An Information Security Place

This is one of the funniest video’s I have ever seen.

http://www.thewebsiteisdown.com/

Vet

I would like to announce my new partnership with TradePub.com.  They offer a lot of subscriptions to trade publications and whitepapers that are relevant to many different industries.  The Resource Center is over on the left in the first sidebar.  You can choose a category using the widget there, or you can just click on the top of it and go to the page to choose more resources.  I hope you find some stuff there you can use. 

Vet

I have been off this whole week working at Vacation Bible School at our church.  I am in charge of eleven screaming kindergartners.  Hmmmm… security or 5 year olds?  Those kids make Russian hackers look like weenies. 

Vet

I wrote a post here the other day that explained that I would not be loading FF3 on my laptop until some flaws were discovered and fixed first.  Then I wrote a post over at my CW blog the next day after a flaw had been found (you need to go read the post to understand the rest of this post).  It was not a "I told you so" post.  Rather it was a post asking people their motives in downloading and installing FF3 so quickly.  After all, this was a MAJOR upgrade, not a bug fix.  Of course, that just pissed off ol’ NickF (whoever he is).  His comment is below:

1. It’s faster, much faster than FF2, mostly in handling JavaScript. And yes, it is MUCH faster than IE7. Before you brag about IE7 being faster than FF2, you should look at FF3, to see how FF2 and IE7 are slow.

2. It’s much more efficient than FF2, and IE7, less memory is used, ad more efficiently.

3. The world my friend, moves on. It’s called progress. Since FF3 is free and it’s a proven enhancement over the current version, you might want to give it a try. Besides, would you hold on IE8 when it comes out? Would you refuse an automatic update from MS? About Safari?

I honestly hate when people criticize products they haven’t even tried. It’s not FF vs IE flamewar that bothers me, it’s really the lack of spirit in trying something new before writing an otherwise pretty pointless article.

And since I didn’t want to aggravate any of my editors over at CW, I am writing a reply here.  I am, however, linking to this post in the comment section over at CW.  So here goes:

@NickF,

"Before you brag about IE7 being faster than FF2, you should look at FF3, to see how FF2 and IE7 are slow."

First, I have no reason to brag about IE7.  I was not on the IE7 development team.  Second, and more importantly, did you even read my post?  I said I would download FF3 WHEN they have made some fixes. 

"Since FF3 is free…"

IE7 is free.  It comes with the operating system.  Oh wait, you have to pay for Windows, so it’s not free… semantics.  You can get either one, and you’re not shelling out money for it.  You might not be able to get IE anywhere but on Windows, but hey, that’s good for FF, right?

"…and it’s a proven enhancement over the current version, you might want to give it a try."

Again, did you read my post?

"Besides, would you hold on IE8 when it comes out? Would you refuse an automatic update from MS? About Safari?"

Nice question to ask a security person.  The answer is "Yes".  I don’t load major updates on major apps that have huge potential to be avenues for malware, etc. until I have done some investigation.  That is why I have said I won’t load FF3 for a bit.  I did not load IE7 for months after it came out.  The only reason I loaded the newest Safari was because it was a bug fix for a flaw.  It went from 3.11 to 3.12, not 3.11 to 4.0. Big difference.

"I honestly hate when people criticize products they haven’t even tried.  It’s not FF vs IE flamewar that bothers me…"

First, I am glad you honestly hate it instead of dishonestly hate it.  That’s so much better.  Second, did I flame any browser? No.  Did I criticize?  No. If anything, I did the opposite of flame  and criticize (whatever that might be called).  I said "I use FF.  I also use IE, and I also use Safari for Windows (yes, I updated to 3.1.2) because I like features in each."  AGAIN, did you read my post?

"…it’s really the lack of spirit in trying something new before writing an otherwise pretty pointless article."

Come one NickF.  I never said you should NEVER go to FF3.  I never said IE rules and FF drools.  I never said anything bad about FF as a browser other than it is susceptible to some of the same flaws.

So, one last time.  DID YOU READ MY ARTICLE????????????  Or did your knee just jerk when someone dared question FF3?  My article was about asking motives.  If you would have calmly digested my article rather than just reacted, you would have seen my points.  Instead, you couldn’t resist moving this issue to the religious side of the aisle.  You claim to be honest about your motives, but you’re not.

