Irony: this weekend (Apr 21–22), NPR’s Wait Wait˙ Don’t Tell me! re-ran a segment with author Jack Gantos. In it, Jack Gantos makes a crack at the University of Florida:
I drove up to University of Florida. It looked just like my high school — a giant football facility with a small academic institution
Apparently, University of Florida thought this was a compliment. Forbes reports (via) that University of Florida has eliminated research & graduate work in its Computer Science department, while simultaneously significantly increasing funding for athletics.
A clarification missing from the Forbes article: UF is eliminating research and graduate work in its computer science department, just like it did for its nuclear engineering department the year prior. The departments will remain as severely gimped teaching-only undergraduate departments… not unlike a glorified community college.
Keep it real University of Florida!
An overview of the Go Programming Language version 1.0 (released March 28th 2012). We will cover the basics of the language, how it differs from the other choices, and why you would want to use it to write server side software. The emphasis will be on what makes Go unique like built in concurrency and communicating sequential processes. We will start off with a general description and proceed to the level of how go routines work under the covers.
More Information:
About Bob Hancock:
Bob Hancock is a principal in Sirguey-Hancock, Ltd. a New York based consultancy. He is a polyglot programmer (C, C++, Go, Java, Perl, Eiffel,Python, Go and more) and is obsessed with performance and scalability. He is also the manager of the Google Developer Group and co-organizer of NYC Python.
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
Open webOS is a Linux-based platform designed on open standards. It provides a touch-optimized user interface that embraces the Web. In this talk, you will discover the various sub-projects and related technologies that make up webOS, from the low-level Platform Portability layer, through the Isis WebKit browser and finally to the cross-platform Enyo JavaScript framework. You’ll learn about the underlying technologies and find out how you can contribute to their development. In addition to the technical aspects, a brief history of webOS will be presented.
More Information:
About Roy Sutton:
Roy Sutton is a Developer Relations Engineer with HP’s webOS group. He assists developers in developing applications for and porting applications to the webOS platform. He has been developing mobile applications for longer than the term “mobile computing” has existed. He is curator for webOS101.com, a webOS development wiki. You can also follow him on Twitter: @pre101.
Notice! We are back at Google Chelsea Market at 6:30pm for the rest of the year!
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
Open webOS is a Linux-based platform designed on open standards. It provides a touch-optimized user interface that embraces the Web. In this talk, you will discover the various sub-projects and related technologies that make up webOS, from the low-level Platform Portability layer, through the Isis WebKit browser and finally to the cross-platform Enyo JavaScript framework. You’ll learn about the underlying technologies and find out how you can contribute to their development. In addition to the technical aspects, a brief history of webOS will be presented.
More Information:
About Roy Sutton:
Roy Sutton is a Developer Relations Engineer with HP’s webOS group. He assists developers in developing applications for and porting applications to the webOS platform. He has been developing mobile applications for longer than the term “mobile computing” has existed. He is curator for webOS101.com, a webOS development wiki. You can also follow him on Twitter: @pre101.
Notice! We are back at Google Chelsea Market at 6:30pm for the rest of the year!
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
(Disclaimer: although I do not work for government, I will use the term cyber security when I speak about general computer security, network security, information security, or application security topics. Cyber security is as good a term as any, and since most people at least have some form of gut reaction to the term, I'll use it. When I talk about specific sub-disciplines in the field, I will use more focused verbiage).
Lately, I have been thinking quite a bit about teaching cyber security to college students (graduate and undergraduate) as well as to people who are active in the cyber security field and who are looking for professional development and/or training.
The discussion more-or-less started last year, at SOURCE Boston 2011, where a panel discussed questions like
- Is there a role for higher education in information security research?
- Is information security mature enough to be teachable?
- What skill set should information security faculty possess?
One of the topics that came up over and over is that people do not see much need in textbook knowledge, but do place a lot of value on hands-on skill development.
Although I spent a lot of time in school, and I have been exposed to countless hours of classroom style teaching, the courses that stand out the most are the ones in which I was made to work hard, address realistic problems, and put relevant skills to the test. Now that I am on the other side, I have to admit that I find myself teaching lecture-style all too often.
