Notacon 9 - Cleveland FTW!

So after visiting fabulous Cleveland last weekend I was inspired to make a blog post after almost a year. Blogging is great but unless someone is making me do it regularly it doesn't happen as much as I'd like. That, and the fact that Twitter is way easier b/c it is short and sweet. I tweet now and then as @nibbelink so if you want to know what I am thinking maybe a handful of times per month send me a request.

Back to Notacon - where to begin? Froggy and friends put on a conference like no other - literally. It is a very cool mix of InfoSec, IT, hackers, geeks and people who are fun to meet/talk to and hang out with. Met a guy who has the same Yamaha QY10 sequencer/synth that I have. That almost NEVER happens. Seriously, who had one of these but me - let alone remembers (not so) fondly doing MIDI step programming to put together a basic drum rhythm and bass line?
http://en.wikipedia.org/wiki/Yamaha_QY10

And then there are the talks at Notacon. I am biased b/c I got to present with my friend EggDropX but still - there were fascinating talks on everything from open source music making via algorithms to how to help your kids be good Internet consumers. You aren't going to get that at most other conferences that I've been to. And if you are like me either work won't pay for BlackHat/DefCon or you cannot afford it out of pocket.

And so, let me close this brief shout out with some advice - you owe it to yourself to checkout Notacon 10 in 2013, and also you need to go to GrrCON. It's what put GR on the InfoSec map. This is year 2 and it will blow your mind and if it doesn't there is free beer. Enough said.
www.notacon.org + www.grrcon.org = doubleplusgood

A Fresh Perspective

After returning from a nearly two week vacation I realized how important it is to take a break, get away, relax and recharge. While the first day back at work was a rather painful adjustment to the reality of work and not being able to do whatever I wanted for the day, on day two I realized that I had clarity on some things that had been rather fuzzy before vacation. It was like when the coffee kicks in on a morning after a good night of sleep and suddenly things make sense - only more so.

So my summer 2011 advice is get out of the house, get out of town if you can and spend time with people you love and who love you be it friends or family. Or, if you are so inclined get away for a few days alone. Do something fun, try something new, consider pursuing a hobby completely unrelated to your job. Leave the cell phone at home (or at the very least turn off the pulling of work emails.) I found camping where there is no cell signal whatsoever helps if self control does not allow a completely off the grid getaway.

Know Thyself -> Subtitle: Is DIY always a good idea?

A recent presentation I did at work for management about justifying hosted SIEM (Security Information & Event Management) and some follow-up questions from leadership got me thinking about the do it yourself ethos. I think IT in general and InfoSec specifically are big on DIY and this is for the most part a good thing in my opinion.

Products/solutions like Snort/Wireshark/Metasploit/etc. would not be what they are today without the roll up your sleeves, pour yourself another cup of caffeine, get down to the bits and bytes or hex command line foo.

(You knew the but was coming.) But when does trying to be all ninjas to all people become your achilles heel? If you are in a small IT shop is it realistic to think I (or perhaps you the reader) can be a master of all [CISSP] domains? Could trying to do it all lead to missing important stuff while trying to figure out whether or not to worry about a particular IDS event that may or may not be important.

Maybe this is about trying to reassure myself that the insecurity devil that occasionally sits on my left shoulder saying "YOU ARE A NOOB AND A POSER AND YOU WILL NEVER BE A NINJA" is just a figment of my imagination. Or perhaps I am taking a look in the mirror and trying to have an honest self assessment and admit that I am better off finding a good consulting shop to help me tune my IDS/IPS or perhaps hiring out some security functions such as log/event analysis ala SIEM.

Everyone has different gifts/talents/abilities. Knowing yours and admitting which hats do not fit is sometimes painful but can also be a liberating experience and lead to focusing on what gets you fired up.

Sources:
- This post was inspired in part by a radio program I heard featuring Christian author/speaker Chip Ingram about doing a sober self assessment - identify your 3 greatest strengths and 3 biggest weaknesses, there was more to the talk but this to me was the crux.
- The thinking chimp photo is just something I thought about after watching a Nature episode on monkeys - did you know some monkeys have learned to lie and they also have squabbles between groups which lead to injury and death?

My 2011 prediction = more of the same

Since I am not able to predict the future and I don't have enough big picture expertise in InfoSec to make intelligent and plausible predictions, I am going to take the easy way out. I know it isn't exactly exciting and you might even call it lame, but I predict 2011 will bring more of the same. (I am not a poet, and I know it.)

1. Increasingly frequent financial data breaches ala TJX and Heartland
2. Malware, malware, and STILL MORE malware - and likely even more crafty varieties
3. Finally, the one that freaks me out most of all - more SCADA/Control System activity ala Stuxnet. Even without (alleged ;) government involvement, no doubt the bad guys took careful notes of the possibilities. The terrorists and government sponsored groups are likely pulling down additional copies of Siemens, Schneider, Rockwell, Modicon et al softwarez and likely also buying a representative bunch of PLCs to increase their mad skillz in pawning pumps, valves and variable frequency drives.

Best wishes to you and yours for 2011, and for those of us wearing the InfoSec white hats - as they used to say on Hillstreet Blues: "Let's be careful out there."

More Amusing Malware

So this one really cracked me up. My friend and co-worker Matt are chatting about this and that with an infected client sitting behind us running a virus scan when BOOM the computer came to life with another of your garden variety fake AV. It was funny and sad at the same time.

It gets better, after pulling the Ethernet plug out and watching to see what Matt calls the bad mojo was going to do next (several minutes passed, not much happening) then all of a sudden the following warning about an attack/threat from a specific IP.

If the bad guys can block threats even when the computer is offline, that is simply cool and yet unfortunately impossible. I love my job.

InfoSec FUD Marketing

I received this email recently and I think it hit on my last good nerve. C'mon people, do we really need this kind of crap going around in 2010?

If this email works to drum up business for a telecom/security/whatever consulting group, I would really like to find out who the people are biting on this particular fish hook. I would call them myself under the guise of Doug's Ninja Service LLC as I think I could also sell them some DLP snake oil or perhaps a bit of magic pixie dust that stops all future malware variants - in the cloud.

Censorship be damned

December in Michigan began with a snowstorm and a chill in the air that seems to be stuck inside my bones. While it does not seem to have affected my lukewarm heart, the jury is still out.

I thought that I would begin the last month of the year by posting a PDF of my absolute fave blog post of 2010. I can say that now because there is no possible way to upstage this gem.

Matt Olney of Sourcefire VRT fame posted a somewhat inflammatory but 100% spot on rant that was shortly thereafter removed. I made a PDF from the ever useful Google cache version and am posting it here until the ever witty and sharp tongued Mr. Olney asks me to remove it himself.

The Rise of the Citizen Cyberwarrior by Matt Olney