Christmas is over! I hope yours was good, but I personally find the whole build up and let down stressful and I’m glad when it’s done with. Especially the part where my kids are home from school for a week and whine every time I tell them to get out of the house for a little while before I have to hurt them. Not that I’d actually hurt my kids, but it’s sometimes the only threat that will get them moving.
There have been some interesting stories leading up to Christmas and it’ll be interesting to see what’s been happening behind the scenes while the majority of us have been chomping on candy and ripping open our presents. I have nothing to support the theory yet, but I strongly suspect most of the bad guys left their tools running while they took some time off, so their might be reports of compromises in the not too distant future. After all, there were a couple of reports that came out before the weekend, perhaps hoping to get ignored and bypassed in Christmas craziness.
A quick thought on the boycott of GoDaddy over the SOPA legislation. GoDaddy is such a minor player in this realm and probably signed on to the legislation like a little brother following his older brother, Big Media; they wanted to sound and act cool in the eyes of everyone else without having the faintest idea that what they were doing had real world consequences. Boycotting GoDaddy is like bullying the little brother when what you really want to do is punch the elder brother in the eye! It’s ineffective, both in the long run and in the short term, to boycott GoDaddy when what we should really be doing is making the larger players behind SOPA aware this is an evil and unacceptable way to try to regulate the internet. A crowdsourced version of the list of supporters on the list is available as a Google doc. If you really want to do something important, boycott some of the big boys on the list and quit going to their movies and buying their products.
Open Tabs – 12/26/11
- Chinese computer hackers hit U.S. Chamber of Commerce – I wonder what our hackers are doing to the Chinese behind the scenes. Not the vocal ones on the con scene, the ones employed by the Three Letter Agencies. Never mind, we don’t do that, do we.
- LOIC (Low Orbit Ion Cannon) – DoS attacking tool – The tool is old news, but this is a pretty good writeup. If you want to know more though, one of my co-workers could tell you a few things more about how it works.
- The Thought Leader … One year later – Chris Eng’s further harpooning of the information security thought leaders. I know about half of the video applies to me at least as much as it does anyone else.
- How hackers gave Subway a $30 million lesson in point-of-sale security – There’s another meaning for POS, especially when you don’t bother changing default passwords and trust owners to follow procedures.
- The Dark side of B-Sides – I’m staying out of this fight, since I know all the players. But I know there’s a lot of truth to both sides of the stories, and the sooner this can be opened up and the aired out, the better for everyone involved.
- Hackers steal data on millions of Chinese net users – No need for nefarious government hackers when criminals will hack into Chinese sites because they data they hold might be worth something.
- Insurance against cyber attacks expected to boom – Let’s just insure our systems rather than taking the time to secure them! Because the insurance companies won’t place caveats on what’s ensured and what constitutes a breach of contract to include poor maintenance control, will they? “What do you mean our insurance doesn’t cover this?” is a phrase I expect to hear once cyber insurance (I shudder at the name) becomes common place.
- Congress calls on Twitter to block Taliban – Oh yeah, because it takes so much to set up another account and tell everyone to go there instead. And because censorship should always be one of the first tools used by a free, democratic system. These people spend too much time thinking in hyperbole and too little time thinking in reality.
This is Martin, and while I know we said we weren’t going to do another podcast this year, I got started talking to Martin Fisher over at the Southern Fried Podcast and we decided, “What the heck, let’s do one more this year and thank all our listeners for supporting us!” It was supposed to just be the two of us, but Rich happened to be available. It was also only supposed to be a few minutes, but when you get the three of us going, it obviously has the potential for going long.
All three of us are very greatful to our audiences, and I think I can say the same on behalf of our co-hosts. The year has had its ups and downs, but I believe we’re ending it on a high note. I hope your life is doing the same and that you have a good ChrisHanaKanzamas or whatever you celebrate this time of year. At least celebrate a few days off, if nothing else.
Southern Fried Network Security Podcast Christmas Special
Long night last night. We went to something called a pirate gift party; sort of like a white elephant gift (cheap, person A can take a gift from the table or steal from person B) except most of the gifts were wrapped in tinfoil cleverly disguised to hide their true nature. Two minor variations from a normal white elephant gift is that there is no limit to the number of times gifts can be stolen per turn and no one gets to open the gifts until the last gift is chosen from the table. This led to an interesting ‘defense’ strategy; since there was a gift that was wrapped to look like Thor’s Hammer that my Spawn wanted, they worked together to make sure they kept it at all cost. Basically, when person A stole the hammer from whoever was holding it, that Spawn would steal his brother’s gift, and that Spawn would steal the hammer back. This was a pretty good strategy, until Spawn1 lost concentration at one point and went after a different shiny object. It all ended up good in the end, though another pair challenged the Spawn to a game of endurance to see who wanted the hammer the most. It ended up being a 15 minute round robin of gifts being stolen and restolen that left everyone laughing. Oh, and “Thor’s Hammer” ended up being a cleverly disguised box with chocolate and money in it, with a broom handle that was acting as the handle.
Oh, and very importantly, It’s that time of the year! Security Bloggers Meetup invites have gone out.
Open Tabs 12/18/11:
A discombobulated Martin and a sleep-deprived Zach get together for
the final episode of 2011 (and Rich isn’t around to join us — tsk tsk).
This week’s stories seem to be more of the same — surveillance, leaks,
and dumb legislation. Here’s to hoping for a brighter 2012.
Network Security Podcast, Episode 262, December 13, 2011
Usually I try to find the time to blog first thing in the morning, but today was way too busy to allow for anything nearly as relaxing as blogging. I spent two days traveling to and from a client site last week and then two more days at the BayThreat conference, with only Sunday at home to relax and play Skyrim … I mean spend with the family. BayThreat was a ton of fun; my co-worker Mike Smith gave a presentation called “Zerging is for Chumps” and another friend, Gillis Jones gave his first talk, “Show me the Money”, just to name a few. It’s interesting to go to a convention where you can almost talk to every attendee if you put your mind to it. And you know I gave it a pretty good try. Anyway, I’m off for more flying around the country again this week and have a ton to do in the mean time, so this may be the only chance I get to post this week, other than the podcast. Presuming I can get that done with Zach this week.
Open tabs, 12/12/11:
When Rich isn’t around to take up most of the time, Zach can actually
be pulled out of his shell to talk for a little while. Or maybe it’s
just when there are two hosts on the podcast there’s more time to talk.
In any case, Martin and Zach went a little long this week as well as
deep into paranoia land. And there’s so much in the news right now to
push us there. It’s kind of scary when you start to realize that as
much communication as modern technologies allow, they also allow a lot
of very deep surveillance. Which we as a society seem to be okay with.
Network Security Podcast, Episode 261, December 6, 2011
There’s this game called Skyrim that’s been taking up all my ‘free’ time. The only thing that’s kept me from being completely sucked in is the fact that my eldest son keeps asking, “When is it my turn to play?” That and the fact that my other half keeps bringing up Christmas and my commitments as far as decorating and present shopping go. Tis the season to avoid the malls and spend time online shopping instead. Speaking of which, my coworkers have a thing or two to say about the holiday shopping season, which is once again morphing into something bigger, yet different, than it was ten years ago. I love working at a place that has so much access to data about what’s really happening on the Internet. Hopefully you’ll hear more on that early next year.
Open Tabs 12/5/11: