July 2009 Archives

Where Will YOU Be Next Week?

Just a friendly warning... my blogging and twittering rates are going to likely spike next week as I will be in Vegas for Black Hat, Defcon, Security BSides, Neighborcon, and whatever else is happening all at the same time.

To those who follow me on twitter, this is fair warning: I plan to live tweet certain key talks and panels. Yes, that means an sharp increase in tweets. If this is unacceptable to you, then I highly recommend unfollowing me until Monday, August 3rd, when everything is done.

If you're coming out, please leave a comment or DM me on twitter so that we can meet up!

Peace Out!

Emerson on Friendship

Quotes of Ralph Waldo Emerson courtesy Project Gutenberg, from his collected writings on Friendship. I liked the following quotes:

3. Our intellectual and active powers increase with our affection. (...)

4. What is so pleasant as these jets of affection which relume a young world for me again? What is so delicious as a just and firm encounter of two, in a thought, in a feeling? How beautiful, on their approach to this beating heart, the steps and forms of the gifted and the true! The moment we indulge our affections, the earth is metamorphosed; there is no winter, and no night; all tragedies, all ennuis vanish; all duties even; nothing fills the proceeding eternity but the forms all radiant of beloved persons. Let the soul be assured that somewhere in the universe it should rejoin its friend, and it would be content and cheerful alone for a thousand years.

5. I awoke this morning with devout thanksgiving for my friends, the old and the new. Shall I not call God, the Beautiful, who daily showeth himself so to me in his gifts? I chide society, I embrace solitude, and yet I am not so ungrateful as not to see the wise, the lovely, and the noble-minded, as from time to time they pass my gate. Who hears me, who understands me, becomes mine, - a possession for all time. Nor is nature so poor, but she gives me this joy several times, and thus we weave social threads of our own, a new web of relations; and, as many thoughts in succession substantiate themselves, we shall by-and-by stand in a new world of our own creation, and no longer strangers and pilgrims is a traditionary globe. My friends have come to me unsought. The great God gave them to me. By oldest right, by the divine affinity of virtue with itself, I find them, or rather, not I, but the Deity in me and in them, both deride and cancel the thick walls of individual character, relation, age, sex and circumstance, at which he usually connives, and now makes many one. High thanks I owe you, excellent lovers, who carry out the world for me to new and noble depths, and enlarge the meaning of all my thoughts. These are new poetry of the first Bard - poetry without stop - hymn, ode and epic, poetry still flowing, Apollo and the Muses chanting still. Will these two separate themselves from me again, or some of them? I know not, but I fear it not; for my relation to them is so pure, that we hold by simple affinity, and the Genius of my life being thus social, the same affinity will exert its energy on whomsoever is as noble as these men and women, wherever I may be.

Nice Mention on Digital Soapbox

I'm honored to be featured today in Raf's "31337 Spotlight" - go check it out!

Humor: A Movie Never Made

Trying to be a little funny... perhaps trying too hard... :) In response to my lament that some group called the "Manhattan Airport Foundation" wants to level Central Park to make it into an airport (see this story) came the following exchange on twitter today:

@cunningpike: It's for the next Billy Crystal/Tom Hanks/Meg Ryan vehicle - a blend of "You've Got Mail", "Forget Paris" and "Terminal"

@falconsview: is it called "Forget Terminal Mail Velocity"? :) a love story of spam and phishing? :)

@falconsview: Crystal writes them poorly [ed. "them" being spam/phishing messages], Ryan falls in love w their oddness [ed. "their" being the messages], Hanks is the foil and bf of Ryan, completing the triangle? :)

Hey, I thought it was funny... @cunningpike was moved to tears (cunningpike: Beautiful. Poetry. It's bringing tears to my eyes). :)

(Hat tip to @cunningpike for seeding the idea.:)

The Modern Dark Age

"Just as energy is the basis of life itself, and ideas the source of innovation, so is innovation the vital spark of all human change, improvement and progress." -Ted Levitt

On the 40th anniversary of the Apollo mission landing on the moon there has been much discussion about the future of space exploration. This question goes right to the heart of a larger question about research and development, innovation, and evolution. Most of the discussion I saw today (and some over the weekend in anticipation of the event today) had a common conclusion: we could not do today what we accomplished 40 years ago. Not because the technology doesn't exist, but because we seem to have lost the competence and drive for major scientific achievement.

