An Information Security Place

OK, as much as it pains me, I have to respectfully disagree with The Shimel about his review on Iron Man.  First off, I really think you have to have some knowledge of the Iron Man comic story to truly appreciate this movie.  Clearly Alan does not have that history (and he is probably going to call me a dork or something since I do) when he makes statements like this :

I didn’t understand how he got the superpower, it was just a powered suit and how it worked was pretty silly.

HOLY CRAP!!!  That is near heresy in the Marvel Universe!  Tony Stark does not have powers other than he is extremely intelligent (I believe he developed some extrasensory powers one time, but I have not collected and read comics for a while).  That is what enabled him to make the suit and the piece of technology that powered the suit.

I have to say that while I do agree with Alan that the movie is predictable, I also must say that it is thus far the best big-screen representation of a Marvel Comics character.  It stayed very true to the original story, which is always very important to me.  In contrast, the Hulk movie was horrible and boring (have more hope for the next one), Daredevil was just pure idiocy (mostly because it Ben A Fleck in it - though the playground fight scene was almost as bad as the ice skating scene in King Kong), the Spiderman series has always been underwhelming (they have screwed that story up so bad that Spidey might as well be shooting webs out his ass), The Fantastic Four movies were just…well, I wish they weren’t (especially since they royally hosed Silver Surfer’s story and character, which really pissed me off since he is my MOST favorite Marvel character of all time), and the X-Men movies, while pretty dang good, were still off on the story lines.

I guess what this all comes down to is three categories:

1. You have no preconceived notion of what the movie was about, so you can enjoy it or dislike without baggage

2. You thought you had some idea what the history of the characters are, so when you see something other than what you expected you don’t like it (similar to Alan’s review in this case)

3. You are intimately familiar with the story line pre-movie and either love the movie for being accurate or hate it immensely because they screwed the story up completely.

Of course, then there’s the fourth group that would not go see the movie if they were strapped to a wild team of mad donkeys (my wife falls firmly into this category - love you baby).

So anyway, now that I have blown off some steam, I think the movie was good precisely because Tony Stark did NOT have superpowers.  He didn’t in the comic, and he didn’t in the movie.  Just a really smart dude who knows how to build really cool toys that just happen to blow up crap.  Kinda like Batman (yes, I know he is DC).

Man, I know way too much stuff about comics.  Oh, here’s a picture of me with The Hulk.  It’s remarkable how close our builds are, isn’t it?

And here’s what I looked like after I read Alan’s post on Iron Man:

UPDATE:  I think I will use the Hulk picture in the same way I use my Orange Juice Award picture, except it will be reserved for when someone pisses me off…

Vet

OK, I am going to do a little self-pimping here.  For those of you who have been reading my blog for a year or so, you probably know that I also blog over at Computerworld.  But if you haven’t been around a while, or you just plain missed it, please go take a look when you get the chance (and subscribe to the feed).  My writing is typically a little more subdued over there, simply because CW can’t have me calling people an ass. 

Also, there are a lot of blogs over at CW, and they have a bunch of different subjects.  The site is great (it has won some awards), and the editing staff is awesome as well.

OK, self-pimping is over.

Vet

First, let me be very clear that I have, in the past, downloaded music illegally.  I have also used pirated software in the past.  And while I can’t say that every song I have on my iPod is legal (simply because I can’t remember where I got some of them), I can say that I discontinued the use of pirated software a while ago.  So, moving on…

Don Tennant is an editor over at Computerworld, and he is also a blogger.  He recently posted a story that his son wrote while attending Worcester Polytechnic Institute in Massachusetts.  The story was about a group of pirates (software, music, and movie pirates - not the kind who says "ARGH") at his school who were very prolific in their pursuits and ended up getting caught and quite busted.  It is a great read, and it goes into a lot of good detail (Don, looks like your son got your writing talents). 

But as good as the story is, my point for this post is the comment that was made on the post.  Someone that didn’t post their name (people like this usually don’t) wrote a fairly lengthy comment.  Here’s the main excerpt that makes me cringe:

Sure what the students is doing is "illegal" but the fact of the matter is that there is nothing that they could ever do to completely stop this type of illegal activity.

Here’s my reply:

I worked for a company a few years back that built apartment complexes at major universities all over the country. We were also the ISP for the students that lived in our complexes. The network became a huge P2P site after a while (as well as a rampant malware playground). We received notices from the RIAA and others on a fairly regular basis about copyright violations coming from our IP space. It was nasty. We ended up putting in "application aware" security appliances and throttled down the traffic for everything but a few known apps. This worked even for traffic being tunneled over http, but anything https got through. Advances have been made since then, but it is still going on.

But this is not really a technology problem, is it? This is a moral and ethical problem that will never stop because people like Anon put quotes around the word "illegal".

