Hack The Planet

A buddy sent me this video of CSI NY knowing that it would break my brain. I don’t ask for much, just get a technical consultant if you don’t know what you are talking about.

I have a horrible time breaking away to keep this updated so if my posts always seem 4 days late…well they are.

After doing a lot of research on the Phlashing attack that is being discussed I find it interesting that everyone discredits it not because it would not be wildly successful, but because there is no money in it. There is no more illusion as to what being a hacker is anymore. You are either paid by the mob/organized crime or you are working to stop those paid by the mob/organized crime.

There don’t seem to be a lot of mystery seekers out there anymore. People that would work all night to get something to work, or to find something new. No one wants to know about hacks or cracks that are not directly tied to the purse strings of whoever they report to. It feels dirty.

There needs to be a restart button on the internet.

This has been pretty publicly beaten to death but I just thought I would throw my thoughts in on the whole Debian SSL key issue. This is crazy. How does this not get noticed for as long as it has been out (any keys generated between 09/06 and 05/08)? Which makes me wonder how many people already knew about this and were using it without the community at large being aware of the problem?

I hate to be the one to ask but is this caused by open source testing? Are people more forgiving of faults in Linux so they over look glaring defects? There doesn’t seem to be as much animosity as there would be if this were an issue in Windows. Maybe I am just more questioning now that I am running a macbook and every where I go mac folks are blaming everything but the macbook. “It isn’t your mac, it is that you want to run encryption. Just don’t use encryption.” Hello? McFly?

I just watched Untraceable with the wife the other night. It is the movie with Diane Lane where she plays an FBI cyber-crimes expert. The premise was a killer put up a website (killwithme.com) and the more hits the site got the faster the victim died. There was of course no way to track the killer via the internet because the killer was too intelligent. It is weird to me how often movies with very technical premises don’t really have a technical consultant to help make sure what the actors are saying makes sense. Also, if you show a character having a certain level of intelligence don’t take that intelligence away from them at later point when they could really use it. In the end, it was a good movie but you have to turn your brain off to accept some of it.

Time and again I talk with people that have purchased security products but never implemented them. It seems like a lot of people have this idea that just purchasing security is half the battle. It is almost worse to do this than to not buy at all because then they get a false sense of security. It is like all of these people that are buying Macs but never update them or configure their firewall. There may be less attacks against Macs than there are for Windows but it just takes one successful attack to ruin your day and your credit. Security isn’t really an option in today’s hyper-connected world. The only way to be secure is to be aware of what is out there and be working to minimize your risk.

Reading blogs is about as useful as watching the Bill O’Reilly show. I know that writing about blogs being useless on a blog is silly. I think that gathering information and reading other people’s opinion isn’t necessarily always bad but how do you determine the credentials of the person whose opinion you are reading?

I was forwarded a link to a blog earlier today and after reading it I was pretty disappointed that NetworkWorld would have someone blogging on their site that obviously had only worked in a sales or marketing role. Not that there is anything wrong with sales or a marketing person but let’s be honest, they don’t necessarily know everything there is to know about actually implementing a solution.

This specific person is the same guy that in 2002 said that IDS/IPS was a failed and dead technology, then a year or so later goes and works for a IDS/IPS company. Obviously he is a man of vision. Anyway, it just made me think of how many people may read this person’s blog and get a very incorrect view of NAC and what it does and what it is capable of.

Be careful what you read because who knows who wrote it.

I was out at Interop the last few days and I thought I would just throw a few of my impressions out into the ether.

There is something very disturbing about how rude people are when you try and talk to them. Not everyone at Interop was rude but there were some folks that were just straight up jerks. I know everyone working in a booth is just trying to do their job but aren’t we all there to inter-operate or what not? To communicate and show how we can work together?

It is similar at most shows I have been to. People working the booth don’t want to discuss what they are doing or even just how the current show is going. I stopped by the Foundry booth and the lady that greeted me turned into a stone cold bitch when she found out I was a partner and actually already used Foundry gear. That is the way to keep partners or keep me recommending your gear. Not that I have amazing say in what people purchase but I talk to a lot of folks and I make sure to mention other companies that have gear or software I like. Maybe the person buys, maybe they don’t but they have heard a positive reference to the company.

The issue is the people that are sent to shows. The company I went with sent the right people, a good mix of marketing, sales and engineers. I didn’t notice anyone at our booth blowing folks off or being like “You’re a vendor, go away!” The booth staff even lent some of our gear to other booths just because.

In contrast to the Foundry witch the Solar Winds folks were great. I chatted with them for a bit and have a customer of mine looking into using them to monitor system utilization. Having a positive outlook on a company greatly increases my desire to recommend their product or even just work harder to make it work well with ours.

All in all Interop was a good show. I just think companies need to stop hiring folks to work the booths that A) aren’t really employees of the company and B) don’t have any idea what the company does.