alissa

I'm finding very little results on the medical device hacking I was doing. I need some #infosec #advice for those who attend conferences.

Would you rather hear a talk about something tried, tested, and ultimately failed, or not?

Be brutal, Mastodon doesn't tell me which you pick:

Give it anyway
90.1%
No interest, scrap the talk
9.9%
Poll ended at .
Jan 16, 2023 at 8:47pmWeb
Show threadHelle, Queen of Dissociation Jan 16, 2023
@dnsprincess I will say that I am the odd one out on liking failure talks. But it is the same as research papers that end up going nowhere, we need more of them and we need to praise them more, without them we can't define what we do and do not know and can and cannot do.
Show threadSteve Ragan (SteveD3) Jan 16, 2023
@dnsprincess Give it anyway, success starts with failure.
Show threadKen '|<3ns41' 🌻 🫰🏻Jan 16, 2023
@SteveD3 @dnsprincess Security is a good thing. The fact that it has improved is noteworthy. Talk about the past problems in the area, the approach you took to assess the security with the results, and areas where others might continue to research? (e.g. fuzzing, hardware hacking, supply chain attacks) This is a great talk even without 0days.
Show threadTindraJan 16, 2023

@dnsprincess knowing what doesn’t work is *really* important.

It’s important that we make room for research that isn’t all “breakthroughs”

Show threadNathan C - 💡😈Jan 16, 2023
@dnsprincess I'm always more interested in the methodology, and hurdles tackled. End result is meh.
Show threadRob PomeroyJan 16, 2023
@ncc826 @dnsprincess I agree. A key learning for other professionals is how you proved what you proved. War stories are glittery, but everyone in the trenches knows that it's all about the grind. 😏 I bet your ideas and methods will inspire others. Everybody wins. 👍🏻
Show threadmkbJan 16, 2023
@dnsprincess Please do!
Show threadTransTechGirl Jan 16, 2023
@dnsprincess definitely give the talk anyway, there is benefit to be gained from seeing what others have tried and hasn't worked. Knowledge is knowledge.
Show threadMichiel PiscaerJan 16, 2023
@dnsprincess for me it is all about the message, lessen, knowledge and clue that brings the talk.
Show threaddemizeJan 16, 2023

@dnsprincess oh hell yeah

There’s a lot to be learned from failures, often more so than successes

Show threadSimeonJan 16, 2023
@dnsprincess A well explained failure might be just the foundation that the next person needs to succeed!
Show threadJeff (VE1OBI)Jan 16, 2023
@dnsprincess we need more talks about failures! Everyone talks about their big success but nobody goes into detail about how they didn't achieve their goals.
Show threadJ. R. DePriest    :EA DATA. SF:Jan 16, 2023
@dnsprincess to me, the process of figuring it out is the interesting part, even if the end result is "meh".
Show threadSteve Christey ColeyJan 16, 2023
@dnsprincess dooooo eeeeet. Hi, I've been supporting medical device security for ~8 years, though rarely my own research. (1) Your lessons learned will make others who tried (or try and fail) feel less alone. (2) There's probably a perception that medical devices are easily hackable, which is less likely to be true than 5 years ago. Your results could provide useful data here!
Show threadPuttering by foul tempestsJan 18, 2023
@dnsprincess you should for sure give the talk