That is really what this is about.  As long as people can justify in downloading music, movies, and software illegally, it is going to continue to happen.  This is not a problem that technology is going to solve.  The different industries have tried again and again, but to no avail.  It really comes down to people’s hearts. 

And having made that disclaimer above, I also want to say that I am not writing a "holier-than-thou" post.  I am simply writing this post to say that when you are breaking the law, no amount of quotes around the word "illegal" makes it OK.

Vet

I had a long talk with a client yesterday regarding IPS.  They were setting up a nice sized extranet infrastructure to serve their clients, and they needed to build some security into the design before they implemented.  They had already thought of a lot of pieces, and now they were looking at putting in IPS.  They were already being courted by one IPS company, but they wanted to know about others and what the strengths and weaknesses were.

So as I started into the discussion, I diverged a bit from the pure technical discussion and talked about the view of the network as a whole.  Basically, I tried to get them to look at the big picture of what they were buying versus just an IPS as a single silo.  What I talked about was how the one IPS they were looking at was an excellent IPS, but I also told them that they really had no big advantage over any of the other big IPS vendors in the market.  If you look at the Gartner chart for IPS, there are about 5-7 vendors in the magic quadrant.  Basically, the product is a commodity, just like anti-virus and other mature products.  Though some boxes have advantages over others, they all really can do the job.  Most are able to protect multiple segments and can handle multi-gig speeds.  Most have a default set of policies that are not very noisy and protect against the big threats.  Most are HA capable.  Most have fail open or fail close options. Etc, etc, etc.  Some people might disagree here, and I understand that.  One IPS might have a feature that another one does not that may fit a certain need.  But I contend that in a general sense, none of the big ones really have a huge advantage.

So in that light, what are the factors you have to consider?  Well, it really comes down to the intangibles.  Let’s look at a few of those:

Is the company diversified in their product line?  In today’s converging security market, that tells us whether the company is likely to be snatched up or simply disappear, depending on product quality and whether there is someone out there who has money and has a whole in their product line. 

Product diversification may also mean that the company is trying to take a look at the network as a whole versus just one piece.  If they have developed or bought different products that compliment each other and are trying to bring them together in a way that gives insight into the network and allow collaboration, then that type of company is likely planning on sticking around for a while.

In this light, also look at management of the product.  Though this is not exactly an intangible, it is still something that many companies don’t think about.  What about the learning curve for you employees?  Do you already have products from this vendor?  If so, does this new technology fit well into that console, thus lessening the time the your employees need to learn it? If a company fits the diversification example above, they might have a problem in this area.  Of course, if they are serious about making it work, they might very well have an EXCELLENT console.  Take a close look.  You also have to consider the talents of your employees with this factor.

Another intangible is support.  How well do they support their product, keeping in mind that the company with one product may be better at this versus the big one with multiple products?

There are probably many other factors to consider here, but the basic point is that when you are looking at a mature, commoditized product (this does not just apply to IPS, obviously), a decision should not be made on technical issues alone.  Look at your business. Look at your risk.  Look at your employees.  Look at the vendor as a whole.  Compare their position in the market to other vendors.  How do they stack up?  Do they seem to have tunnel vision, or are they trying to diversify?  Make sure you don’t let your technical folks make the decision by themselves and then hand you a PO to sign.  They may like the product in the short term, but you have to think long term.  You might piss off the team for a bit, but you can use the decision as a lesson to help mature your staff.

Vet

John Thompson is an ass.  There, I said it.  Whew…

So now, let me ’splain.   I did not really have an opinion of John Thompson until the 2005 RSA Conference (except for the acquisition of Veritas - it made sense to me, but it royally screwed me over at a critical time - explained below).  I just thought of him as another CEO of a pretty successful security company.  Either he had not done enough to stand out to me, or I simply had not paid attention to him up to that point.  Anyway, I was sitting in the audience at RSA 2005, and I had just finished listening to Bill Gates talking about their entry into security.  Like many people, I met this with apprehension and doubt, but I still listened with respect.  But then Mr. Thompson came up after Bill was done, and that respect factor went right out the window (for Mr. Thompson, that is).  He proceeded to rip Bill Gates up one side and down the other, and it was the single most rude and disrespectful display I have ever seen.

Now don’t get me wrong.  I am not a MSFT fanboy.  I have slammed them on many an occasion.  But what Mr. Thompson did was really beyond just trying to head off a competitor.  It was unprofessional, and it smacked of school-yard bully tactics.  And to add to it, Mr. Thompson had a crew waiting at the doors handing out review forms to see what the audience thought of his little speech.  I gave it negatives across the board, handed it back with a sneer, and then slapped the person who handed it to me (OK, that last part about smacking them was made up… but I DID sneer).