Vet

I apologize if you have made some comments in the last few weeks and they have not shown up.  I get an email From Intense Debate that comments need moderation, but sometimes I miss them or don’t read the email correctly or whatever other lame-brain excuse I can come up with.

They should be there now.  I know you all were wondering what was going on.

Vet

OK, Armageddon is officially here.  Alan Shimel has made the comment that security marketing might not be "worth the paper it is written on".  Holy crap.

Though I am just having some fun with Alan, this still makes me wonder if the comments from Greg Ness (quoted in Alan’s post) are right.  Are the days of "entrapment marketing" over?  I am not in the position of getting a thousand calls everyday as a security manager anymore, but I do see a lot of those whitepapers still out there.  I still get a lot of email asking me to download them.  But Greg is also right that social media is taking over a lot for this.  That is why I created a talk / presentation where I talk about how to use security blogs as research tools.

Marketers MUST recognize this trend.  I still see a lot of old school marketers out there trying the old ways.  These people are either not adaptable, or they just have been under a rock for the last few years.  I get too much info on new products and trends from blogs for it to be worthwhile to download whitepapers that some vendor wrote.  Just doesn’t make sense.

Thanks for the post, Alan.  I am in Heaven!

Vet

I’m waiting.  Sorry I couldn’t contribute to "Download Day".  I guess I could have pulled it down and not installed like Martin, but I didn’t.  I just didn’t want to waste my time because I know there will be a new release in a few days that fixes a bunch of crap, and probably another one soon after that.  I know it is Firefox, but they are catering just as much as MSFT anymore, so there will be vulnerabilities.  I don’t feel like making my machine vulnerable to anything else.

Vet

Well, I was hoping for more people (it is hard to tie Houston people down), but I am counting this BayouSec as a success because of the presentation by Adam Pridgen (see below).  Adam reverse-engineered a bot and stepped through the process for the group.  I have to say that much of it was at a level I don’t play in since I am not a developer, but the process was very interesting to see. 

If you live in the Houston area and didn’t get to make this one, please consider getting to the next one (haven’t set a date yet).  I am working on getting more people to speak.  Some of the smart guys at Alert Logic have said they would do some talks, and I plan on doing a couple myself (who wouldn’t want to see that, right?… RIGHT??)

Here’s Adam’s preso and the video that went with it.  The video is kinda hard to see at times.  Too many windows and too small a font.  But Adam said it was his first time at doing the video capture.

Adam’s Presentation

Adam’s Video

Vet

It is at the Alert Logic facilities @ 1776 Yorktown, 7th floor, just south of the Marathon Oil tower on San Felipe.  It will start at around 6:30pm.

Below is the information on the talk and the speaker.  I expect the talk to last about 25 minutes, and then it will be open to questions and comments.  We can just let it grow from there. 

Thanks to Adam Pridgen for volunteering for this.  In the future, if you have something you want to speak on, please let me know.

Michael Farnum

—————————-

Speaker:

Adam Pridgen

Title:

Reverse Engineering Software with Basic Protections

Summary:

The presentation will cover the basics of reverse engineering malware or any other software protected with basic protectors and packers using ImmDbg, IDA Pro, LordPE, ImpRefound, Wireshark, and an IRC server.  The presentation will walk through dumping the malware to disk, and then cover the general process I used to identify the command structure, functionality, and required parameters to interact with the malware sample.
Bio:
Adam Pridgen is an independent security researcher and contractor.  Previously, he worked for Foundstone Professional Services where he was involved with code reviews, threat models, penetration testing, among other tasks such as teaching and lab development for the Foundstone’s Ultimate Hacking classes.  Prior to Foundstone, he spent a little over five years in the security community working on software development projects, software testing, and in telecommunications for a variety of organizations.  Adam’s most notable accomplishments include an MS and BS in Electrical and Computer Engineering and an Honorable Discharge from the US Army.