Although I do not enjoy lecture style learning all that much, all too often, I end up teaching that way. Sometimes that is because the topic doesn't really lend itself to hands-on learning, and sometimes it is simply a matter of logistics. However, the teaching style that I prefer most is very light on talk-and-listen and high on hands-on content. When I am able to teach in that style, student evaluations are consistently the higher than in lecture setups.
The concept that teaching through experience is nothing new; we have seen it for centuries in master-apprentice relationships. These days, we call it 'experiential learning' and many colleges are now exploring the benefits of such 'high-impact' teaching methods.
In our field, experiential learning can take many forms, and I feel confident enough to state that many of the most successful and well-known security professionals who are active in the field presently are self-taught, and have developed their skills through experience and hard work.
So, if, by looking at my own experience, and by listening to others, many people feel that the most effective way of learning is through this experiential learning thing, the questions become:
- What topics should students be exposed to in school if they are looking for a career in cyber security?
- Of these topics, which are well-suited for experiential learning?
- Of these experiential learning topics, what kind of experience would be useful to acquire the relevant skills?
Note that not all topics are suitable for such hands-on learning. Some topics may not translate directly into actionable skills, but are necessary to build the proper conceptual framework and establish terms-of-reference. As with any topic, basic, foundational skills are needed before practical skills can be developed. The trick is to find the right balance.
In future posts, I will discuss what topics I think students should learn, how well they can be developed into experiential programs, and what techniques we can use to do so.
A while back a group of friends wanted to organize a photowalk so we ended up going to the Lankester Gardens and I brough Georgeanela along to have someone to take photos of.
I only took a handful of photos of Geo as I did more talking that taking photos
-LM
Puppet is an open source configuration management tool. System administrators have long written custom scripts and tools to help automate common tasks such as configuration management and system updates. But as networks scale and reach outside the corporate firewall, custom tools become yet another management headache.
The benefits of automated infrastructure go beyond policy-enforced consistency and auditing. In conjunction with virtualizaton, the ability to reliably create new systems running consistent services creates auto-scaling applications as well as test systems identical to production environments.
Puppet abstracts the system from the system administration, providing developers and system administrators with a simple service-based policy framework that allows for more consistent, transparent and flexible systems. It is written in Ruby and released under the GPL until version 2.7.0 and the Apache 2.0 license after that.
More Information:
Meeting location change! Please note that this is a different Google office than our previous two meetings. An RSVP and a photo ID will be required to obtain entrance to this location. If your RSVP does not contain your real name, then please answer the RSVP question with the name on your ID or contact us some other way.
The meeting will be on the 5th floor in the room named “Water Tower Cafe.” We can enter the building at 111 8th Ave. Please provide your name and “nylug/puppet” to security and then obtain a badge from our google hosts in the lobby before heading to the meeting room.
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
Puppet is an open source configuration management tool. System administrators have long written custom scripts and tools to help automate common tasks such as configuration management and system updates. But as networks scale and reach outside the corporate firewall, custom tools become yet another management headache.
The benefits of automated infrastructure go beyond policy-enforced consistency and auditing. In conjunction with virtualizaton, the ability to reliably create new systems running consistent services creates auto-scaling applications as well as test systems identical to production environments.
Puppet abstracts the system from the system administration, providing developers and system administrators with a simple service-based policy framework that allows for more consistent, transparent and flexible systems. It is written in Ruby and released under the GPL until version 2.7.0 and the Apache 2.0 license after that.
More Information:
Meeting location change! Please note that this is a different Google office than our previous two meetings. An RSVP and a photo ID will be required to obtain entrance to this location. If your RSVP does not contain your real name, then please answer the RSVP question with the name on your ID or contact us some other way.
The meeting will be on the 5th floor in the room named “Water Tower Cafe.” We can enter the building at 111 8th Ave. Please provide your name and “nylug/puppet” to security and then obtain a badge from our google hosts in the lobby before heading to the meeting room.
