So here we go:

DC Sleeps Alone Tonight

I had never really partied in DC before, and it makes VA Beach look like an elementary school playground. There are so many places to go, it’s a bit overwhelming. I should’ve paid more attention to the actual names of the places we went, but I know The Reef, Bourbon, and Adams Mills were pretty decent.

Friday night involved roughly 50 people from the podcaster meetup at the Chipotle near the Marriott Wardman. It was basically a train of geeks bar hopping, and while we didn’t cause any damage or get into any trouble (c’mon, geeks!) it was very entertaining.

Saturday night was even bigger, with the entire Adams Mill bar being taken over by Shmoocon people. Picture well over a hundred geeks talking about linux or hacking or whatever with a billion attractive women walking around, and those women finding themselves lacking attention. Well okay i’m fibbing a little, but hey this is semi-professional right? :)

Mirror Mirror on the Wall

I think one thing a lot people never really understand is how massive the hacking community is. With roughly 1200 people in attendance, there were people from all walks of the industry around. Everyone there was probably the enemy of someone, but we all got along and learned a bit from each other. I did notice that a large percentage of those there were affiliated with the government in some fashion, either military or as a civilian employee.

Hak5

I had the pleasure of running into the guys from Hak5, and befriending most of ‘em. I have to work on getting my presence up on their site though, haha. We definitely had a hell of a time in and around Adams Mills on Saturday and I’m looking forward to hanging with them again. Go watch their podcast if you haven’t, and hit up their site at http://www.hak5.org

What was interesting was that the presentations themselves, while great, were actually not the meat of the conference. It was all about meeting and talking with other people who work in the industry, and actually care about what they do. It felt so awesome to be surrounded by people who actually understood their field, and weren’t in it just for the paycheck (although paychecks are definitely a reason).

I’m definitely going next year.

Unlike the first day, this was more about one presentation for me than any of the others.

G. Mark Hardy presents A Hacker Looks at 50: This was my personal favorite for the weekend, not only because he grew up in Western New York (where I am from), but because he is a hacker in the purest sense of the word.

He talked about figuring out the admin username and password for the mainframe at his school and successfully taking “rooting” (in modern dialogue) the entire Western NY school network. It was very cool to see the connection between what we see today, and what people saw back then when they were the age we are now. There is a lot to be learned from those with experience and wisdom in the field, as not everything is about the executable, perl script, or batch file that you run.

I spoke at length with some of the vendors, one being AirTight Networks. Their enterprise wireless network management solution was quite interesting, as it allows an organization to control which wireless access points their customers (or users) are able to connect to, being able to prevent them from connecting to rogue access points or any that they are not authorized to be on. It’s highly configurable.

One reason I mention their product is the fact that the Navy Exchange is in talks with them right now to license and use their technology, according to their Sales Rep, that is. With a few DoD entities already leading the way with secured wireless networks, the Navy ought not to be that far behind, as we traditionally never are with new technologies. The cost savings of going completely wireless can be enough to warrant serious consideration.

Later..

I ended up skipping the hack or halo event for the Shmoocon sponsored party at Adams Mills, which was quite the party. There had to be at a couple of hundred geeks just completely owning this place. I made some good friends out of the deal, and then turned in for the night.

Registration was supposed to start at 1pm according to the guide, but it was more like 1:40ish. In any event Andy and I were all set by 2pm and collected some vendor swag, had an appetizer upstairs at the Pub built into the hotel, and hung out till things kicked off at 3:30pm.

Opening comments were by the Shmoo group staff, I forget the guy’s name now but i’ll get it later. He was decently entertaining, and basically is the founder of this thing, so he drives the flow of everything. I’m going to summarize each speaker:

H1kari presenting Hacking the Airwaves with FPGA’s: This was a very strong presentation, he demonstrated using programmable circuits with FPGAs (see the wikpedia page for more details) to crack all sorts of passwords and hashes MUCH faster than normal. These things weren’t cheap though.

Eoin Millerand Adair Collins presenting Auditing Cached Credentials with Cachedump: I thought this was a rather weak presentation. On a technical level this was fairly interesting, although not very difficult to understand. Most of what they proposed probably would not work in an enterprise environment though, as it would limit a lot of remote admin capability. They did not seem to come off like SME’s with this stuff though, which kind of put me off to it.

Adam Shostack presenting Security Breaches are Good for You: Pretty much his entire presentation was common sense, and devoid of much actual knowledge or factual information. Just a guy ranting about companies being evil. We all know about how bad it is to not disclose a security breach, so this was nothing really new. No offense to ya Adam, just expected a little more substance.

Johnny Long presenting No Tech Hacking: This is probably going to be the absolute best talk this weekend, and it’s only Saturday! Johnny was extremely hilarious, and his information was very insightful, spot on. I very much enjoyed those 30 minutes, the guy is a genius. It’s amazing what kind of information people just leave out there for anyone to take advantage of.

Deviant Ollam, Noid, and Thorn presenting Broomstick-Fu: Fundamentals of Physical Security: Nothing against these guys, but this was pretty much a 30 minute NRA campaign. I was expecting more in the way of physical security and how it related to the whole information security picture, all the stuff you’d find in the CISSP domain, for example.

Sergey Bratus presenting Simple Entropy-based heuristics for Log and Traffic Analysis: This was probably my least favorite, mostly because Sergey wasn’t a very engaging speaker, but also because the content didn’t really apply to me. This was something Pete might love actually, as it was very much centered around data manipulation.