—————————-

OK people, we have a speaker for BayouSec. It will be on June 5^th at the Alert Logic facilities @ 1776 Yorktown, 7th floor, just south of the Marathon Oil tower on San Felipe. It will start at around 6:30 (finding that the later time is better).

Below is the information on the talk and the speaker. I expect the talk to last about 25 minutes, and then it will be open to questions and comments. We can just let it grow from there.

Thanks to Adam Pridgen for volunteering for this. In the future, if you have something you want to speak on, please let me know.

—————————-

Speaker:

Adam Pridgen

Title:

Reverse Engineering Software with Basic Protections

Summary:

The presentation will cover the basics of reverse engineering malware or any other software protected with basic protectors and packers using ImmDbg, IDA Pro, LordPE, ImpRefound, Wireshark, and an IRC server.  The presentation will walk through dumping the malware to disk, and then cover the general process I used to identify the command structure, functionality, and required parameters to interact with the malware sample.
Bio:
Adam Pridgen is an independent security researcher and contractor.  Previously, he worked for Foundstone Professional Services where he was involved with code reviews, threat models, penetration testing, among other tasks such as teaching and lab development for the Foundstone’s Ultimate Hacking classes.  Prior to Foundstone, he spent a little over five years in the security community working on software development projects, software testing, and in telecommunications for a variety of organizations.  Adam’s most notable accomplishments include an MS and BS in Electrical and Computer Engineering and an Honorable Discharge from the US Army.

—————————-

Vet

…for this interview?  It is titled "Embedding security has drawbacks says TippingPoint chief architect", but the explanation Brian Smith gives is about as weak as the American dollar.  Did TippingPoint marketing write the questions?  Sheesh.

Look, there is a need for embedded security AND security on the edge.  It really comes down to your business.  When good and fast security becomes built into the switch, I will look at it and judge it’s merits for MY BUSINESS (or my client’s business).  But this whole thing about switching and routing technology being outpaced by security technology is the largest piece of crap answer I have ever heard.  Of course the security technology is outpacing it.  That is because security is hot, hot, hot right now, and it has been for the last few years, whereas routing and switching are routing and switching.  But what does that mean?? 

Mr. Smith, was the incorporation of IPS into 3COM switches was a "fool’s errand", as you called it at 3:21 in the video?  Does that mean that you can’t incorporate the two?  Does it simply not work?  Is this just not feasible?  Of course not.  The reason you are saying this is because the 3COM / TP deal fell through for other reasons.  Plain and simple, 3COM was not in any kind of position in the switching market to make a dent.  I wrote about this a while back.  Here’s most of that post:

When I was an infosec manager, I was a TippingPoint customer. When I bought the TippingPoint box, stand-alone devices were still all the rage. UTM and NAC were pretty much still new terms. But right about the time TippingPoint was bought by 3com, the convergence track had started to emerge. Cisco was really getting into putting different devices in their switches. Things were really starting to move in that direction, and 3com probably thought they should do the same.

But just in case things were not what they seemed, 3com decided to test the waters (conjecture on my part, but plausible conjecture nonetheless). So they surveyed their customers (or TippingPoint customers, at least). I received one of these surveys. Among other things, it asked if I would buy a 3com enterpise switch with a TippingPoint IPS blade integrated into it. Understand that I come from the network engineering world. I have installed and configured many a switch and router. And for the immediate 4-5 years before this survey hit my inbox, 3com had been about as present in the enterprise switch space as a woman at an ISSA chapter meeting. The biggest place you saw 3com was on a NIC or a little white 8-port hub in a room full of cubicles. So, I answered a definitive “not no, but hell no”.

To clarify (if the above didn’t explain it well enough), it was the 3com switch that threw me. I wasn’t unhappy with TippingPoint (except that they had been bought by 3com). I liked the box. It served me well. If I could get a TippingPoint blade for the 4506, I would have seriously considered it. But there was no way I was going to replace my Catalyst 4506 with a 3com switch, no way, now how.

Of course, I cannot answer for every TippingPoint customer who received the survey, but I can guess that many of them answered the same way. And this makes me wonder if 3com and TippingPoint are sitting in ivory towers and ignoring the trends because it doesn’t compute that people don’t like their switches.