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
Puppet is an open source configuration management tool. System administrators have long written custom scripts and tools to help automate common tasks such as configuration management and system updates. But as networks scale and reach outside the corporate firewall, custom tools become yet another management headache.
The benefits of automated infrastructure go beyond policy-enforced consistency and auditing. In conjunction with virtualizaton, the ability to reliably create new systems running consistent services creates auto-scaling applications as well as test systems identical to production environments.
Puppet abstracts the system from the system administration, providing developers and system administrators with a simple service-based policy framework that allows for more consistent, transparent and flexible systems. It is written in Ruby and released under the GPL until version 2.7.0 and the Apache 2.0 license after that.
More Information:
Meeting location change! Please note that this is a different Google office than our previous two meetings. An RSVP and a photo ID will be required to obtain entrance to this location. If your RSVP does not contain your real name, then please answer the RSVP question with the name on your ID or contact us some other way.
The meeting will be on the 5th floor in the room named “Water Tower Cafe.” We can enter the building at 111 8th Ave.
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
Puppet is an open source configuration management tool. System administrators have long written custom scripts and tools to help automate common tasks such as configuration management and system updates. But as networks scale and reach outside the corporate firewall, custom tools become yet another management headache.
The benefits of automated infrastructure go beyond policy-enforced consistency and auditing. In conjunction with virtualizaton, the ability to reliably create new systems running consistent services creates auto-scaling applications as well as test systems identical to production environments.
Puppet abstracts the system from the system administration, providing developers and system administrators with a simple service-based policy framework that allows for more consistent, transparent and flexible systems. It is written in Ruby and released under the GPL until version 2.7.0 and the Apache 2.0 license after that.
More Information:
Meeting location change! Please note that this is a different Google office than our previous two meetings. An RSVP and a photo ID will be required to obtain entrance to this location. If your RSVP does not contain your real name, then please answer the RSVP question with the name on your ID or contact us some other way.
We are still finalizing precisely which meeting room in the building will be used. We will update you with the exact details as soon as we can. (We may have to enter at the other side of the building: 76 9th Ave. rather then 111 8th Ave.)
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
Puppet is an open source configuration management tool. System administrators have long written custom scripts and tools to help automate common tasks such as configuration management and system updates. But as networks scale and reach outside the corporate firewall, custom tools become yet another management headache.
The benefits of automated infrastructure go beyond policy-enforced consistency and auditing. In conjunction with virtualizaton, the ability to reliably create new systems running consistent services creates auto-scaling applications as well as test systems identical to production environments.
Puppet abstracts the system from the system administration, providing developers and system administrators with a simple service-based policy framework that allows for more consistent, transparent and flexible systems. It is written in Ruby and released under the GPL until version 2.7.0 and the Apache 2.0 license after that.
More Information:
Meeting location change! Please note that this is a different Google office than our previous two meetings. An RSVP and a photo ID will be required to obtain entrance to this location. If your RSVP does not contain your real name, then please answer the RSVP question with the name on your ID or contact us some other way.
We are still finalizing precisely which meeting room in the building will be used. We will update you with the exact details as soon as we can. (We may have to enter at the other side of the building: 76 9th Ave. rather then 111 8th Ave.)
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
I asked Mariela if she would allow me to take some portraits of her and she was happy to. Met her at a concert of a local band I was photographing
For this session I decided that it would be awesome to use my parents' house as they have many areas and lots of colorful walls
Not to mention the big windows that exist throughout the house.
I even brought out my Kiev 88CM for this session. I was an awesome session and more photos will be posted later on.
-LM
Met Eduardo and Carolina a while back when I took photos of Carolina for a promo that would be used by Eduardo's band Cosmica, you can see more about the promo here, and then later took photos of the band Cosmica. So I asked Eduardo if he would be willing to be part of a session
For this session we travelled to "El Bosque de la Hoja" which is a forest that's near my house. First time I visited the place and it's simply awesome plus offers a lot of shade and places to take photos
Naturally I had to get a couple of photos of them together.
There were some patches of light that were simply awesome for photos.