It's an increasingly common problem. Conferences only have so many slots to fill, and there are always too many good presentations to consider. Inevitably, some of the good ones get rejected, meaning they would never see the light of day. Until now.

Help us promote a new way of saving good presentations! Please support BSidesLasVegas!

For full details on the conference, please visit the BSidesLasVegas site.

Follow SecurityBSides on Twitter.

A sampling of scheduled presentations: HD Moore, author of Metasploit; Mike Kershaw, author of Kismet; and, a power-packed panel talking about professional image and gender issues for females in security.

Continuing my line of thinking from my previous post, "Do You Need a Security Department?", I wanted to speak to this notion of having responsibility without authority. It seems to be a problem common to many security people in their respective organizations, and it perplexes me greatly.

(There's been some confusion about my post here. I'm not saying you "can't" setup a security department. I'm questioning whether you "should" set one up. I wonder if we've not created major problems for ourselves by taking too much direct ownership over the years, effectively creating a "nanny state" where the front-line folks aren't actually expected to act responsibly.)

I had an interesting discussion with my boss today, and I think it warrants further exploration. To give a little background, I'm the head of security for a mid-size tech firm. My role is new, meaning there haven't been any "formal" security practices in the past. Note that this does not mean they've not been doing security "stuff" - just that there hasn't been anything formal around it.

One of my challenges in this position has been to determine how best to setup a formal security program. This is a well-established company, with a variety of obligations and requirements, and that is running on a tight staff. There are not spare people to go around, which means that getting much of anything done is an uphill battle.

Hey kettlebell enthusiasts - guess what?!? John Du Cane of Dragon Door has announced that Pavel will be bringing the Russian Kettlebell Challenge to the east coast for the first time ever! The RKC will be October 9-11 in Philadelphia, PA.

Interested in attending? Sign-up by July 29th and save $1,000! For more information, head on over to Dragon Door.

Response to "Sue the Auditor..."

My friend, Ben Rothke, asked me to post my comments to his recent piece "Sue the Auditor and Shut Down the Firm" over on CSO Online. The topic is one I've thought about a lot over the years; namely, how do you control quality and performance for 3rd party auditors. After all, quality is the core problem being targeted in the Savvis law suits, and the basis of the aforementioned article.

"You keep using that word. I do not think it means what you think it means."

Enough, please, dear kind souls. And the same for the rest of you lot. Let us all please stop using "cyber" as a prefix to anything and everything computer-related. Mmmmm-kay? Seriously...

Whoever decided that "cyber" meant computers and networks is apparently not very bright. I don't know who to blame, but blame definitely needs to be placed. According to Dictionary.com, cyber is "a combining form meaning “computer,” “computer network,” or “virtual reality,” used in the formation of compound words (cybertalk; cyberart; cyberspace) and by extension meaning “very modern” (cyberfashion)."

InfoSec as Counterculture


I've been (w)racking my brain for quite a long while as to why this whole infosec thing just doesn't seem to get through to people. Why are we still having the same conversations over and over and over and over again? Einstein is famously quoted for defining this practice as insanity ("Insanity: doing the same thing over and over again and expecting different results."). Namely, we're banging our heads against the brick wall that is "business" and coming up with the same stupid answers with the same stupid results.

About this Archive

This page is an archive of entries from July 2009 listed from newest to oldest.

June 2009 is the previous archive.

August 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives


  • about
Powered by Movable Type 6.3.7