And to add one more thing that may add some credence to my hypothesis: I also had a couple of 3com reps come out to visit me during the final months of my tenure as an infosec manager. When my boss and I told the 3com guys that we would not consider in any way replacing our current switching infrastructure with 3com because of our impression of 3com as a serious player, they were completely surprised by our attitude. Now maybe they had never received that reaction before because we were just a little more harsh and up front with our opinions. But my immediate opinion was that they really didn’t know they had that kind of reputation. Maybe it is just me that thinks this about them, but I don’t think so.

 

So basically, what it came down to was that 3COM did not impress me, so I would never have bought their switches.  The IDEA was a good one.  They recognized that it was a good one.  But they could not make it happen because no one wanted to buy 3COM switches.  Plain and simple. 

Now let us get back to the business of security while you guys go try to fool a few more people.

Vet

The Internet is a nuisance. Really, it is. It never ceases to amaze me how much "trouble" the Internet causes.  Now I will be the first to say that it is possibly the best innovation in human history. But at the same time, it has also caused more problems, headaches, and heartaches than almost any innovation that I can think about. And it continues to redefine everything we do as a society and a race

I know this is really not news, but it just struck me when I was poking around the news this morning and ran across this article about some websites looking to sue the state of Oregon over publishing laws online (I have written about issues similar to this about governments and publishing SSN’s online here and here).  Here’s some of the opening paragraph:

Both Justia and Public.Resource.Org have been at loggerheads with the State of Oregon over their desire to publish the state’s complete body of law online, for free. While that sounds noncontroversial—state law even requires the laws to be offered as widely as possible—the state’s Legislative Counsel Committee claims copyright over portions of its Revised Statutes.

And as I started to think of something to write about this, it struck me that this was really just a symptom of a larger issue. Basically, the problem is that no one has figured out just how to deal with these issues because we have moved so far so fast in the last 15 years.  But why can’t we catch up? 

Seriously, we have been moving a the speed of light with technology for the last 100 years or more, and we have always been able to catch up with safety and laws pretty fast.  Cars were invented, there was the first crash, and then we started figuring out that we need to have some kind of traffic control  It may have been a while before it was worth a crap, but we caught up relatively quickly.  Then there were airplanes.  The Wright Brothers invented it (I have heard that it is debatable), then they crashed it and killed someone, and we figured out that we needed to make this safer.

Honestly, I don’t know how quickly people started figuring out that these types of things needed to be regulated.  Likely it was all about risk since there weren’t a lot of planes or cars around when they were first invented, so a lot of safety was needed yet.  But we got smart eventually.  Consider this quote:

It’s like trying to predict back in 1910 the impact of the automobile on society - the highway system, gasoline refineries, motels instead of hotels, new dating patterns, increased social mobility, commuting to work, the importance of the rubber industry, smog, drive-thru restaurants, mechanized warfare, and on and on. The net will bring more than quantitative changes, it will bring "qualitative" changes. Things that were impossible will now become inevitable. – Larry Landwehr, 1993

The move to adopt the Internet and the rush to make it better and faster just came to quickly.  Just like the Wright Brothers probably didn’t imagine planes that could traverse the globe in a matter of hours, the inventors of the Internet never really factored into their design a world wide public network that had to contend with a bunch of thugs trying to steal everyone’s information.  They were trusting souls who figured it would just be a bunch of geeks from colleges talking to each other over email because they couldn’t get a date. 

But it became so much more so much more quickly than anyone imagined.  And it pervaded everything.  And now it is a struggle to catch up because the people who are really trying to fix the problems are often contending with the bad guys and the people who look like they are doing something and are really just riding the gravy train that the security issues have created (I have been guilty of that and still am in many people’s eyes since I sell security services and products).

So how do we fix this stuff?  Well, short of bombing us all back to the bronze age ("Stone Age" is so overused, and bronze is shinier), I really don’t know.  There are theories abounding.  Some people say we need to go back to the people and get them to buy in to doing things right.  Some people say we need to leave them out of the equation and just implement technology.  Others say we should just start over from scratch and build in security from the ground up.  There are books upon books and speakers upon speakers (two more lucrative by-products of bad security) talking about security and the Internet.  But it all keeps coming back to one thing: we’re still insecure.

