[SecurityRatty] tag: techno

Links List 10.31.08

Fri, 31 Oct 2008 18:10:53 +0000

Happy Halloween!

What an interesting time to hold a technology conference. The DLA Piper Global Technology Leaders Summit last week brought together CXOs from Amazon, Walmart.com, Stanford, Safeway, Microsoft, Sun, Cisco and others to discuss the state of IT in general and how the economy is impacting it. Some highlights:

“Cloud computing for large enterprises is a dead duck, in the opinion of several venture capital firms.”

“The current slowdown in the U.S. macroeconomy is definitely going to hurt the IT industry, as it will most of the nation’s businesses, for at least the next year and most likely into the next two years.”

NetApp cancelled its first user conference slated for 2009 citing economy-driven restrictions on business travel.

We recently wrote about the possible upside for MSPs in this economic downtown. A survey from EquaTerra of more than 200 outsourcing service suppliers announced that “more than 40 percent of those polled had seen increased demand levels, despite the economic downturn.” The survey suggests that outsourcing projects are changing, with a strong focus on quick return on investment replacing longer-term initiatives to improve end-to-end business processes, according to InfoWorld. So as we saw during our own surveys this year, it looks like IT will spend time and money against the practical projects that should and could get done and not taking on ITIL and CMDB projects.

Jonathan Schwartz as a puppet talking about open source and his ponytail. The driest Sesame Street take-off you’ll ever see. Check out the video here. For those of you playing a drinking game at home, “ponytail”.

Denise Dubie posted a follow up to her article Novell’s Managed Objects buy, and shared insights from different commenters, including yours truly.

One of our favorites, the IT Skeptic was featured on John Willis’ blog this week, answering some questions about CMDB, ITSMF and more. He also provided his insight into IBM Tivoli, although he “tries to stay non-partisan”.

Inexplicable. HP posted Halloween-themed videos about datacenters on YouTube this week. Unlike the great IBM videos about the mainframe, these videos speak techno-babble without tempering the lingo with being funny or tongue-in-cheek. Various frightening creatures share information on service management processes and discuss virtualization techniques to help consolidate hardware. Scary.

Phreaknic 12 (2008) Hacker Con

Wed, 29 Oct 2008 02:59:17 +0000

New Video: Phreaknic 12 (2008) Hacker Con

This is a quick and dirty video documentary of the things that when on around the talks and event at Phreaknic 12 (2008). Don't watch if you get sick at shaky cam movies like Blair Witch or Cloverfield. A rough timeline of the content in the video is as follows:

Intro and leaving Louisville with Brian. Morgellon talks about hacking the Arduino micro controller platform. Sorteal talks about the LiVes Open Source video editor. AT&T Batman building by night. Mojo-JoJo soldering some stuff for the shooting range. The patron gods of hackerdom. Registration. Con swag overview. Morgellon gets his discreet logic on. AK-47 building with HandGrip and Buttstock. Froggy talks up Notacon, which I plan to go to next year. Skydog explains the Jware chair toss event, and then we compete. Rootwars hacker wargames. I ask Int80 about using his nerdcore music in some of my videos. NotLarry explains rootwars. Some iPhone hacking with Lee Baird and John Skinner. I do a little Bluecaseing/Warnibbling with the Bluetooth on my Nokia n810. John, Lee, Brian and I go to the German restaurant. I blind DOSman with the light from my camera and check out what folks are doing with the Arduinos Droops brought for folks to play with. I check back in on R00tW4rz. I blind Droops. I talk Ettercap filters with operat0r. USB door key fun with the Arduino. More breadboard fun. Nokia n810 + Ettercap Filter + Lemon-part = win. Int80 gets down with his own bad self, and the rest of Phreaknic. I find an energy drink with protein. Folks play with the hardware keyloggers I brought, and we have some epic fail with the IBM Model M + USB adapter + Mac OS 10.5. Winn Schwartau joins in on the keylogger fun. DOSman and Zack use a directional antenna from the 9th floor to search downtown Nashville for WiFi access points. Zoom in on Al. John and Lee eat jerky. Daren and Shannon from Hak5 blind me this time. :) Then they do a quick interview. I interview TRiP about the legalities of wardriving, sniffing and leaving your access point open so you have plausible deniability of copyright infringement (most likely it won't hold water in court if you are a computer geek). I give Hak5 Daren beef jerky. Ziplock had more con badges than God. I meet up with Iridium. I talk with Nightcarnage about the audio/video setup at Phreaknic. As I predicted, the Potters won the WiFi Race. I say why this was the best Phreaknic ever. Using green lasers on crack dealers. Techno in the dark, the Aiptek action HD does not do well in low light. Nicodemius shows off his Minority Report like multi-touch table. Hula hoop contest. I check back in with Jeff Cotton and his USB keyed door. I strap on my gear to leave the con. Brian and I do a wrap up of our thoughts on Phreaknic 2008.

Phreaknic 12 (2008) Hacker Con

Wed, 29 Oct 2008 02:59:17 +0000

New Video: Phreaknic 12 (2008) Hacker Con

Airport 'X-ray art' courts TSA trouble

Wed, 01 Oct 2008 20:00:00 +0000

Techno-artist/open-source developer Evan Roth has a message for the Transportation Safety Administration -- several messages, actually -- about what he considers excessive airport security "theater." He also has chosen an intentionally provocative method of delivering those messages: the TSA's own X-ray screening machines.