Now he is being downright condescending towards McAfee.  When asked how he felt about them since they are viewed as Symantec’s chief competitor, he said:

It’s a nice little company and they do a nice job. The industry needs competition. But we don’t see their portfolio as competing directly with ours. We help customers manage their infrastructures better.

Dude, come on.  Please get off your friggin’ crystal tower.  You can debate your quality versus their quality if you want, but pitiful statements like that are beyond ridiculousness.  Confidence is needed in a CEO.  Arrogance just looks petty.  Eric Hoffer said, "“Rudeness is the weak man’s imitation of strength."  You are looking pretty weak, Mr. Thompson. 

BTW, I am not a McAfee fanboy either.  But Mr. Thompson, I have run and managed both your AV products and McAfee AV products in ENTERPRISE settings.  McAfee has ALWAYS beat yours, hands down.  And that is in management, performance, and accuracy.  That is my experience.  And while I have limited experience in some of your other products, I can say that from the outside, your product line looks like a mismash of crap. 

And your acquisition of Veritas way back when?  I was actually one of the few people who thought that acquisition made sense.  But that also hosed me in so many ways.  Like when I was trying to perform my DR test in Arizona.  I’m a big boy, so I take responsibility for that kind of failure.   But horrible support from Veritas / Symnatec single-handedly screwed up my DR test.  Support was already bad at Veritas, and you jacked it up even worse.  Great job.

So there’s my rant.  I hope I don’t get sued for libel. :)  BTW, it looks like someone else out there feels the same way I do about Mr. Thompson (though they said it in a nicer way).

Vet

Monday was meetings.  Then spent Tuesday and Wednesday in New Orleans doing an eval install for Bluesocket (actually, the SE for Bluesocket did the install - I was there to learn).  Then I spent all day Thursday driving around one of our sales people from Dallas since she has a few clients down here in Houston (we had some good meetings, so it is worth it).  THEN Friday was spent driving roughly 6 hours (round trip) to Austin for ONE meeting (I also picked up one of our sales guys at the Austin airport - I love being a chauffeur).

That is often the life of a sales engineer.  Driving, flying, installing evals, driving, flying, talking to clients, flying, driving, driving, flying… You get the picture.  Just seems horribly inefficient sometimes.  But all part of the gig.

Vet

Man, Brian Krebs is just trying to talk about the incident over at the Obama blog where someone stuck in some code to redirect visitors to the CLinton website.  And what happens?  Just go over to Brian’s site and read the stupidity.

What is it about politics that brings the worst out in people??

Vet

Diebold Accidentally Leaks Results Of 2008 Election Early

My pastor writes a blog on our church website that I follow, and today’s message was very good.  Here’s an excerpt:

Life is a long series of “moving-up-a-level” experiences. We move from kindergarten to first grade, or from middle school to high school, or from engineer to project manager, or from club member to club president, or from team member to team captain, or from salesman to sales manager, or from second string to first string, or from busser to waiter. 

In this “moving up” process we spend a lot of time and energy desiring to move up and wanting more responsibility and more money and more control and more recognition—and we spend very little time and energy considering the struggles that are coming with that new level. At new levels there are new challenges.

 

This really struck me.  Almost everyone thinks about the next level and what it would mean for them.  Like Pastor Dave says, it means more money, more control, more power, more fame maybe.  But if we would just stop to see what bad things that new level involves, we might not be so eager to make that climb.

Now, Pastor Dave is in no way saying we shouldn’t strive for the next level.  Look at this quote:

There is nothing wrong with desiring a new level in life—just be sure you are prepared for the new devils at those new levels.

Obviously this is written from a Christian perspective, so you will have to apply the term "devil" to whatever your belief system happens to be.    "Devils" can be a term that can be used for any issue that arises when you move on to new challenges, no matter if you are Christian, Buddhist, Jewish, Muslim, atheist, or whatever.  But the message still applies.  Moving up brings new challenges.  Those can be exciting, but you might want to make sure you are prepared for those challenges before you start the climb (or even start looking for the ladder).

From a personal perspective, I can say that I made the climb early in my career.  I started in IT during the golden age of the 90’s.  If you had a CNE or a even a MCSE, you could pretty much write your own ticket.  Everyone needed a network admin, network engineer, webmaster, etc.  Everyone was growing, and they needed more people to grow with them.  So I sought and got promotions very quickly.  I learned a lot from those experiences, and I don’t regret any of it.  However, I know now through hindsight that I was not prepared for some of those jumps.  I struggled through a lot of those new jobs and levels.  I happen to learn better through doing, so it was good for me.  But not everyone learns that way.

So basically, use caution when seeking that next level.  Be patient and honest with yourself.  Sometimes delayed gratification is better.  Always seek to better yourself, but make sure you are doing it in a smart way.