What I don’t understand is how the bad guys keep figuring out how to break in when we supposedly have people out there trying to find the flaws before they do.  Is it simply a numbers game?  Do they have that many more people looking than we do?  Do they have a much more lucrative job than we do, so they are better motivated?  Is it because the countries in which many bad guys reside don’t give a crap or just don’t have the resources to catch them?  All of the above?  What else?

How do we get ahead of this?  How can we put the same amount of resources into this to find the vulnerabilities before the bad guys?  People have tried to create communities and projects where they pay for vulnerabilities.  But there’s no guarantee that they are the only ones getting the results of their research. 

You know what?  I don’t see and end to this.  I think there is really no way to fix it.  This simply is a human problem.  There have always been bad people, and there always will be.  And since humans are imperfect and will make mistakes, the bad guys will find ways to exploit those mistakes.  There are smart people on both sides, and they will continue to struggle against each other forever (I know, kind of melodramatic).  All this talk about "security should have been built in" is just a pipe dream.  Security Nirvana is not possible.  There will always be mistakes.  Every time we come up with something new, someone figures out how to break it.  And yes, part of that may be because it is based on old, insecure technology, but the human element will always creep in.

I just don’t see another way.  Yes, there can be some model changes when it comes to how stuff is sold and what really works and other things can be factored in to make change happen on a substantial level.  But this is really what we have to work from.  I know there is a lot of room for discussion here, and I welcome it.  Please help me see this differently.  But for right now, this is how I see it.  I am not being cynical.  I am not quitting on security.  I just think it is going to be a protracted battle that will require dedication and persistence. 

Vet

Vet

OK, I know I started a personal blog so I could keep this place security centric, but I really just don’t like doing that.  As Alan would say, this is my blog, and I will post what I want.  So I have decided to start putting personal stuff over here again.  That being said, here’s a personal post.

Meet Lizzie:

She is a German Shepard / Rottweiler mix that we adopted from the SPCA.  We really went in there looking for a smaller dog, but she (corny alert) captured our heart before we really had a chance to look (I’ve heard the dogs picks the family, not the other way around, and I believe it now).  She is three months old, and she is already showing me she is one of the smartest dogs I have ever met.  And the family loves her already, even though the kids have felt the wrath of sharp puppy teeth from playing with her.

By the way, she is named after Elizabeth Bennet from Jane Austen’s Pride and Prejudice, even though I am pretty sure Austen spelled her nickname "Lizzy".  Austen is a favorite author of my wife and me.

Vet

Need a good one-liner?  Take a look.

Vet

…make Michael a low-volume blogger.  I have back and forth between Houston, Dallas, and Austin over the last couple of weeks, and most of those trips have been driving.  So, When I get to my hotel room or back home, I am just worn out. 

And work has been pretty hectic lately as well.  I have two statements of work due today that are pretty dang big, and I have a couple of conference calls to boot.

So all of that translates into low volume. 

I’ll be back…

Vet

First, let me be very clear that I have, in the past, downloaded music illegally.  I have also used pirated software in the past.  And while I can’t say that every song I have on my iPod is legal (simply because I can’t remember where I got some of them), I can say that I discontinued the use of pirated software a while ago.  So, moving on…

Don Tennant is an editor over at Computerworld, and he is also a blogger.  He recently posted a story that his son wrote while attending Worcester Polytechnic Institute in Massachusetts.  The story was about a group of pirates (software, music, and movie pirates - not the kind who says "ARGH") at his school who were very prolific in their pursuits and ended up getting caught and quite busted.  It is a great read, and it goes into a lot of good detail (Don, looks like your son got your writing talents). 

But as good as the story is, my point for this post is the comment that was made on the post.  Someone that didn’t post their name (people like this usually don’t) wrote a fairly lengthy comment.  Here’s the main excerpt that makes me cringe:

Sure what the students is doing is "illegal" but the fact of the matter is that there is nothing that they could ever do to completely stop this type of illegal activity.

