Archive for December, 2006

Dec 29 2006

Tag, I’m it!

Published by under Blogging

Darn it, Michael Farnum tagged me and I can’t let it just go by without responding.  I guess it’s just part of what little competitive nature I have in me.  So just for this one post I’m coming out of my self-imposed blogging moratorium and posting.

Five things you don’t know about me:

1)  I was a 31v10 (Radio Repairman) in the US Army stationed in Germany from 1986-1988 (Edited: I was off by a decade, I originally wrote 96-68).  They still did 2 year stints back then and I decided after my time was up that the life of an enlisted man just wasn’t for me. 

2) I’ve been playing table-top role playing games since I was 12.  I’ve probably learned and forgotten more gaming systems than most of today’s 18-25 year old gamers have even heard of.  I still play Dungeons and Dragons fairly regularly and was given a foam-rubber 6″ 20-sided die for Christmas.  Yes, I am an uber-geek.

3)  I am a voracious reader of sci-fi and fantasy, though kids, blogging and podcasting have really cut into this.  I was given Jim Butcher’s latest Harry Dresden book, Proven Guilty, for Christmas and finished it in 1 day.  It was only 400 pages or so.  And unlike my wife, I don’t skim or read the last chapter first.

4)  I have two small children and sometimes my wife has to ask which of the toys laying around the house are theirs and which ones are mine.  And it’ll only get worse as they get older.  I got a Robosapien V1 for Christmas and my oldest got Lego Mindstorm NXT.  He immediately took over the Robosapien and I ‘had to’ help him program the Mindstorm.

5)  Even when I’m getting away from the computer, I can’t get away from being a geek.  The whole family orienteers and geocaches for fun.  When we kayak (we have 5) I take the GPS with us to record the experience.  The only adventures I haven’t figured out how to enhance technologically are rock climbing and snorkeling, but since I haven’t had a chance to do either of those in a few years, I haven’t had the need to yet.  But I will, oh yes!

Unluckily Michael already tagged three of the people I would have tagged.  So I’ll have to cast my net a little farther afield than he did and pull from some of my friends outside the security community as well as inside it. 

Richard Bejtlich, Jeremiah Owyang, Larry Pesce, Michael Santarcangelo, Robyn Tippins

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 26 2006

Back from Oregon

Published by under Blogging

Despite foul weather and questionable driving skills (other people’s, of course) I have made it safely home from Oregon.  I almost took part in a serious accident on the way up, and there was snow and rain for most of the trip back.  But other than travel problems, our family had a great Christmas and I hope yours did too.

I have five days worth of mail to go through.  If you’ve sent me an email for the Network Admission Control books from Cisco Press I mentioned last week, be patient; I will respond within 48 hours.  If you didn’t listen to last week’s podcast, go listen now.  I’ve got an extra set of books a publisher sent me and I’ll be giving them away next episode.  If you want to in the drawing for the books, send me an email nsp_at_mckeay.net.  One of my sons will draw name out of the hat, and the lucky listener will both books.

I’m still in fairly low profile blogging mode until after the new year starts.  I’ll be back with a podcast on January 2nd, if I don’t blog before then.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 19 2006

Network Security Podcast, Episode 55

Published by under Podcast

I figured I owed everyone a podcast, and while it’s short and lacking on details, it’ll give you a little idea of why I’ve been so little in evidence lately.  Basically, it’s to stop me from saying something I shouldn’t while stressed at work.  This should all be resolved or close to it by the next show, which by the way will be January 2nd, 2007.  I’ll be travelling the day after Christmas, so unless I surprise myself and do a car cast, there probably won’t be a show next week.

Show notes:

Have a good Christmas with family and friends.  I’m looking forward to next year.

Network Security Podcast, Episode 55, December 19, 2006

Time:  really short

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 12 2006

No podcast tonight

Published by under Podcast

I’m going through an audit at work and I’m still recovering from my illness several weeks ago.  Basically, after 30 seconds of recording, my voice sounds like gravel.  The audit will be done soon and hopefully my voice will be better once the stress is out of my life.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 12 2006

Minimalist blogging

Published by under Blogging

I’ve got all sorts of stuff going on for the rest of the year, so I’m going into minimalist mode, one step above putting the blog on life support.  So don’t expect to see much new here for the next 3 weeks, but I’m still around.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 08 2006

I’ll keep my soul, thank you very much

Published by under Humor

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 08 2006

Thieves intercept phone signals to capture ATM data

Published by under Hacking

Thieves over in the UK were unplugging the phone line of ATM’s from the wall, plugging in a tap and recording the signals to an MP3 player.  Then they’d take the captured information back to their computers, decode the information and make counterfeit ATM cards.  It sounds like the ATM machines in the UK can be used to get money from credit cards without a PIN or that the PIN couldn’t be decrypted, though the credit card number could be decyphered and used in  card not present (aka online) transactions.

