An Information Security Place

I love the NoScript Firefox plugin.  But they are major league aggressive at releasing updates.  Seems like I am getting an update from them about 3 times a week now.

Vet

Well, here I am at home, shivering with chills and sweating with hot flashes.  No, it is not menopause.  I have come down with some kind of bug, and it is kicking my butt.  It started Wednesday, but I thought it was allergies since some crazy cool front had made its way to Houston and had blown out all the humidity.  Less humidity was nice, but those things usually set my allergies off.

But as I drove to Dallas Wednesday night, I knew it was something else.  When I finally got a room (my hotel had oversold and made me drive to a sister hotel), I was down right hurting (body aches, fever, etc.).  I didn’t have a thermometer, so I had no idea what my temperature was up to, but I was burning up big time.  So I popped a bunch of ibuprofen and laid down.  I was kinda bummed because the hotel was brand new and they had 36″ DLP TVs mounted on swiveling arms hooked to the wall, and I wanted to watch something on that puppy.  But oh well.

Anyway, I felt better the next morning, and luckily the eval install (RSA enVision, formerly Network Intelligence) went swimmingly.  But as I started back to Houston, it hit me again.  I couldn’t even listen to music my head was pounding so hard.

So last night I kept waking up, and I checked my temp about 1am.  Over 102 degrees.  Not good.  Again the chills were racking me, and I had to go into the living room and sleep on the couch so I wouldn’t wake my wife up with all the coughing.  I have a call today, but I have to cancel.  This really sucks bad.

I am sure I could make a correlation to security somewhere here, but my brain hurts too bad to come up with anything.  If you have some ideas, feel free to comment. 

(Sick) Vet

I am presently looking for a vendors phone number, and I can’t find it.  I know I have talked to the guy before on the phone, but I didn’t save his number I guess (my bad).  So I thought I would look up his number in the few emails we have exchanged.  However, all of the emails have either originated from me or someone else, and the vendor does not include his signature in replies or forwards.  That drives me crazy!

Vet

Accuvant is one of the sponsors at the Houston Data Connectors Tech-Security conference.  If you are in the Houston area on Wednesday, August 1, 2007, please think about attending.  It’s only $50, and there will be some good sponsors on site and some good talks.  Also, I will be there, so that really makes it worth it.

Here’s the link.

Vet

Press release from Aruba

SUNNYVALE, Calif., July 23, 2007 ? Aruba Networks, Inc. (NASDAQ: ARUN), a global leader in secure mobility solutions, today announced the acquisition of Network Chemistry?s line of award-winning RFprotect and BlueScanner wireless security products. Designed to automatically detect network vulnerabilities, intrusion attempts, and policy violations, the Network Chemistry products are in the forefront of wireless intrusion detection and prevention solutions, and complement Aruba?s broad existing line of wired and wireless security products.  Aruba plans to integrate the newly acquired products into its secure mobility solutions, as well as provide products and continuing support to existing Network Chemistry customers and partners.

?Aruba has consistently led the industry with respect to client-to-core security solutions, and with this acquisition we have now rounded out our RF Layer 1-2 security offerings,? said Dominic Orr, Aruba?s president and CEO.  ?Network Chemistry?s products have consistently won accolades for their ability to accurately find wireless network equipment, detect unauthorized devices, and enforce networking policies. By integrating this capability into Aruba?s product family we will extend our position at the vanguard of wireless security providers. We look forward to working with, and providing uninterrupted support to, Network Chemistry?s large base of existing enterprise and government customers.?

Network Chemistry products covered by the acquisition include RFprotect Distributed, RFprotect Mobile, and BlueScanner. RFprotect Distributed is a patent-pending wireless intrusion detection and prevention system that uses a central security engine and purpose-built sensors to automate threat detection, attack prevention, and ‘no wireless’ policy enforcement.  RFprotect Mobile is a portable analyzer for conducting site surveys, security assessments, and incident responses of wireless networks, while BlueScanner is a portable Bluetooth discovery and vulnerability assessment tool.

?This acquisition presents an array of technical and marketing synergies that Aruba can leverage to its advantage,? said Paul DeBeasi, senior analyst at The Burton Group.  ?Wireless intrusion detection by itself is a point solution, but network security requires a system solution. Supplementing its existing security solutions with Network Chemistry?s leading wireless intrusion detection technology gives Aruba a comprehensive system solution. Not only will Aruba add value to its security offerings, but it will also expand the base of prospects to which it can market products and services.?