ISP Clickstream Betrayal Part 2 - The Double-Reverse Masquerade

Thu, 10 Jul 2008 13:36:24 +0000

*** Techno-Geek Warning *** The following lengthy article discusses technical details that may cause your head to explode. I take no responsibility for cleaning the walls after you read this. ************************ As promised, Steve Gibson has published his explanation of what Phorm Inc. is doing to enable “Behavioral Targeting” for its advertising network that leverages equipment it installs [...]

CISSP is here to stay! Sorry, Dre.

Fri, 20 Jun 2008 07:14:00 +0000

Dre wrote an article in which he put the argument down that the CISSP is on its way out. What he really argues is that a "generalist" Information Security position is no longer very important, specialisation is the only way to go.

I disagree. I am a CISSP and an InfoSec "generalist' but that is not why I disagree.

I love it when I read a blog and then read another about a totally different topic but that in some way relates to the first blog. And the second blog I read today is Mr Andy, IT guy's blog. In his blog entry he complains rather tongue in cheek about how many meetings he attends.

While Andy and I are many miles apart it amazes me just how similar our lives are and, yes, I also spend ages in meetings. On average I spend about 2 hours of my day not in meetings. And I love it. Every meeting that I attend makes me more educated by how the business I work for - works. I also give my input and hopefully touch on all the people just how important protecting information is.

Just like Andy, I was a techno geek until recently. I was a Firewall specialist. A Check Point Firewall specialist. I could read the pseudocode it would chuck out. I could edit the configuration with a text editor. I could read log files. I knew the system backwards. I am now employed in a company that doesn't even have a Check Point Firewall. I have moved onto something totally different.

There is a need for people who can configure security devices, perform active directory magic etc, etc. Even guys who are experts in logs. But you certainly don't want these guys tied up in meetings the whole day. You want them working on the systems that they know well.

You also want someone who can go to meetings and interface with business. Someone who can make a risk decision or at least know who to speak to. This person must be technical but also able to chat formally and informally to business and must always be thinking security. He must understand that meetings are not a waste of time but time spent educating business about security.

It is my belief that this person is not just important for a large organisation like the one I work for but even a one person shop should have one. Obviously, in that case a consultant should be used rather than a permanent employee but it is important.

The person does not have to be a CISSP but it is a good way to show that they are interested in an InfoSec career.

On a related note - I, like Andy, miss the technical side of InfoSec. But I also enjoy the ability to see my larger ideas implemented. I also enjoy selling InfoSec, something I am passionate about. In short, I enjoy my job and am happy I moved from being a techie to being an analyst. They are very, very different jobs. There are some people who may not be as happy as me. I know some, they are techies and are really good at what they do and they have no want to move to anything else. They want to specialise. In South Africa, these people are not rewarded for their knowledge and that is a problem because there is a need for the specialists. Hopefully, as demand increases and there are some techies that shine, they will be rewarded.

Techno-Geek LOLCATS

Fri, 13 Jun 2008 09:39:10 +0000

Don’t you just love those technical security people who always need more security tools even though it doesn’t fit in with what everybody else is doing?

Bookmark to:

Where's JJ? Schedule Updated

Thu, 22 May 2008 17:05:50 +0000

I’ve just updated my schedule- see upcoming events and presentations.

Catch us next week at the NCLGISA Spring Conference for government and education members and see my Thursday afternoon presentation on Successful Security: Starting with Policies. You’ll also find the CAD booth there, right next to the food in the main exhibition hall :).

After that, the plan is to stop by the Hackers Halted USA, held in conjunction with the Techno Security Conference in SC. This trip will have to be short, as we have a couple of 1X, NAC and wireless implementations to finish up.

In June, our company, CAD , is sponsoring the NC Bar Association Annual Conference and a Dept of Energy show in Texas. I don’t plan to be at those, but you’ll find the CAD flag proudly flown.

Then in August, off to Black Hat USA for briefings and a short time at Defcon to see what all the crazy hackers are up to. At the end of the month I’ll be presenting on NAC technologies and vendor offerings to the ILTA group (International Legal Technology Association) at their annual conference in Dallas.

In September, there will be more network security fun during my presentation at SCITDA in South Carolina. I’m waiting to hear back from our friends down there to see which specific topics they want to hear about.

See the My Schedule page for more!

# # #

Clear communications

Sun, 20 Apr 2008 03:13:18 +0000

For most people, discussions on information security are "filled with strange names and words that would be gibberish in any other context." In fact, I lifted that quote from todays Sunday Times and an article in which an American judge talks about Harry Potter novels. It brought to mind an email I received from some-one in my organisation a few days ago which simply stated "thank you, I could actually understand what this means" in response to some information I had distributed, which I took to actually mean "as opposed to the undecipherable hieroglyphics you usually post..." As an industry, if we were to stand accused of producing gibberish and terms that would be meaningless in any other context then the verdict would be a unanimous guilty as charged. The problem is that this leads people to believe that information security is purely a technical subject, driven by techies, communicating in techno-speak. I like to think that the secret of my own success is clarity in my communication. However, when I look back through some of the messages I've recently sent out some of them are full of three letter acronymns and industry specific terminology that no-one outside of the "circle-of-trust" is likely to understand - let alone somebody who doesn't have English as their first languge. So, take a note Mrs Jones. Reminder to self - consider the audience and make the messages understandable.

'Star Wars' Turns 25; Is It Worth $120 Billion?

Mon, 24 Mar 2008 01:00:00 +0000

It's the 25th anniversary of President Ronald Reagan's stunning announcement of a techno-plan to knock enemy missiles out of the sky. Many doubted its feasibility then, and many still doubt whether what got produced really works.