Or "why you can't talk internals" as a sysadmin. Because, if your environment matters at all, some shithead will use it against you.

I stumbled upon this story by a number of lose relations. Without those I would never have made the connection.

Intro

I've been looking at configuration management systems, and their uses for end-to-end automation (not just doing a setting here and there) since the early 200x's. Back then, the most progressive movement was around the users of the tool named ISconf. 

Also, Morgan Stanley got hacked real bad in 2011. I'll show you how things went wrong.

2014 - come on, explain convergence

In 2014 I needed to do some more research on CFEngine to make a more understandable case where CFEngine's convergence approach shines, and where you're totally happy with something more "reckless" like ansible.

By chance I ended up where I started, a CFEngine blogpost had a comment from Luke Kanies, the author of Puppet.

He mentioned also having worked on ISConf. Later he moved on to CFEngine (2), found himself unhappy with the tool once again and started Puppet to finally do things right. As you probably know someone else later did find himself in the same situation with Puppet and created Chef.

2003 - Luke Kanies' ISConf history

http://www.isconf.org/version3/index.shtml

 

2008 - Luke Kanies and Puppet

some interesting references there:

 

 

http://news.oreilly.com/2008/08/luke-kanies-wants-to-modernize.html

1995 - the Aurora Paper

 

 

Read this paper at:

https://www.usenix.org/legacy/publications/library/proceedings/lisa95/full_papers/gittler.pdf

 

Now, someone went through the design specs of Aurora and started building their attack. They could've even rebuilt a similar management system inside their APT headquarters to exercise various attacks and determine their effectiveness, impact, visibility and collateral damage. With red/blue teams they could also find out how fast/slow they would be probably detected and rememedied (aka kicked out)

2011 - The hack

Press on the hack didn't have it all.

 

http://www.bloomberg.com/news/2011-02-28/morgan-stanley-network-hacked-in-same-china-based-attacks-that-hit-google.html