Network Security Blog

Any idea what it’s like to have to listen to your own podcast to find out what your fate will be?  Neither do I, but I will later today when I listen to Rich have a special guest in the form of Chris Hoff.  I’m on a multi-city trip until very late Thursday night so rather than try to record a show early, Rich asked Chris to co-host and I’m left hoping I have a a podcast to come back to when it’s all said and done.

Chris has been threatening me with a sumo suit and an undisclosed opponent at the RSA convention in San Francisco next year.  Rich is already slated to be the referee for a bout Chris is having with someone who disagrees with him on cloud security, I’m being added as an undercard because I’m one of the people who’s more than willing to harass him back on Twitter.  I don’t know what Chris has planned, but it can’t be good.  We’ll be doing this to raise funds for Johnny Long’s I Hack Charities organization, so it’ll all be in good fun.  But I’m still a littel nervous about what might be in the works.  I just hope I learn a little about it from the podcast.

Network Security Podcast, Episode 131, December 9, 2008

Show Notes

If you’re reading this, then you’re one of the lucky ones who actually got the notification from Google that my RSS feed has moved.  Google sent me an email yesterday that they’d moved my RSS feeds from Feedburner to Google “at my request”.  Since I never requested such a move, it means that they are moving a number of people and I just happened to pick the lucky number yesterday.

I’ve had nothing but trouble with Google and Feedburner for the last month.  First, the number of readers of the RSS feed dropped by 1000 overnight a month ago.  Then several of my posts started republishing, again and again … and again.  Now they’ve moved me off of Feedburner and onto Google’s feed solution, and I lost another 500 readers of the feeds.  Thanks to Google I’ve lost nearly half of RSS readership in a month.  That’s just not acceptable.

I’m on the road and don’t have the time to do much about this, but I’m seriously thinking of taking my feeds back in house and cutting Google out of the picture entirely.  I don’t make much money off of the blog, not even enough to pay for my hosting services when it’s all said and done, but every little bit helps.  And Google’s cutting into what little I do make.  Not good.

The only good news is that according to my occasional vanity search on the term ‘security blog’ I’m vying for second place behind Bruce Schneier with Google’s own security blog.  Maybe this is their way of getting back on top.

I rarely fly outside the US.  In fact, in the last year I’ve only done it once and will be doing so for a second time this week.  I am about as white bread American as you can get, but I still worry about having my laptops searched by the DHS.  I know the government says they only search a small fraction of all systems coming across the border, but if you’ve ever seen the hacking stickers on my Mac Book Pro, then there is a possibility that some agent out there might think that gives them a valid reason to search my laptop.  Last time I came through, they swabbed my Mac Book for explosives after all.

My personal computer has a lot of stuff on it, but nothing I’d be worried about someone else seeing, but my work laptop is a different beast all together.  I have a lot of sensitive information about clients on it, including screen shots of their software configuration, firewall configurations, policies, not to mention all the contact information and correspondence with said clients.  I doubt there’s anything I have that would shut down a business, but in the wrong hands the information I have could cause more than a few companies some late night sessions resetting passwords and changing configurations.  That’s why the drive is encrypted and I have a passphrase that’s more than 30 characters long.

So what happens if I’m stopped at the border and asked to type in my password?  If it’s my personal computer, I’ll probably say go for it and give type in the password.  But if it’s my work computer, where do I draw the line?  I’ll be coming back later in the week, I’ll be tired and want to get back to my family.  Do I say no, call my corporate council and prepare to be detained for however long it takes things to get worked out?  Do I bend my own morals and let them have what they want?  Or is there another alternative?

Seriously, I have absolutely no expectation of something like this happening.  On the other hand, it won’t hurt to have the company lawyer’s card handy as well as contact information for the Electronic Freedom Frontier.  You never know what’ll happen if I’m sleep deprived enough to get really beligerant on my way home.  Can I tell the border agent I’ve met their supreme leader, Secretary Chertoff?

It’s been a busy week.  Productive, but busy.  And next week’s only going to be worse, with me traveling cross country, up into Canada and back.  After that I have a couple of weeks at home, but it’s still the busiest I’ve been in a while.  So busy I even have to let Rich do the podcast with a special guest co-host this week!  I’m a little annoyed and jealous since the guest is a good friend of ours and someone I’d like to have a chance to question and harass myself.  Am I going to tell you who it is?  Nope, I’ll let that be a surprise, unless Rich decides to let the cat out of the bag. 