Vet

I just received a nice little USB stick from LogLogic.  It has a bunch of info on how to sell their new MX line of products.  That’s great.  Seems to be a good idea.  But guys, you DO know what these are used for, right?  They immediately become wiped (that is, if the person is not too paranoid to actually use it).  Hopefully the person copies off the material before they wipe it, but that obviously cannot be guaranteed.

So here’s my gripe.  If you are going to give me a flash drive and want me to sell your stuff, make the drive 1 Gig or more.  This 512 meg crap just don’t cut it.  Dr. Anton, speak to your marketing people, man!

BTW, eEye did the same thing last week at RSA, but their drive was 1 gig.  Kudos to the eEye marketing folks!

These branded flash drives also make great attack tools.  The random USB drive might not be trusted.  But if it is branded, why not?

Vet

I have announced a few new security blogs here at An Information Security Place over the last couple of years (yes, I have been here for over two years now - just realized that myself).  Well, this time I am not actually announcing a new blog, but a new blogger.  I am specifically talking about Sam Van Ryder, who works over at Alert Logic.

While Sam has been a prolific blog commenter for a while now, he had never taken the next step into his own blog.  I guess he still has not done that, since he is actually blogging at Alert Logic’s blog.  However, he is officially part of the club now, no matter is he has his own blog or is using another platform to do so.  WELCOME, SAM!

Now, fair warning.  Sam works for a manufacturer, so I am sure we will have to hear the party line from time to time.  However, I know those guys over at Alert Logic very well (they are based here in good ol’ Houston), and I can tell you that they have some unwaveringly honest people over there.  So yes, they are going to speak well of their company.  That is to be expected, and I am totally fine with that.  But I know Sam will also be a refreshing voice that will do a whole helluva lot more than be a cheerleader for Alert Logic.  Just go judge for yourself by reading his first post.  His writing style is very good, and he has some good insights.

Great stuff, Sam.  Welcome to the club.  Now people can be star struck by you in a couple of years. :)  And kudos to Misha for getting you on there.  Now if you can kick his ass enough so he will start writing again…

Vet

I have been getting this crap steadily for the last month.  Driving me nuts.

Vet

Since I get an RSA press badge through my Computerworld blog, it is kind of expected that I meet with a few of the vendors and others that are interested in getting their latest news out to the world via the press.  So I did my duty and set up some meetings. 

There are always the small guys trying to get their name out there.  The startups sometimes have a decent story because they are passionate about what they have to offer, especially if they are blazing new trails.  However, most are really just trying to jump on some security bandwagon a bit too late and are really just spending a bunch of venture capital to get a booth at RSA in the hopes that someone will notice them in the far corner of the exhibition hall.  Sad and maybe cynical, but it is true nonetheless.  So, needless to say, I typically avoid those small shops unless I see some good potential (I did setup a meeting with one of them, but I had to cancel because of work).

I did talk to eEye about some of their new offerings.  I have a USB key with all their info, so I will look it over and share what I think is cool.  What I do remember is that they are coming out with some appliances that seem to offer some nice features.  I give more details later.  What I did like about the eEye story is that most of their technology is their own stuff.  They don’t OEM much at all.  While I get the OEM model for companies trying to get into new markets without a lot of effort, it also drives me crazy when a company that is supposed to be a leader in the marketplace just starts OEMing everyone’s stuff.  If you are going to be taken seriously as a security player, you have to do some of your own research.  It kinda gives street cred in a way.  So kudos to eEye for maintaining that within their company.

I also talked with Enterasys, mostly because I used to hold some high-level certifications with those guys.  I worked with them way back in 2001, and they really had the edge as far as technology.  I believe they had the first partnership with Microsoft to get 802.1x going.  While not a true NAC play as far as malware and state-checking, it did limit access to resources at the port level.  That was revolutionary back in 2001, and if their management would have been worth a crap, they could be a major leader in the market right now.  But alas, twas not to be.

As mentioned in my previous post, I went to a blogger gathering with some marketing people over at Microsoft.  Shimmy, Martin, Dr. Anton, Mitchell, Hoff, and I all had a great time talking to the MSFT people (they let us talk ,so that is always a great time). 

I also got to have a nice little private chat with Howard Schmidt, Ed Zeitler, and Rob Ayoub about the Frost-Sullivan/(ISC)2 survey results (sorry that I can’t share them yet - it is embargoed for a couple of weeks).  It was a great conversation all around.  I had never met Mr. Schmidt, though I had attended some of his talks before.  It was nice to sit down and really get to know how he is in private conversation.  He was a really nice guy, and he was remarkably easy to talk with.  There was no hint of condescension (maybe there might have been if he had had thought I was just some journalist, but he found out I was a CISSP when I handed my card over).