Here’s my reply:

I worked for a company a few years back that built apartment complexes at major universities all over the country. We were also the ISP for the students that lived in our complexes. The network became a huge P2P site after a while (as well as a rampant malware playground). We received notices from the RIAA and others on a fairly regular basis about copyright violations coming from our IP space. It was nasty. We ended up putting in "application aware" security appliances and throttled down the traffic for everything but a few known apps. This worked even for traffic being tunneled over http, but anything https got through. Advances have been made since then, but it is still going on.

But this is not really a technology problem, is it? This is a moral and ethical problem that will never stop because people like Anon put quotes around the word "illegal".

That is really what this is about.  As long as people can justify in downloading music, movies, and software illegally, it is going to continue to happen.  This is not a problem that technology is going to solve.  The different industries have tried again and again, but to no avail.  It really comes down to people’s hearts. 

And having made that disclaimer above, I also want to say that I am not writing a "holier-than-thou" post.  I am simply writing this post to say that when you are breaking the law, no amount of quotes around the word "illegal" makes it OK.

Vet

John Thompson is an ass.  There, I said it.  Whew…

So now, let me ’splain.   I did not really have an opinion of John Thompson until the 2005 RSA Conference (except for the acquisition of Veritas - it made sense to me, but it royally screwed me over at a critical time - explained below).  I just thought of him as another CEO of a pretty successful security company.  Either he had not done enough to stand out to me, or I simply had not paid attention to him up to that point.  Anyway, I was sitting in the audience at RSA 2005, and I had just finished listening to Bill Gates talking about their entry into security.  Like many people, I met this with apprehension and doubt, but I still listened with respect.  But then Mr. Thompson came up after Bill was done, and that respect factor went right out the window (for Mr. Thompson, that is).  He proceeded to rip Bill Gates up one side and down the other, and it was the single most rude and disrespectful display I have ever seen.

Now don’t get me wrong.  I am not a MSFT fanboy.  I have slammed them on many an occasion.  But what Mr. Thompson did was really beyond just trying to head off a competitor.  It was unprofessional, and it smacked of school-yard bully tactics.  And to add to it, Mr. Thompson had a crew waiting at the doors handing out review forms to see what the audience thought of his little speech.  I gave it negatives across the board, handed it back with a sneer, and then slapped the person who handed it to me (OK, that last part about smacking them was made up… but I DID sneer).

Now he is being downright condescending towards McAfee.  When asked how he felt about them since they are viewed as Symantec’s chief competitor, he said:

It’s a nice little company and they do a nice job. The industry needs competition. But we don’t see their portfolio as competing directly with ours. We help customers manage their infrastructures better.

Dude, come on.  Please get off your friggin’ crystal tower.  You can debate your quality versus their quality if you want, but pitiful statements like that are beyond ridiculousness.  Confidence is needed in a CEO.  Arrogance just looks petty.  Eric Hoffer said, "“Rudeness is the weak man’s imitation of strength."  You are looking pretty weak, Mr. Thompson. 

BTW, I am not a McAfee fanboy either.  But Mr. Thompson, I have run and managed both your AV products and McAfee AV products in ENTERPRISE settings.  McAfee has ALWAYS beat yours, hands down.  And that is in management, performance, and accuracy.  That is my experience.  And while I have limited experience in some of your other products, I can say that from the outside, your product line looks like a mismash of crap. 

And your acquisition of Veritas way back when?  I was actually one of the few people who thought that acquisition made sense.  But that also hosed me in so many ways.  Like when I was trying to perform my DR test in Arizona.  I’m a big boy, so I take responsibility for that kind of failure.   But horrible support from Veritas / Symnatec single-handedly screwed up my DR test.  Support was already bad at Veritas, and you jacked it up even worse.  Great job.

So there’s my rant.  I hope I don’t get sued for libel. :)  BTW, it looks like someone else out there feels the same way I do about Mr. Thompson (though they said it in a nicer way).