The Keynote address was by Dr. Avi Rubin from Johns Hopkins, who talked, for the most part, about legal issues associated with hacking, fair use, and even went into the Diebold voting machine fiasco. I was only really around for the first 10 and last 10 minutes of it, nothing earth shattering in his speech though.

That wrapped up Day One.

The other day I was greeted to a YTMND page, and usually I don’t like those very much, but this one in particular is different.  There’s nothing weird on it, just a picture, a very very humbling quote, and extremely good background music.  The theme centers on a picture of our Planet Earth taken from deep space, and the quote by Carl Sagan is really spot on regarding the human race.

Pale Blue Dot

In other news, my coworker Andy and I are on track to arrive in DC for Shmoocon 2007 Thursday evening.  We’ll be staying a little ways from the Marriott Wardman due to the lack of rooms there, although I might try to find out more about that tomorrow.

I’m looking forward to seeing some colleagues from SANS as well as podcasters from Pauldotcom.com and Hak5, and I believe Cyberspeak as well.  I’ll definitely have some pictures up here at some point, and we’re going to try to collect as much data as possible from the event, as we will be using it to brief/train other people at work when we get back, based on what we learn.  I’m very excited.

With that said, here are some of the things i’ve been up to in the last 6 days:

Movies: Finally got around to watching Pirates of Silicon Valley. I thought it was pretty interesting, and certainly portrays, at least from my perspective, a decently accurate story.

Music: Jack Johnson, Mark.Nine, starboard morning, Mike Masquith (the last three were free on amiestreet.com)

Games: MLB2k(Xbox360) is about the worst baseball game i’ve ever played. Of course I don’t traditionally play them, so perhaps it’s just me. I’m getting better at NCAA07(Xbox360), I do like the pacing a little better than Madden. Nothing much beyond those.

Podcasts: PaulDotCom, net@nite, CyberSpeak, and Hak5. All very very informative.

Career: The first CISSP study group that the local ISSA chapter is doing is so far very outstanding. I feel a lot better about my chances at passing the exam.

On a sad note, I might not have support from work for Shmoocon 2007 and will likely have to sell my tickets. I simply don’t feel like wasting the hotel room money right now. There still might be a change to this, so we’ll see.

My acoustic guitar from music123.com arrived today, and i’m going to play around with it for a while.

Thanks for reading!

Checking up on packetstormsecurity.com today I see confirmation of what has been getting a lot of news lately — rootkits. According to pandasoftware (the vendor of the Panda antivirus/antispyware/etc products) there was a substantial increase in rootkits last year.

I believe we’re going to see that activity peak in the next year or two as techniques become more advanced for implementing them. In our SANS class this week some of us have traded ideas about how to implement and also defeat these things. I’ll probably touch more on this later next week.

CTF

I’m all geared up for our little “Capture the Flag” competition tomorrow. This will be the first time i’ve actually tried to hack into something, and i’m eager to see if I can figure it out. I have four computers on in my office right now, and am waiting for the house to catch on fire.

SANS

Sadly, the competition is the last event for the Community SANS Norfolk 2007 event. I’ve had a really good time and met some people who I plan on continuing professional relationships with. Hopefully I can take what I have learned here and better apply myself in this field. I will be writing up a bit of a report on generally what the course was about, and what I took out of it sometime in the next week or two, definitely before the upcoming Shmoocon event in Washington, DC in two weeks.

Shutting down and turning in.

-Chris

Tonight was the local ISSA meeting for the Hampton Roads area (ISSA-HR), and boy did I learn a lot.  I plan on becoming a member as soon as their website is functioning again, and also participating in their CISSP Study Group, which runs from March 13th through May 29th.  I have plans to take the exam with them in June as I already have a voucher.

Time to rest up and learn some more tomorrow.

Many professions within the computer industry umbrella do not have such credentialing bodies, especially within computer engineering and computer security. There are degrees, vendor and vendor-neutral certifications, however there is no such thing as the equivalent of a bar exam, or a license to practice. I believe that while this should not be necessary for most situations, however, if one is going to testify in a courtroom as an expert, they should have some sort of credentials to prove what they claim to know that aren’t possible to obtain with a credit card and a couple of hours taking a test online.

Enter UMG v. Lindor, a currently ongoing lawsuit with the defendent accused of illegal file-sharing. If you care to read the full details of the case, you can find them at a blog run by the law firm representing the accused: Recording Industry vs The People.

The deposition of the RIAA’s expert, Dr. Doug Jacobson of the Iowa State University, was made available online on Mar. 1. You can find the links to each part of the deposition at the above blog, or a text transcription of it available on Groklaw: Dr. Jacobson’s Deposition. Here is an easier to read version by Groklaw user “The Cornishman”: Dr. Jacobson’s Deposition, reformatted.

One of the most fascinating parts of this deposition, is where Dr. Jacobson is asked about his forensic and investigative methodology. From his answers, it would appear he has no methodology, and did not properly document his investigation. This is inexcusable, especially for something admitted in a court of law.

I have limited forensic experience, but from what I have done, I know that proper logging of every last detail is essential to preserving evidence, and the chain of custody associated with that evidence. If you contaminate your evidence, it becomes useless from a legal point of view.

Official/Semi-Official channels:

The SANS Internet Storm Center (ISC):  http://isc.sans.org

Secunia:  http://secunia.com

SecurityFocus:  http://www.securityfocus.com

US-CERT Current Activity page:  http://www.us-cert.gov/current/current_activity.html

Unofficial:

Slashdot:  http://slashdot.org

Google News (Sci/Tech and Business):  http://news.google.com

InfoSecNews Mailing List:  http://www.infosecnews.org