I’m in the United Kingdom this week talking to some of Core’s customers and partners before attending Blackhat Europe. Since I got into London early on Sunday morning, I decided to take a bit of a field trip. In actuality, it could better be described as a pilgrimage. I visited Bletchley Park. At this unassuming place less than an hour train from London, math was weaponized.
Bletchley Park was the primary site where British industrialized codebreaking for the first time, and laid the groundwork for the digital computer systems that our entire civilization relies on. The work done at Blechley Park, the concepts and technologies that were imagined, were then made real in the Colossus, the first electronic, digital computer. Alan Turing, the man who formalized the mathematical and logical model that all non-quantum computers today are based around, walked upon these grounds. You don’t have to be a technology geek for that to be cool. Well, maybe you do. Due to the tremendous secrecy surrounding the activities at Bletchley Park, when World War 2 ended, the researchers, engineers, and mathematicians moved on to other work, and continued building on what they learned, but the innovative devices such as the ones they built we disassembled down to individual components and destroyed.
As were the plans and much of the documentation and the search to recall that information wasn’t started until an effort begun in the mid-1990s and was completed in 2007. Many of the tricks and techniques invented by the Bletchley Park crew were lost to time, and have eluded rediscovery. This saddens me to see found knowledge lost. Knowledge and discovery are part and parcel of pushing the limits. This is true of all of science and engineering. Information security is no exception. We push and poke and break things. We learn. We share. We help improve the community.
One of our Core values here at Core (pardon the pun) is embracing the spirit of servanthood. Our Vulnerability Research team and Core Labs publish innovative techniques and present at conferences worldwide on our research. We do this to give back to the security community that many of us grew up in, and because it helps inspire more innovative thinking. It is a privilege to do this. We’ve also been working with security focused regional events and user groups by providing guest presenters to address topics in security, ranging from GPS spoofing, to repeated pen-test vulnerabilities, and from getting started in hardware hacking to what pen-testers need to know about physical security. If you’re part of a group that would like a speaker, who can deliver a fun, educational, vendor neutral talk, let us know and we’ll see if we can’t work it out.
It’s been an honor to have spoken at 14 different events this year. I’m already looking forward to the visits we’ve already planned for next year. Lately, IoT security has been on my mind, a lot. I look at how much effort I’ve spent learning the do’s and don’t’s of researching vulnerabilities in embedded hardware, and I’m thinking that we need to find a way to make it easier to get more professionals involved in this space. It’s going to be top of mind as I’m attending the Blackhat Europe conference, and I’m looking forward to meeting up with like-minded thinkers and seeing if we can’t come up with something that will remedy the situation.