Vet

Monday was meetings.  Then spent Tuesday and Wednesday in New Orleans doing an eval install for Bluesocket (actually, the SE for Bluesocket did the install - I was there to learn).  Then I spent all day Thursday driving around one of our sales people from Dallas since she has a few clients down here in Houston (we had some good meetings, so it is worth it).  THEN Friday was spent driving roughly 6 hours (round trip) to Austin for ONE meeting (I also picked up one of our sales guys at the Austin airport - I love being a chauffeur).

That is often the life of a sales engineer.  Driving, flying, installing evals, driving, flying, talking to clients, flying, driving, driving, flying… You get the picture.  Just seems horribly inefficient sometimes.  But all part of the gig.

Vet

Man, Brian Krebs is just trying to talk about the incident over at the Obama blog where someone stuck in some code to redirect visitors to the CLinton website.  And what happens?  Just go over to Brian’s site and read the stupidity.

What is it about politics that brings the worst out in people??

Vet

Diebold Accidentally Leaks Results Of 2008 Election Early

I just received a nice little USB stick from LogLogic.  It has a bunch of info on how to sell their new MX line of products.  That’s great.  Seems to be a good idea.  But guys, you DO know what these are used for, right?  They immediately become wiped (that is, if the person is not too paranoid to actually use it).  Hopefully the person copies off the material before they wipe it, but that obviously cannot be guaranteed.

So here’s my gripe.  If you are going to give me a flash drive and want me to sell your stuff, make the drive 1 Gig or more.  This 512 meg crap just don’t cut it.  Dr. Anton, speak to your marketing people, man!

BTW, eEye did the same thing last week at RSA, but their drive was 1 gig.  Kudos to the eEye marketing folks!

These branded flash drives also make great attack tools.  The random USB drive might not be trusted.  But if it is branded, why not?

Vet

I have announced a few new security blogs here at An Information Security Place over the last couple of years (yes, I have been here for over two years now - just realized that myself).  Well, this time I am not actually announcing a new blog, but a new blogger.  I am specifically talking about Sam Van Ryder, who works over at Alert Logic.

While Sam has been a prolific blog commenter for a while now, he had never taken the next step into his own blog.  I guess he still has not done that, since he is actually blogging at Alert Logic’s blog.  However, he is officially part of the club now, no matter is he has his own blog or is using another platform to do so.  WELCOME, SAM!

Now, fair warning.  Sam works for a manufacturer, so I am sure we will have to hear the party line from time to time.  However, I know those guys over at Alert Logic very well (they are based here in good ol’ Houston), and I can tell you that they have some unwaveringly honest people over there.  So yes, they are going to speak well of their company.  That is to be expected, and I am totally fine with that.  But I know Sam will also be a refreshing voice that will do a whole helluva lot more than be a cheerleader for Alert Logic.  Just go judge for yourself by reading his first post.  His writing style is very good, and he has some good insights.

Great stuff, Sam.  Welcome to the club.  Now people can be star struck by you in a couple of years. :)  And kudos to Misha for getting you on there.  Now if you can kick his ass enough so he will start writing again…

Vet

I have been getting this crap steadily for the last month.  Driving me nuts.

Vet

OK, I have to officially applaud Microsoft and their catering to bloggers.  What I am talking about is the lunch that Microsoft sponsored for security bloggers today at the RSA convention.  They invited a few of us bloggers to attend a lunch to talk about blogging, how we all came to be bloggers, and what they see as the They are very interested in our thoughts about blogging, where we see the evolution going in the future, etc. 

They also seems to be very interested in making sure they use blogs in a genuine fashion.  What I mean about that is this: they want the people that blog for them to present the issues in a real and honest fashion.  They recognize that someone who speaks the truth about what is going on with a product and gives people the feel of having an insider’s knowledge lends credence to their opinion and ultimately lends credence to the company itself.

Of course, the main issue they are trying to grasp is how they can use viral marketing to grow their business.  And guess what… that doesn’t bother me in the least.  They recognize the power of blogs in getting the word out.  And that is a good thing.

Good job, MSFT.

Vet

A quick post here.  In case you are interested, I am having fun at RSA.  Although I stayed out a little too late last night because Martin was dragging me to a bunch of parties (OK, I went willingly, but my feet still hurt this morning).  I got to see  a lot of my fellow bloggers before tonight’s get together, so that was cool.