Ed Zeilter is also a great guy.  Very open and had no airs about him.  Just liked to talk theory when discussing the results of the survey.  Rob Ayoub from Frost and Sullivan is someone I have met a few times (he is from San Antonio, so we cross paths at TRISC shows and other places).  He has always impressed me with his knowledge and good attitude.

On another note, I thought of something that I wanted to mention to the RSA Conference organizers for next years event.  I think it would be awesome to make a distinction between regular press and us blogger types on our badges.   I think bloggers are typically more respected than journalists because they usually have a day job that involves working in the industry, thus they tend to actually know the nuts and bolts.  Though I didn’t really experience any blatant shunning with my press badge, I did notice that people’s attitudes changed when they learned that I am a security engineer instead of some guy that just writes for a trade rag.  If they didn’t see my card before we started talking, the initial treatment I received was quite a bit different after I started asking in-depth technical questions.  The look in their eyes changes from a glazed "talking to another journalist" to a "this guy actually understands what he is asking".  We’ll see if the suggestion goes anywhere.

Vet

I was in Dallas a few weeks ago for a few sales call, and I met my sales guy in local McDonalds parking lot.  I needed to jump online real quick (still can’t get a broadband card OK’ed), and I noticed that the McDonalds had a AT&T WiFi sign on their front window.  I decided to try it since I have AT&T broadband at home, and I’ll be darned if it didn’t work.  Had a nice sign on page where I could input my broadband user name and password.  Very nice. 

Of course, there are not a whole, whole lot of Micky Dee’s that have WiFi.  So I usually find myself in a Panera Bread because, unlike Starbucks, they have free WiFi.  However, Panera’s are not near as prevalent as Starbucks, which often leaves me in a quandry (in my not-so-humble opinion, Starbucks should pay for my Internet access if I buy a coffee and a scone - believe me, I very rarely leave a Starbucks without at least having a tall non-fat no-whip mocha). 

But a few months ago I heard that AT&T was getting in on the action at Starbucks as well, and they supposedly were offering free WiFi to AT&T broadband customers.  SWEET.  So I went to few Starbucks over the last few weeks, but I never saw an AT&T WiFi sign.  Oh well.  I figured it was taking them a while to get it all in. 

Well, being the dumba&& that I sometimes am, I never just tried to see if they had it going by simply connecting to wireless and seeing if I saw an SSID out there.  So a couple of weeks ago I decided to give it a go.  And there was not an AT&T SSID anywhere.  Dang!  Oh well, I guess I’ll have to wait some more. 

But I really needed to get on the Internet (I had a proposal that was due, and I was about to be on the road for 4 hours), so I hooked up and prepared to shell out some money to T-Mobile.  And then, what did I see up in the top right-hand corner of the T-Mobile page (kinda small and inconspicuous, BTW)?  There was a AT&T Broadband image that beckoned me.  I clicked, signed on (just like McD’s), and I was on.  OH HAPPY DAY!! 

Now, I have not tried this at any other Starbucks yet, but my assumption is that it was not just this little Starbucks in Ennis, TX (25 miles south of Dallas on I-45).  So I am happy.  Now I can go to Starbucks, buy my mocha, and then surf to my heart’s content.

Vet

OK, I have to officially applaud Microsoft and their catering to bloggers.  What I am talking about is the lunch that Microsoft sponsored for security bloggers today at the RSA convention.  They invited a few of us bloggers to attend a lunch to talk about blogging, how we all came to be bloggers, and what they see as the They are very interested in our thoughts about blogging, where we see the evolution going in the future, etc. 

They also seems to be very interested in making sure they use blogs in a genuine fashion.  What I mean about that is this: they want the people that blog for them to present the issues in a real and honest fashion.  They recognize that someone who speaks the truth about what is going on with a product and gives people the feel of having an insider’s knowledge lends credence to their opinion and ultimately lends credence to the company itself.

Of course, the main issue they are trying to grasp is how they can use viral marketing to grow their business.  And guess what… that doesn’t bother me in the least.  They recognize the power of blogs in getting the word out.  And that is a good thing.

Good job, MSFT.

Vet

A quick post here.  In case you are interested, I am having fun at RSA.  Although I stayed out a little too late last night because Martin was dragging me to a bunch of parties (OK, I went willingly, but my feet still hurt this morning).  I got to see  a lot of my fellow bloggers before tonight’s get together, so that was cool.

I have to say that McAfee’s party was the coolest I have seen.  They really did it right.  The music was excellent, and even the weird stretchy lady outside was cool.  The lady in the weird makeup freaked me out, however.

And a quick shout out to Mr. Shimel and Mr. Rothman, who have both lost a lot of weight and are looking good.  Congrats on that guys.  Now give me your secrets.  I have a triglyceride problem I need to work on!