Sunday morning Reading:

• FBI:  Criminals auto-dialing with hacked VoIP Systems:  This doesn’t sound like a huge problem if folks are properly protecting their Asterisk installations, but how many un-protected installations are there out there?
• OpenWRT on an Asus WL-500g Premieum:  I had to give up on this for now due to time and energy constraints, but I’m going to circle around with the WRT54G I freed up in the process.
• Cloud computing and PCI compliance:  I’m not sure if I want to listen to this podcast to learn from Michael Dahn or so I can argue with him next time we talk.  Nor am I sure there’s much of a difference between the two.
• Gmail Backup:  Nearly 2 gigs of email is going to take me a long time to download at 10 KB/s.  But I haven’t backed up my email in … well, ever. 
• Online shops stave off cybercrooks:  We’re more secure thanks to PCI, a Gartner analyst says so.  And we know exactly what the opinions of Gartner analysts are worth, don’t we?
• Google’s Chrome team mulls local file restrictions:  I still haven’t played with Chrome much but it appears they’re taking some serious steps to secure our surfing experience

On a more personal note, Chris Hoff is trying to get me to invest some time and money in checking out the P90X system.  This is not a chip with a floating point error from a couple of decades ago, it’s a exercise and diet system that’s pretty hot at the moment.  There are almost a dozen other security professionals that are using this system and I’m giving serious consideration to joining that number.  I need something like this that can be done with weights while I’m at home and using exercise bands while I’m on the road.  Add ripping the DVD’s to my iPod or Macbook and there’s a lot to recommend it.  I’m trying to maintain through the holiday season the lose 20 lbs between January 1st and April 20th, the first day of the RSA Conference.  I want to look good for all the photo ops and whatever Chris has cooked up.  Something to do with sumo suits, and I’ve been told there’s a special ‘surprise’ for me.

I haven’t got the faintest idea what happened to the RSS feed.  The only change I’ve made to the blog lately is to upgrade to the latest version of WP.  I’m disabling a plugin that is supposed to help with Feedburner, we’ll see if that helps.  I was just told this morning that even though I unpublished the WRT54G blog post, it’s now the last post on the RSS problem that’s being reposted.  Arrgh!

I’ve had a number of complaints the last few days that my RSS feed seems to be messed up and people are getting multiple copies of the WRT54G post.  As far as I can tell the feeds coming from the site are fine, it’s somewhere at Feedburner that the RSS is being mangled, and by extension at Google. I’ve had a number of issues with the Feedburner/Google setup lately, I lost approximately a thousand readers a month or so ago and they’ve never come back.  I was told this is just a problem with Google Reader reporting the numbers and not a real issue, but I’m less and less inclined to believe this.

I apologize to everyone who’s getting multiple copies of certain posts, I have no idea how to stop it.  I’m sticking with Feedburner for a little while longer in the hopes they can get their stuff together, but I draw the line at the point where they start driving people away from the blog. 

Update:  I have ‘unpublished’ the WRT54G post, it was causing too many people problems due to the continuous republishing in the RSS feeds.  I will try reposting it this weekend and see if the problem returns.

First off, I’m not the person you want to talk to if you want to be on the guest list for next year’s Security Bloggers Meetup at RSA Conference 2009.  I’m involved in the event, but I’m not involved in maintaining the List and I like it that way.  But I do want people to know about the event and to give as much advanced warning to all the bloggers/podcasters/reporters etc. who might want to attend.

We have a number of rules concerning this event and Jennifer Leggio lays them out pretty clearly on the RSA Conference blog for the event.  Blogging types only, no marketing, no one gets the list and the details of when and where are confidential.  If you want to get on the list or know what it takes to get on the list, contact Jennifer and ask. Don’t contact me or any of the other people involved, Jennifer is the official mistress of the list and the only one who really knows who’s on it. 

I originally thought we were starting too early in the planning of this event, but it became obvious quickly that there’s no such thing as ‘too early’ when you’re talking about an event as big as the RSA Conference.  The great thing is that this has given us a chance to put in place many of the things we wish we could have done last year and were only a vague dream the year before.  We have big plans for this year’s event and it promises to make the first two look like they were put on by amateurs.  Which they were, but that’s beside the point.