I have to say that McAfee’s party was the coolest I have seen.  They really did it right.  The music was excellent, and even the weird stretchy lady outside was cool.  The lady in the weird makeup freaked me out, however.

And a quick shout out to Mr. Shimel and Mr. Rothman, who have both lost a lot of weight and are looking good.  Congrats on that guys.  Now give me your secrets.  I have a triglyceride problem I need to work on!

Vet

I just wrote a post about the Olympic Torch going through San Francisco on Wednesday and the security concerns for those of use that are going to be at the RSA Conference.  The first comment was helpful and gave a link to the map of the procession through San Francisco.  The second comment said this:

China’s human right record is no worse than the US. China does NOT torture prisoner at Guantanomo.

This is much ado about nothing.

The Tibetan minorities enjoy special right in China. They don’t lost tax credit for having more than 1 kid.

If anything, the Chinese police need to receive some training from the CIA and go after these Tibetan terrorists and thugs who are bent on murdering the Han and Hui people of China.

Wow, how nice that the Tibetan monks don’t lose tax credit for making a CHOICE to have more than one kid.  Man, that’s friggin’ freedom right there!!!  What a freakin’ idiot.

Notice the dropping of the "s" in a few spots, which indicates to me that it is written by someone from China that supports the evil regime in China.  Maybe a member of their pinko commie PR team.

Vet

Anyone else seeing these?

Vet

I hate when I do stupid stuff.  And it is even more embarrassing when it is a rookie mistake in front of a customer.  A client of ours bought a new Juniper SSG 320 firewall and a new Juniper SA2000 (SSL VPN).  One of our consultants has the firewall in place and working, but he didn’t know how to configure the SA.  So, I jumped in to help.  The only problem is that the client is in Dallas, and I am in Houston.  So, we got the basic config on the box, and I connected remotely and started configuring away with the client on the other line (he was watching via the remote meeting feature the SA has - kinda like Webex).

So the client wanted the administrators to authenticate through their active directory.  I said fine and started modifying the admin realm and role to authenticate back to AD.  Well, Mr. Brilliant here (that’s me) didn’t think about the fact that I was modifying the very realm and role that I had authenticated through, which was pointing at a local user database.  I modified the rule, save the changes, and BAM!  I lost contact.  DUH!

OK, well, it disconnected me, but we should be able to get in using the client’s AD creds, right?  Well, no.  That wasn’t working for some reason (still working on that).  So the client had to go to the console and create a temporary super-admin user to reset the stupid stuff I had done (luckily Juniper anticipated idiots like me and created a way around the problem - but it is through the console, so you have to have physical access to the box).

Dang it!  Just smack me!

Vet

I just read this story over at Computerworld Outback (it’s not actually called that, but it IS in Australia).  It looks like there is another initiative for vote by their shareholders to get Google to quit censoring the Internet at the request of pinko-commie regimes like China.  There was a similar initiative last year that was voted down by shareholders.  Basically, this comes down to the simple fact that Google and the shareholders will do anything to make money, even if that means doing the bidding of the evil Chinese government.  I think I am finally going to switch search engines.  This makes me sick.

Something else I noticed the other day when I was at a product demonstration of Palo Alto Networks.  Part of the functionality is showing top traffic origins and from what countries those came from.  Pretty standard.  But Taiwan was shown as "Taiwan Province of China".   Hmmmm….  One of the Accuvant account managers is from Taiwan, and she also thinks China’s government is evil.  She raised a stink before I could (we waited until the clients had left).  Of course,  one of the guys was a simple local SE and the other a simple local AM.  But the other guy was a product manager.  He really didn’t have much of an explanation other than it came from some database.  We urged them to move that up their chain, but my guess is that it won’t happen.  I like their products, but this is just not right.

People, I know this is a security blog, but I think this falls in line pretty well.  China is a threat to our security, both in the physical and the cyber world.  They don’t keep their people from wreaking havoc across the world by cyber attacks, but they won’t let their people express themselves in any way counter to the Chinese dictatorial, malicious, abhorrent, evil regime.  But are spending money, so no one gives a crap.  It truly makes me ill.

Vet