Network Security Blog

Rich and I crashed the party over at StillSecure After All These Years earlier this week. We decided it was time for a Jetsons meet the Flintstones style podcast. I’ll give you a hint, Alan is Fred, at least as far as I’m concerned. We’re not sure if Mitchell is Barney or Wilma. We had a great time talking with the guys and may do this again in the future. If you’ve already listened to SSAATY this week, you’ll want to skip this episode, since it is the exact same podcast.

Network Security Podcast [ 41:38 ] Play Now | Play in Popup | Download

Show notes

Now that the total of cables cut or disabled in the Middle East has risen to five, there’s even more conspiracy theories coming out of the woodwork.  And it’s no wonder; if 50 of these happen a year worldwide, to have five happen within a week in a geographically limited area is a statistical anomaly to say the least.  I’m betting that this is just a what it appears to be on the surface, a series of unrelated failures that just happened in a short period of time.  But it is fun to speculate and try assigning human interference to the problem rather than natural events.

If this is a conspiracy, then the target isn’t the cables that have been cut.  Think about it, what conspiracy would do something as direct and overt as cutting these cables?  No, the real target would be re-routing the traffic over cables and networks the conspirators already controlled before any of this started.  Or they’re trying to distract all the conspiracy buffs from something even bigger happening elsewhere.  Whatever they’re doing, the loss of these cables and the disruption to Internet traffic in the Middle East and India is a side effect, not the real target.

Conspiracy theory is attractive because it pulls in so many threads of truth and weaves them together in a believable story.  It’s the sort of speculation and half understood facts that fuel the Internet and the Blogosphere to begin with, so events like this are going to bring out anyone and everyone with an ax to grind with a government agency or secret society.  Even if, or maybe especially if,  the official reports say that these were all natural occurrences, conspiracy theories are going to continue.  After all, every once and a while a real conspiracy proves to exist.

If you think the Internet’s abuzz now, just wait until cable #6 goes.

Rich and I had Mike Murray, author of the Episteme.ca blog and friend to both Rich and I, as our special guest. I picked an appropriately titled “Sick as a Dog” having now spent three days in bed. It’s a measure of my dedication to the podcast that we were able to record despite my cold. Either that or I’m just too stubborn to let something like a little bug get in the way.

Network Security Podcast, Episode 93 [ 51:07 ] Play Now | Play in Popup | Download

Show Notes

It looks like my friend Christofer Hoff is coming to town this week.  The women and sheep will probably be safe in all actuality, though the bourbon supply may be in danger.  I’m going to find some sort of excuse to head into the city to meet and eat with him at least once while he’s out here.  I IM or Skype Mr. Hoff at least once a week, but I think this will only be the second or third time I’ve had a chance to actually meet him face-to-face.  IM is great for keeping in touch, but nothing beats a face to face discussion with alcohol involved.  Besides, I want to see Chris’ latest tattoos.  I think.

This just might be a good reason for an emergency BaySec meeting.  Failing that, I guess we could just have a number of security professionals get together and drink.  I’m going to have to find a way to get the next podcast recorded and posted early so I don’t have any excuses not to head to San Francisco at night.  I’m not going to post my phone number, since I don’t have a fancy dancy call router like Chris.  Of course, if you look just a little, you can find it on the blog.  I know the marketing people keep finding it.

I don’t know about you, but I’m a little concerned that there have been three separate underwater cables in the Middle East and India.  Once is bad luck, twice is a coincidence, but three times makes me wonder if it’s not more than just coincidence.  If a fourth cable gets cut in the next couple of weeks, I’m really going to start thinking about a conspiracy.

The local news was making a big deal of this incident, not because of the outage itself, but due to the fact that it was affecting the customer service of all the companies that have centers in India.  I won’t be at all surprised if this incident causes a number of the tech support jobs that have gone to India in the last five years to be pulled back to the US.  I suspect that there are a number of companies that are waiting for an excuse like this to return their support centers back home, especially with the way stay-at-home call center services are picking up.  Maybe I can convince my wife to take one of these jobs now that the kids are in school most of the day.

After I caught up with Robert Graham at Defcon and interviewed him for Podtech this summer, I installed CustomizeGoogle to force my browser to always use HTTPS when connecting to Gmail.  I thought that would be enough but now Robert has figured out that even switching to HTTPS isn’t enough to protect you on Gmail or many of the other common email sites. Not that I’d ever check my email or do my banking using public wifi even before this, but it’s one more reason to avoid the wireless at Starbucks in the future.  It’s also a good reason to turn off your wifi card if you ever see Robert face to face.

And just in case you missed the video the first time, here you go again.  Note to self, recording an interview in a echoing stairwell isn’t much better than getting the same interview on a noisy convention floor. 

I’ll be the first to admit I joined Twitter and Facebook thanks to social pressures from Jeremiah Owyang.  I figure that when you’ve got a friend who’s a social media guru, you should listen to his advice once in a while. I’ve regretted signing up for both some, Facebook because of the privacy issues, especially Beacon, and Twitter because it is such a time and attention hog if you let it.  Both are great social networking tools and have helped me get in contact with other security professionals and fans of the blog/podcast.  If you keep in mind that everything you put on either of these tools can be read by your boss or potential boss, that is. 

Technorati Tags: security, twitter, social networking