Found thanks to Chris Harrington at the Infosec Podcast

Technorati Tags: , , ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 07 2006

New hobby: collecting prognostications

Published by under General

I always find predictions of what’s coming up for the next year amusing if nothing else.  Ed at Security Curve has evaluated the early predictions by McAfee and IBM.  I think predicting that spear phishing will increase is a no-brainer; we’ve seen such a drastic increase in the volume of spam in the last couple months that anyone could predict that spear phishing will also increase.  I also believe that McAfee’s prediction that malware will increase in video content is an easy call since we’ve already been seeing it.  I think that this prediction should actually be expanded to include all social media sites, not just the video content companies.  They’re just going to be too much of a tempting target to pass by.

I’m not much for these predictions myself; anyone who believes they can predict what’s going to happen more than a couple of months out is either fooling themselves or a genius.  Real geniuses are few and far between, so I think most people are just taking their best guess knowing they’ll probably be wrong.  Which is why it’s kinda fun to collect the different prognostications and see how they stack up over the year.  I wish I’d started collecting predictions last year so I could compare them to reality.

Edit:  Here are some of the years biggest security issues, at least according to InfoWorld

Technorati Tags: , ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 07 2006

The future of data storage

Published by under General

Thanks to my friend, Jeremiah, I was invited to wine tasting and meet-up hosted by Dave Roberson, CEO of Hitachi Data Systems.  The folks at HDS have realized that any one of the myriad social networking startups in the Silicon Valley might be the next YouTube or MySpace and that now is the time to get into the awareness of these companies before they really take off.  It makes a lot of sense from the marketing perspective to spend a little money wooing these companies now while their small and impressionable than to spend a lot of money wooing the same company in a couple of years when everyone is competing for their business. 

I had several very interesting conversations throughout the night.  Dave Pifke of Bebo was very up front about some of the security measures Bebo is taking to make sure that pedophiles and other miscreants don’t take advantage of their social networking services.  First of all, they have Parry Aftab, a privacy lawyer, to set their policy and advise them on privacy and security issues.  Second, they set the minimum age at 13 years old and they have a number of algorithms to look for things like “I’m a 12-year-old” on the peoples pages. Then all of that person’s contacts are put in a queue to be reviewed.  Bebo is the third most popular social networking site in the US, but the first in many parts Europe, so I’m extremely glad to see them taking proactive steps to make sure they are protecting their users.

But the most interesting conversation of the night was when Ben Rockwood asked Dave Roberson about the future of storage technology.  First of all, Dave said that for all of the redundancy built into storage devices, they’re still effectively a single point of failure; in order to combat that a large part of the future of storage will be replication of the data in real time to redundant sites.  As Ben pointed out even with the speed of today’s Internet, replicating gigabytes or terabytes of data is incredibly time consuming.  Dave was a little cagey and kept saying ‘what if’ as if he already had a solution in mind, which he probably did.

Dave then went on to say that the other issue that needs to be addressed is the redundancy of data in storage.  Most of the data we have in storage is replicated at least four times and often more than ten.  All the documents, emails, databases that have copies all over your storage media.  If those redundant copies could be eliminated or become pointers to the original files, the storage needs of companies would be greatly reduced and replication across sites would be much easier.  I found it interesting that the different forms of redundancy are both a solution and a problem to be solved.

Data storage is only going to be more of a concern going forward, both for businesses and consumers.  I know that on my own home network I have nearly a terabyte of storage capability, though close to half of that is just for backups.  As social networking services become more popular, not just the venue of the young and technologically hip, their storage needs are going to skyrocket.  HDS is being very smart by trying to be one of the first companies to court these young companies. 

Technorati Tags: , , ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 06 2006

Looks like I was wrong

Published by under Government

Earlier this week I expressed some skepticism about how the NIST paper on DRE voting machines  would affect the future of e-voting.  Ed Felten said we would look back on this as a turning point and I didn’t think it would have that great an impact.  Now it looks like Professor Felten was dead-on and I doubt even he realized how quickly he’d be proven so.  The Technical Guidelines Development Committee has read the NIST paper and is already acting on it.  I wrote on it for Computerworld this morning.  I prefer to be the first to say something when I’m wrong, which is why I’m bringing it up here.

Technorati Tags: , , ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Next »

7ads6x98y