Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Christophe Jauffret

2023-04-19

Internet is everywhere, everything is connected to the Internet ... this is clearly the default assumption of almost any cloud native products and we can see it in a large majority of their documentation. In the real world of business, it is often extremely different. The Internet is a resource that has to be earned and accessing it can sometimes become complicated. Firewall, Proxy, DMZ, ACL , limited bandwidth... are all constraints that will get in your way and prevent you from reaching your goal. During this session, we will go through the most typical infrastructure that can be found in companies, and we will see what it is possible to put in place in terms of tooling to simplify life to the maximum. Container Runtime, Registry, Policy Management can be configured and adapted to work best in these particular situations. Many precise examples will be given so that you can reproduce them on your own infrastructure.

Conference:  Transform X 2021

Authors: Jerry Yang

2021-10-07

In the early days of the internet, Jerry Yang co-founded Yahoo! And created an entirely new category of innovation. He then founded AME Cloud Ventures, a venture innovation firm that invests in seed-stage to later-stage tech companies. He joins Scale AI CEO Alexandr Wang in a fireside chat to discuss the future of innovation in AI. What is critical or foundational for AI companies to get right to drive innovation and be successful? What strategies or initiatives should organizations be thinking about to become more data-focused? What are the most important things that we all can do today to enable a positive future of AI?