Vet

I just wrote a post about the Olympic Torch going through San Francisco on Wednesday and the security concerns for those of use that are going to be at the RSA Conference.  The first comment was helpful and gave a link to the map of the procession through San Francisco.  The second comment said this:

China’s human right record is no worse than the US. China does NOT torture prisoner at Guantanomo.

This is much ado about nothing.

The Tibetan minorities enjoy special right in China. They don’t lost tax credit for having more than 1 kid.

If anything, the Chinese police need to receive some training from the CIA and go after these Tibetan terrorists and thugs who are bent on murdering the Han and Hui people of China.

Wow, how nice that the Tibetan monks don’t lose tax credit for making a CHOICE to have more than one kid.  Man, that’s friggin’ freedom right there!!!  What a freakin’ idiot.

Notice the dropping of the "s" in a few spots, which indicates to me that it is written by someone from China that supports the evil regime in China.  Maybe a member of their pinko commie PR team.

Vet

Anyone else seeing these?

Vet

I have been reading the political-thriller novels of David Baldacci lately.  His novels are very good and very intriguing, and they are also generally very accurate.  Having said that, I want to point out that I am not writing this post to point out any mistake he made from a technical level (I have found a couple of small errors, but nothing really big at all). 

What I wanted to point out actually exists in many modern-day thriller novels.  Most (if not all) of these novels have a small character in them that I like to call the "Ubergeek" (I didn’t make up the term - it just fits).  One of Baldacci’s first novels is called Total Control, and it is no exception to this rule.  One of the main characters receives a disk (this was 1997, so no USB), and she needs to read the information on it.  She doesn’t want to use her computer at home since she is fairly sure someone has put some kind of spyware / keylogger software on it (the author never used those terms - not even sure those terms existed then).  She was a lawyer working for a large law firm, so she naturally called up the law firm’s computer expert (Ubergeek). 

Believe me when I say that this guy was a bona fide Ubergeek!  He knew every answer to every question this lady could ask.  And when he plugged in the disk she was trying to access and found that it is was encrypted, this guys had the tools to launch a brute force attack on it as well as the experience to ask her a bunch of personal questions and try variations of that information as passwords.  The when he couldn’t break it, he figured the guy had used a randomized password with over 14 characters.  This guy rocked!  At least Baldacci was honest enough (or it just fit his plot line better) not to have this guy capable of anything, including breaking the encryption with his willpower alone.  Too many novels do that.

I love this Ubergeek character in novels for a few reasons:

1. It signifies how much technology is needed in today’s world when someone has to create such a character to give realism to a novel set in today’s times
2. The character usually shines in one of the chapters (in a scene such as mentioned above), so that gives a geek like me a convenient place to break down how thorough the author’s technical research was and how much (s)he actually understands it (Baldacci generally does a pretty good job)
3. I love to see general terms like "firewall" thrown about to impress the average reader
4. I love to laugh when the "expert" gets it wrong because it gives me a wonderful feeling of superiority

I do have a couple of problems with the Ubergeek in Total Control.  I questioned his expertise when I found out the guy used AOL.  No true geek would do that, even in 1997.  And he was using a phone line??  A true geek would have had ISDN at least!

Vet

I have heard some good things about Safari for Windows, so I am going to try it out.  And since they are pushing it with the new version of iTunes (not quite as heavy handed as the push out to Mac users - I had a choice to decline it), I figured what the heck.

The first load was pretty slow, but that is to be expected the first time it comes up on a new system.  It loaded much quicker the second time around.  I’ll play around and let you know what I think later on.

Update.  I said later, but here are a couple of thoughts / impressions right now:

• The load status of webpages is in the address bar, which is different for me (maybe that is standard for Mac users). 
• Intense Debate (the new blog comment system that I am beta testing) seems to work fine with it.  Intense Debate also works great with Firefox on my system, but IE seems to choke on it quite a bit.
• The fonts seem to be a tad hazy.  Not as crisp maybe
• iGoogle looks pretty good on it
• The redlines under suspected misspelled words is much more noticeable
• I still like IE7’s new tab feature rather than needing to hit CTRL-T
• I don’t like that there is not a history arrow in the address field.  Instead you have to click the history menu.  Maybe that is just because I am used to it, but I like that feature on IE and Firefox

Maybe some more later.

OK, more:  Where is the area that gives you a preview of the link you are about to click on?  I can’t see where I am going!!  Oops… OK, found it.  You have to choose View > Show Status Bar.  This is becoming more like a twit post than a blog post.

Vet

I hate when I do stupid stuff.  And it is even more embarrassing when it is a rookie mistake in front of a customer.  A client of ours bought a new Juniper SSG 320 firewall and a new Juniper SA2000 (SSL VPN).  One of our consultants has the firewall in place and working, but he didn’t know how to configure the SA.  So, I jumped in to help.  The only problem is that the client is in Dallas, and I am in Houston.  So, we got the basic config on the box, and I connected remotely and started configuring away with the client on the other line (he was watching via the remote meeting feature the SA has - kinda like Webex).

