Archive for the 'Humor' Category

Oct 07 2013

Explain it to me

Published by under General,Hacking,Humor

I’ve never hidden the fact that I’m a bit of a rebel.  Okay, to be honest, I’m proud of being a stubborn contrarian who’s going to do what he thinks necessary, despite what it might cost in the future.  Part of the reason is that I’ve always been smarter than average and I feel that I see and understand things in ways many others don’t or can’t.  And as long as I’m being honest, I also enjoy the chaos this engenders and the ability to thumb my nose at convention and authority.  I like upsetting people’s preconceived notions and making them think about things they might normally shy away from contemplating.  I want improvement over the present and I despise the status quo.  And I don’t think I’m at all unique amongst security professionals; we’re almost all rebels to one degree or another.

I believe people who love security as a career are similar to me in large part.  We’re people who see a problem that needs to be solved, puzzles that need to be unlocked and mysteries begging to be revealed.  Constant learning is something that is the hallmark of a good security professional.  If you look at the most successful hackers, they got to the top because they can’t pick up a piece of electrical equipment or software without trying to see how it works.  We want to understand, to unlock and hopefully to gain just a little more knowledge about how the world around us works.  And yes, I include ‘hackers’ in the continuum of security professionals, as a subgroup who tends to embrace the chaos more than the more corporate professional.

Let me give you an example.  Over the summer at a small conference in Las Vegas, a select group of us met at a restaurant for dinner, a not uncommon occurrence for that time of year.  What was a little unusual was that when we sat down, the waitress handed the group a set of iPads with the drink and food menus on them.  Apparently we were meant to place our orders through these devices and the waitress would magically bring them out several minutes later.  But you should have seen eyes light up around the table as everyone started considering how to break out of the menu app and make the system do things the restaurant had never meant for their app to do.  It was like Christmas in July!  Needless to say, it was only a few minutes before we had to hand one of the iPads back to the waitress with an explanation of “Umm, we think this one is broken, it shows another restaurant’s menu.”  They’d figured out how the tool worked, unlocked the puzzle and had some fun, all in one fell swoop.  This curiosity is the core of who we are.

This need to understand is one of the things that makes many security professionals hard to work with.  We don’t take orders well, or at least I don’t.  We want to understand the underlying logic of a decision; we want to understand the thought process that went into making the decision and why it’s the best decision.  “Because it’s always been done this way” is the bane of our existence; when was the last time anyone examined why of that way?  Does doing it that way still make sense?  Is there a better way of doing it?  Does doing this actually accomplish our goal, or is it just busy work?  Managers don’t want to explain, they just want to get the task done, despite the fact that the task might not be leading towards the actual goal, but away from it instead.  And sometimes that’s the right thing to do.

We, as security professionals and hackers of the reality around us, have to be aware of this need to understand and unlock within ourselves and take steps to counteract it when appropriate.  Personally, it’s hard for me to accept “this is just the way it needs to be done”, but sometimes that’s the correct path.  Those moments are relatively rare; I prefer to have the people giving me direction to explain what it is they hope to accomplish and let me figure out how to do it best.  In the main, we have the time to discuss, to understand and to come to an optimal solution for the problem, and often if we take the time to do so, we realize the problem we were really trying to solve is not the problem we thought we were trying to solve.

It’s always important to understand your own motivations in decision making.  It’s also important to understand the motivations of the people around you in that same process.  I don’t claim that every security professional is driven by chaos and curiosity, but most of the ones I gravitate towards are.  We see chaos as a method to drive improvement.  But being aware of that motivation and how it influences the decisions we make will help us not only make the right decisions, it will help make those decisions in a way that is less stressful for us and those around us.

So let your coworkers know that you’re not challenging them, you’re challenging the decision making process and seeking to understand why a decision was made.  You want to understand what the goal was and how the decision leads to that goal.  But also understand that sometimes the analysis of a decision is not a luxury that can be afforded at a particular point in time.  There are times where we just have to take orders and shut up.  It seems to go against the grain of who we are, but it’s an unfortunate necessity in some cases.