Subscribe to the RSA Security Blogger Meetup RSS feed or follow it in Twitter, @RSABloggers2009.  There’s almost nothing that would keep me from the event next year and I know a lot of other people who feel the same way.

This week, Rich and Martin actually make the podcast live up to it’s name.  You’ll have to wait until the second half of the podcast, but we take a good part of today’s show and discuss some of the technology that we’ve both put into our networks, the reasons behind the choices we’ve made, and some of the effects those choices have made on our computing experience.  Let us know about your home network and the hows/whys of the choices you’ve made in setting it up.

Network Security Podcast, Episode 130, December 2, 2008

Show Notes:

• PCI Compliance Services FAQ
• The End of Online Anonymity – It’s not the end, it’s a change in how we look at it.
• EFF to fight against telecom immunity in Tuesday hearing – I hope everything went well for Jennifer Granick and friends
• Cybercrime servers selling billions of dollars worth of stolen information, illicit services
• Canadian IT exec accused of stealing customer database
• There is always a back story … – Richard dig’s into the Canadian IT story

At the end of October I was invited to a dinner put on by Seagate in San Francisco at Shanghai 1930 (highly recommend, BTW), along with a few other bloggers and a number of press folks.  I got to talk to a number of the Seagate executives and ended up sitting next to Luther Martin, the Chief Architect at Voltage Security.  The conversation was very fluid, ranging from politics to various security topics to the then upcoming holiday season.  There was nothing revolutionary in the conversation, though one of the execs in charge of consumer electronics said he felt very good about the future, since storage and backup in the home have barely scratched the surface of the market.  Finally on the way out, they handed each of us a Maxtor BlackArmor 320Gb external hard drive. 

The Maxtor drive is very nice, sleek and small.  It comes with a fairly short USB cable, pretty standard for these drives, and has a bright blue LED on the front to indicate activity.  And when I say bright, I mean it; the drive light’s up my office late at night and I really wish it had a way to dim or turn off the light, but that’s a minor quible.  When I plugged in the drive and started the software installation, it asked for the Security ID code from the back of the drive and a password, then acted just like any other drive on my computer.  Except none of my other drives are encrypted using AES-128 and require their own password before they’ll allow access. 

I’ve been running an older Maxtor Shared Storage drive on my network for several years now and love it.  It sits on the shelf and every night my files and my wife’s files get backed up over the network and I feel a bit more secure.  About every 3-4 months I take the whole backup and copy it to a second external drive hooked to the MSS drive via UPS, and once a year I copy those backups to a second external drive.  I’ve had drives fail on me before and I’m not willing to take a chance that my data would be lost in case of a drive failure.  Yes, I’m paranoid, but I’m a security professional and I’m supposed to be paranoid. The MSS runs a small program called Maxtor Quick Start that ran at startup and backed up everything, or at least it did until I installed the latest version of Maxtor’s software, Maxtor Manager.

I like the new Maxtor Manager, it works seamlessly, it backs up everything I want it to at Midnight every day, and my test restores have worked well so far.  The one issue I have with it is that it disabled Maxtor Quick Start from starting automatically upon bootup and doesn’t recognize my Maxtor Shared Storage Drive.  I can still start Quick Start manually and do backups to the networked drive by hand, but it doesn’t give me quite the same feeling of security I had before.  It is slightly redundant, I admit, since the BlackArmor drive is backing up the same drives nightly, but I’ve already stated that I’m a paranoid who only feels safe when I’ve got multiple copies of my data on backup. 

Other than the minor issues around my network and the bright blue LED, I love the Maxtor Black Armor drive.  I’m seriously considering purchasing one for a family member who’s in need of an external drive, especially since they aren’t any more expensive than your average external drive ($108 on Amazon for a 320Gb version).  The added security of having the encryption on the drive might not matter to many home users, but for folks like me who regularly work on sensitive documents, it’s a huge blessing and let’s me sleep a little better at night.  My issues with the software won’t affect most users and the backup software is easy enough to use that my luddite of a brother could install it and run it without any help from me.  Which is good, since I don’t do tech support, even for family.