So the client wanted the administrators to authenticate through their active directory.  I said fine and started modifying the admin realm and role to authenticate back to AD.  Well, Mr. Brilliant here (that’s me) didn’t think about the fact that I was modifying the very realm and role that I had authenticated through, which was pointing at a local user database.  I modified the rule, save the changes, and BAM!  I lost contact.  DUH!

OK, well, it disconnected me, but we should be able to get in using the client’s AD creds, right?  Well, no.  That wasn’t working for some reason (still working on that).  So the client had to go to the console and create a temporary super-admin user to reset the stupid stuff I had done (luckily Juniper anticipated idiots like me and created a way around the problem - but it is through the console, so you have to have physical access to the box).

Dang it!  Just smack me!

Vet

I just read this story over at Computerworld Outback (it’s not actually called that, but it IS in Australia).  It looks like there is another initiative for vote by their shareholders to get Google to quit censoring the Internet at the request of pinko-commie regimes like China.  There was a similar initiative last year that was voted down by shareholders.  Basically, this comes down to the simple fact that Google and the shareholders will do anything to make money, even if that means doing the bidding of the evil Chinese government.  I think I am finally going to switch search engines.  This makes me sick.

Something else I noticed the other day when I was at a product demonstration of Palo Alto Networks.  Part of the functionality is showing top traffic origins and from what countries those came from.  Pretty standard.  But Taiwan was shown as "Taiwan Province of China".   Hmmmm….  One of the Accuvant account managers is from Taiwan, and she also thinks China’s government is evil.  She raised a stink before I could (we waited until the clients had left).  Of course,  one of the guys was a simple local SE and the other a simple local AM.  But the other guy was a product manager.  He really didn’t have much of an explanation other than it came from some database.  We urged them to move that up their chain, but my guess is that it won’t happen.  I like their products, but this is just not right.

People, I know this is a security blog, but I think this falls in line pretty well.  China is a threat to our security, both in the physical and the cyber world.  They don’t keep their people from wreaking havoc across the world by cyber attacks, but they won’t let their people express themselves in any way counter to the Chinese dictatorial, malicious, abhorrent, evil regime.  But are spending money, so no one gives a crap.  It truly makes me ill.

Vet

I have noticed something lately that I am not sure means anything.  Basically, almost every security device and product manufacturer today have started settling on a similar management interface.  If it is a policy-driven device such as a firewall or IPS, many products have settled on the Checkpoint look and feel.  If they have a command line, they tend to settle on Cisco’s terminology.

I remember seeing this trend back when I was getting my Enterasys certifications in 2001-2002.  They actually had their own CLI "language", but they also put in a command that allowed you to switch over to what they called "standard command line".  Yep, that standard was Cisco.

I understand this concept from a manufacturer’s POV.  If you have a new product, why make the learning curve harder?  If everyone is used to the look and feel of Checkpoint and Cisco, then it makes sense to go that route.

But does that also stifle creativity in some small way?  I mean, if your box is going to be policy-driven, then it makes sense to do this.  But what if policy is not the best way to get to where you are going, but your product manager ends up taking that route because of the learning curve and fails to see other means to the end?  No, I don’t have examples.  Just wondering.

Vet

Go take a look at Brian Krebs’ latest Security Fix post about Network Solutions censoring an anti-Islam website.  This issue is very controversial on both ends.

If you don’t remember, it was about a year ago when a bunch of cartoons depicting Muhammad in a bad light were published in Danish and Norwegian newspapers.  Many Muslims were offended, and there were many acts of violence following the publication of the cartoons.  Citing a fear of resurgence of violence, Network Solutions shuttered the website fitnathemovie.com.  The website was registered to Geert Wilders, the leader of a Dutch political party.  Mr. Wilders is leading a movement to ban the Koran in Holland, and this website would have hosted a movie that he was goign to use to rally support for the movement.

First, censorship is not ONLY performed by government.  Yes, freedom of speech is a concept that applies only to the protection of censorship by government.  However, censorship can be performed by any entity with the power to do so.  And Network Solutions without a doubt has that power.  And it has exercised that power in this case.  Therefore, Mr. Wilders has been censored.

Second, NS is a business.  It has the right to close down a site it views as violating its terms of use. 

Third, NS is an AMERICAN business that is using its censorship power throughout the world.

Fourth, Mr. Wilders may have caused violence with this movie.

Fifth, Mr. Wilders is encouraging of censorship by a governmental body by asking for the banishment of the Koran.