Vet

Actually, not to me.  But Kevin Liston at the SANS ISC seems to be surprised by it.  Frankly, it only surprises me that it didn’t start sooner.  Maybe the spammers have just been waiting for the right moment to pull the trick out.  But it didn’t surprise me in the least when I heard people were opening them.  Heck, it’s a PDF.  People have been somewhat conditioned on not opening Word docs and Excel spreadsheets (that one came up in the post as well, and that did surprise and bother me a bit), but PDFs are the preferred business delivery system and are seen as trustworthy.

A part of the reason that they are seen as trustworthy is that people use them as a method of ensuring their documents can not or have not been altered.  Unfortunately, this is a huge myth because anyone with access to Google can learn how to crack PDF’s.  This may be getting better (I haven’t kept up with it lately), but it has been atrocious in the past.

Vet

Here’s the video of the interview I did with Martin at the TRISC show in Austin.  We are discussing the talk I gave about security blogs being a good resource for information security research.  Thanks Martin.

Take a look!

Vet

Obviously you are somewhat into blogs if you are reading this, so I have a question for you.  Do you read vendor blogs?  What I mean by vendor blogs is the security and networking product manufacturers out there that have blogs.  Do you read them?  And if you do, what is your general opinion of them?  have you found them to be more self-leaning, or have you found them to be more straight-shooting?

Let me know if you have a second.  Just curious.

Vet

Douglas Haider is my friend and coworker at Accuvant, and he is a wireless security expert.  He is teaching a SANS course on wireless security in the Phoenix / Scottsdale area in October.  Details below.  Sign up soon!

Vet

The SANS Institute is pleased to bring the Stay Sharp training program

to Scottsdale, AZ!  We invite you to participate in the following

classroom session with Stay Sharp Instructor Douglas Haider:

* Security 450: Defeating Rogue Access Points

   Thursday, October 4, 2007 - 6:00pm-9:00pm

   Scottsdale, Arizona

   http://www.sans.org/staysharp/details.php?id=6761

Complete course descriptions and event details for these classes can be

found by clicking on the links above.  Take advantage of small class

sizes and a convenient location to learn a specialized technical skill

in a single evening. Space for these classes is limited, so register

today while there are still seats available!

SANS Stay Sharp Program is bringing hands-on practical training right

to you! Don’t miss out on this great opportunity to build and maintain

your technical skills.  We hope to see you there!

I am going to be in Denver for some Juniper (JUNOS) training this week, and I am working on a huge RFP response as well (I hate RFPs), so posting may be light this week.

Vet

I have been getting a few spam mails using email attachments lately.  I Googled around to see if it was something others are seeing, and turns out it is.  Seems like it all really started getting reported in late June, so I guess it is a recent phenomenon.

Vet

Bruce Schneier pointed to this article in his latest post.  I am in the process of reading the article, so there may something I am missing here, but I have to ask this question: Bruce, can you clearly state your ultimate point?

Here’s the basics.  The article is saying that most terrorist groups rarely achieve their goals because people falsely believe that terrorists are attacking them to destroy them, when in reality the terrorists are killing people to achieve their political objectives.  So Bruce says:

This certainly explains a great deal about the U.S.’s reaction to the 9/11 attacks. Many people — along with our politicians and press — believe that al Qaeda terrorism is different, and they’re just out to kill us all. (In fact, I’m sure I’ll get blog comments along those lines.) The paper examines this belief: where it came from, how it manifested itself, and why it is wrong.

This is why I am asking Bruce to explain his ultimate point.  How exactly should we attack terrorism?  Sleestack made this comment on Bruce’s blog:

So how should civilized societies respond to terrorist attacks where innocent civilians are killed, throw buckets of fairy dust at the perpetrators? Rarified, introspective academic discussions are fine and the understanding that can come of it may be useful. But idiots with car bombs are hardly swayed by elegant arguments.

This is what Bruce does not answer.  Should we just give into these groups?  Should we let Bin Laden have his Islamic state in which women will be essentially owned and there is little to no freedom for anyone except those in power?  If how we view the motivations of these groups is wrong (which I don’t believe it is) but is keeping them from achieving their goals, do we change how we react to them by just rolling over and showing our belly in the hopes that they will stop trying to blow us up?

My comment on Bruce’s post says:

Bin Laden can say anything he wants about his motivations, but I tend to distrust someone who kills people to reach their goals. Anyone who gets into power by whatever means tends to want to keep that power. Having people running out with bombs attached to themselves at your command tends to go to your head, and that is what has happened to any of these terrorist leaders. They are essentially worshipped, and they know it, and they don’t want it to stop.

Come one Bruce.  If you want us to give in, at least don’t beat around the bush.  Just come out and say it.

Vet