I’m lucky in that I’m at a point in my career, in my life and in my role that I’m not only accepted as someone who’s supposed to question the decision making processes, it’s expected of me.  You can’t be a ‘thought leader’ if you never question authority, never question the status quo, never  question the reasoning that brought us to this point.  But I also have to be cognizant of the fact that what is generally one of my strengths can also be one of my greatest weaknesses if I’m not careful.  Giving into the desire to understand when things just need to get done leads to frustration for everyone involved, and harmful to the mission when done at the wrong time.

I may be grossly generalizing my own rebellion onto the entire security and hacker community.  I know a lot of people are going to say, “I’m not at all like that”, and they may be right.  Each of us have our own unique set of motivators that push us into the decisions we make.  But this is a set of motivators I see as a commonality in the community I live in.  Understanding your own motivations is one of the best ways to combat the frustration we often feel when dealing with people who don’t see the world as a puzzle like we do.  And knowing they don’t see it the same way might help us communicate in ways that settle some of their frustrations as well.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

5 responses so far

Nov 06 2012

Network Security Podcast, Episode 295

Published by under Government,Humor,Podcast

Rich is M.I.A. again, and we’re left do discuss Russia, “the biggest problem in computer security”, and the perpetual badness of industrial control systems.  And hopefully by the time you read this, all of the Presidential excitement will be over, or you’ll have a drink in hand and won’t care any more.

Network Security Podcast, Episode 295, November 6, 2012

Time:  35:06

Show notes:

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Jul 10 2012

Participating in Hacker Hug Bingo

Published by under Humor

I’m still not sure how this got started.  I’m not even sure what the point is.  But in any case I’ve been volunteered for a spot on Hacker Hug Bingo at Black Hat, Defcon and BSides Las Vegas this year.  The point is for participants to meet some of the rogue’s gallery of security people on Twitter and get pictures of hugs with them.  This should be fun for people like @diami03, who’s a little shy to begin with and will be very leery about being hugged.  Which brings up one of the most important rules of the game, ask before getting a hug or taking a picture.  Being the perverse jerk I am, I provided the contest with a 25+ year old picture of myself.  Too bad there’s not a way you could find a better picture.  I’ll be around from Tuesday through Sunday, so please take a moment to introduce yourself before asking for a hug.  BTW, there are prizes of some sort.  BYOP*

*Bring Your Own Penguin!  It’ll make more sense if you read the bonus rules.
[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Jul 01 2011

Weird Al is brilliant!

Published by under Humor

“Stop Forwarding that Crap to Me!”

Most of my family doesn’t send me much of this stuff any more, but I am still tempted to send it to each and every one of them anyway.

“Weird Al” Yankovic – Stop Forwarding That Crap To Me from Fube on Vimeo.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Mar 29 2011

Network Security Podcast, Episode 235

Published by under Hacking,Humor,PCI,Podcast

Martin and Rich are joined tonight by our new co-host, Joseph Sokoly, formerly of the Southern Fried Security podcast.  Martin leads off the night with a short story about his kids, in which he once again demonstrates his inability to remember the proper names for people and things (it’s Elevation of Privilege by Adam Shostack, not ‘escalation).  We talk about the most recent round of breach disclosures as well as a brief foray into PCI.  But we do keep it mercifully brief.  Welcome again to Mr. Sokoly, it’ll be nice to have someone a bit more reasonable on the show.

Network Security Podcast, Episode 235, March 29, 2011
Time:  28:08

Show Notes:

 

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Nov 11 2010

Nailing the new TSA process


‘Nuff said!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 13 2010

The Friendly, Snuggly Security Bear and the Internet

If you’re not already scared of the people who want to listen in to your phones, then this video won’t worry you.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

Sep 28 2010

Network Security Podcast, Episode 214

We’re all back on the air and Mad Mike Rothman has been put back in his cage.  Okay, maybe not his cage, but between Rich, Zach and Martin, there’s not room for one more loudmouth this week.  Besides, we actually getting the three of us around the virtual coffee table to kvetch.  Zach is on the road, so he phones it in this week and Martin gives a quick review of the PCI Community Meeting without actually revealing anything that went on.  That would be against the rules. 