Sixth, seventh, eighth…

There are a bunch of points that can be made here, but it all comes down to which side of the fence you fall on (or which fence you are riding).  NS is stopping a website from being displayed because it is afraid of offending Muslims.  That is censorship, and many view that as wrong no matter what.  Many people see a world-wide anti-Muslim campaign becoming popular, and they want to head it off.  And many simply worry about their companies or countries becoming targets for terrorism and other violence.

It is hard for me to take sides here.  I am somewhat conflicted.  I don’t believe NS should censor the site.  At the same time, I am a believer in freedom of religion as well as freedom of speech.  And of course, that brings up fifteen hundred other arguments.  And the Army veteran in me wants to just blow ‘em all to hell (the radical terrorists, not mainstream Muslims).  So, I guess consider this post as informative rather than argumentative.

Vet

I was contacted today by someone from this blog at virtualhosting.com.  They asked me to link to one of their posts, which  I normally don’t do if I don’t know the blogger.  However, I got to looking through the blog, and I think it is worth reading.  Basically, they have a list of links for just about everything geeky in nature.  The particular post they pointed out to me was about privacy and keeping personal information safe, so they have some security minded people posting there.

If they keep this up (which they have since last September), they could turn into a great reference resource.  Go see what you think.

Vet

If you are reading this post, then chances are that you have some interest in information security.  If so, then you will also have an interest in the Security Catalyst forums.  This is a treasure trove of information security discussions and the like. 

One of the interesting questions posted yesterday was also linked by Michael Santarcangelo over at his blog.  It was a question on what you do if you are discover a large amount of PII (personally identifiable information) on a hacked server at your company (assuming they mean PII from outside your organization).  it is a great question, and it has inspired some great arguments.  Go check it out if you have not done so.  Great stuff.

Vet

Looks like this Sweetbay supermarket credit card issue is starting to pop up all over the wire.  From the article:

They say they are aware of about 1,800 cases of fraud related to the data intrusion and about 4.2 million unique account numbers were exposed.

Wow.  Here’s a Sweetbay Google news search.  All the stories are still pretty new, but Hannaford (parent company) says they have been aware of it since late February.

Here’s a graphic from Hannaford’s front page:

Think that kid is going to be as happy when he can’t get any new toys for a while because his parent’s have to clean up a credit mess?  Sorry, couldn’t resist.

Vet

This is the kinda crap that makes people not want to trust the Internet at all.  Really, if you can’t trust an anti-malware company’s website, who can you trust?

It’s really about being skeptical about the content you visit…

That comes from Craig Schmugar, a threat researcher for McAfee Avert Labs.  I understand the sentiment.  But if you look at it, the Internet has not changed much from its original model of trust.  Yes, there are some more security measures built in now.  There are more warnings that everyone ignores.  But the Internet still relies on that trusted model.  And that trust is getting more and more eroded everyday.  What happens when people just say "screw it" and quit using the Internet? 

Maybe I am being melodramatic, but these damn bad guys are like viruses.  You kill the host, you don’t survive.  Of course, bad guys mutate quickly.  Good guys are getting better at it, but we still don’t change quickly enough.

Vet

Found this compilation story of a lot of the infected computer products coming from China and Taiwan.   I have not done any confirmation of the details, but I believe all of these have been openly published in the media.

This kinda stuff makes you want to break out the conspiracy theories big time.  But on second thought, why is it so unbelievable that China is not putting malware on its devices on purpose?  Hmmmm…. (cue X-Files music).

Vet

Here’s a heads up for those in and around Texas (I know that covers a lot of area).  The Texas Regional Infrastructure Security Conference (better known as TRISC) is almost here again.  The dates are April 21-23, and it is being held in beautiful and historic San Antonio.  Also, Fiesta San Antonio is happening during that time.  I have been to San Antonio during that event, and it is awesome.  Lots of events.  The Riverwalk is very cool during that time.  Here’s a description of it from here:

Fiesta San Antonio is a 10-day citywide celebration, which includes exciting carnivals, spectacular sports, fantastic fireworks, lively entertainment, ethnic feasts, art exhibits and sparkling parades that glide down San Antonio’s River Walk and streets. More than 100 unique events satisfy every taste and interest, drawing spectators from around the city, nation and world. Since 1891 when the first Fiesta event, the Battle of Flowers, honored the memory of our Texas heroes, Fiesta has expanded the initial commemoration to include the recognition and celebration of San Antonio’s rich and diverse cultures. Come celebrate Fiesta San Antonio! (210) 227-5191 www.fiesta-sa.org

Looks like some good keynote speakers are going to be there, and there are going to be some good speakers as well.  Dr. Anton Chuvakin is going to be there, and Simple Nomad is showing back up as well.

Looks like it is going to be good stuff.  Sign up soon.

Vet