Network Security Podcast, Episode 214, September 29, 2010
Time:  40:40

Show Notes: 

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 09 2010

Just for fun, part 2

Published by under CISSP/ISC2,Humor

Here’s the CISSP Song by Rob Slade.  I’m not going to try to sing it, but I hope someone does.  And I hope that someone sends me the recording to play on the podcast.

Thanks Rob!

CISSP Song
Lyrics by Rob Slade slade@victoria.tc.ca

Sung to the tune of “The Major General’s Song,” from
“Pirates of Penzance,” by Gilbert and Sullivan [1]

CISSP (solo):
I am a Certifiable Security Professional
I’ve countermeasures physical, administrative, technical
I know the ports of TCP and backdoors with malign intent
And survey risk analysis to prove the safeguards wisely spent
I’m very well acquainted, too, with matters of the blackhat crew
Attendance on the IRC phrack channel makes my colleagues stew
With viruses and zero days I’m teeming with a lot o’ news,
With many cheerful facts about the weaknesses in Usenet news

CIO Chorus:
With many cheerful facts about the weaknesses in Usenet news (etc.)

CISSP:
I’m very good at ACLs and mandatory access modes
I know the disassembled names of CPU compare opcodes
In short, in matters physical, administrative, technical
I am the very model of an infosec professional!

Chorus:
In short, in matters physical, administrative, technical
He is the very model of an infosec professional!

CISSP:
I know our mythic history, LaPadula, Biba, and Bell
I know the biometric facts, memorized CERs as well
I understand the lattice, roles, rules, and discretion base
And pseudorandomize my keys to maximize the address space
I’ve tokens, tickets, one-time passwords, smart cards and a kerberos
And Centralized Remote Authentication to remove the dross
I’m proof against the DoS, Man-in-the-Middle and brute force attacks
My proprietary off-the-shelf stuff’s licenced and it never cracks.

Chorus:
His proprietary off-the-shelf’s all licenced and it never cracks.

CISSP:
My audit logs are analysed, detect intrusions evey time
My legal counsel’s up to date with all the best computer crime
In short, in matters physical, administrative, technical
I am the very model of an infosec professional!

Chorus:
In short, in matters physical, administrative, technical
He is the very model of an infosec professional!

CISSP:
In fact when I know what is meant by “data link” and “twisted pair”
When I can tell a fibre optic cable from a trigger hair
When Internet Explorer I no longer use the Web to surf
Or let my users chat on IRC on all my network turf
When I have learnt that firewalls can filter out the packets bad
When I know that the guy with foreign bank accounts might be a cad
In short when I’ve a wee bit of professional paranoia
You’ll say a better CISSP has never addressed yuh.

Chorus:
You’ll say a better CISSP has never addressed yuh.

CISSP:
For my security training, managerial though it may be
Lacks practical direction and real-world applicability
But still, in matters physical, administrative, technical
I am the very model of an infosec professional!

Chorus:
But still, in matters physical, administrative, technical
He is the very model of an infosec professional!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Sep 09 2010

Just for fun, part 1

Published by under Humor,Social Networking,Video

Last week I joined Chris Hoff, aka Beaker, and Team Squirrel down in Palo Alto to play v0dgeball for the evening.  I can’t say I was of much use, but it was awesome to watch Kim shimmy and twist her way out of almost every ball thrown at her.  And when it came down to the final game, Trey Ford did an awesome job of taking on the other team by himself.  Truly an epic performance.  For more video and pictures, you can visit Virtual Geek.  In the mean time, here’s a small sample of what we went through.  Great game guys!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

« Prev - Next »