-LM
Puppet is an open source configuration management tool. System administrators have long written custom scripts and tools to help automate common tasks such as configuration management and system updates. But as networks scale and reach outside the corporate firewall, custom tools become yet another management headache.
The benefits of automated infrastructure go beyond policy-enforced consistency and auditing. In conjunction with virtualizaton, the ability to reliably create new systems running consistent services creates auto-scaling applications as well as test systems identical to production environments.
Puppet abstracts the system from the system administration, providing developers and system administrators with a simple service-based policy framework that allows for more consistent, transparent and flexible systems. It is written in Ruby and released under the GPL until version 2.7.0 and the Apache 2.0 license after that.
More Information:
Meeting location change! Please note that this is a different Google office than our previous two meetings. An RSVP and a photo ID will be required to obtain entrance to this location. If your RSVP does not contain your real name, then please answer the RSVP question with the name on your ID or contact us some other way.
We are still finalizing precisely which meeting room in the building will be used. We will update you with the exact details as soon as we can. (We may have to enter at the other side of the building: 76 9th Ave. rather then 111 8th Ave.)
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
A topic that I have not yet seen addressed much, but which has been a growing pain in my daily practice, is identity management in SaaS environments. We all know the routine: Human Resources calls to terminate all access from user Jane Doe at 3pm sharp. Ideally, all authentication and access is managed via an IdM solution. In practice, there are several, if not dozens, of SaaS web sites that users throughout the organization use, and on which they have created accounts. If you are lucky, these accounts are associated with the organization, but it is not uncommon to find people signing in with their private @gmail.com, @yahoo.com, or @hotmail.com addresses.
While working on explaining the Enigma machine to a group of students, I needed to do some math to figure out in how many ways 6 pairs of characters can be selected from the alphabet (a-z). Normally this would be fairly straightforward, but there are some complexities:
- The order within each pair does matter, but the order of the pairs does not.
- Once a character has been chosen as the first character in a pair, it cannot be the same character in any of the other 5 pairs.
- Once a character has been chosen for the second character in a pair, it cannot be chosen as the second character in anyh of the other 5 pairs.
These restrictions are most easily illustrated by an example:
(a,b) is not the same as (b,a)
(a, a) is allowed
( (a, b) (c, d) ) is the same as ( (c,d) (a,b) )
( (a, b) (a, c) ) is not allowed
( (a, b) (c, b) ) is not allowed
how many different ways to select pairs are possible?
Recently took a trip to Lankester Gardens to take photos of Diana
I really love the photo above. The following photos were taken on film.
-LM
Recently had a session with a couple of friends and we took the trip to the Lankester Gardens in Cartago
Karol has been featured before on this blog and it's always awesome to take photos of her and her interesting clothing designs
First two photos were taken digitally and the following photos were taken on film
Really like the Lankester Gardens as they offer quite a lot of different places where photos can be taken
More photos will be posted later this week.
-LM
Karla is my wife and we've been married for a little more than 2 years as I write this and I've been able to capture a couple of portraits of her...mostly because she isn't the type that will sit for a couple of minutes while I take the photo
Interesting to look back at all of these photos and remember what we've been through. All of the photos in this post were taken with my 3 film cameras throughout various points in our life. Like the one that was taken at our friend's wedding
Or the one where she's sitting at my parent's house's stairs whilst pregnant with our first daughter
Some I can't simply remember when they were taken...
And then there are these two which are the most recent ones and when she told me that I never post the photos I take of her :)
-LM
This talk will provide a quick but intense introduction to the R Language: a free software environment for statistical computing and graphics. It is open-source (mostly GPL-2), available for several platforms, and thrives in Linux. The talk will be largely example-driven, with plenty of takeaway material and code examples. I’ll argue that it’s simply the right language for data exploration and statistical analysis, and is particularly fantastic for graphics and code development. I’ll conclude by introducing the package management system (and the Comprehensive R Archive Network — CRAN) and the C/C++ interface.
More Information:
About Jay Emerson:
Jay Emerson is Associate Professor of Statistics, Yale University. Jay teaches both graduate and undergraduate courses and often includes timely real-world problems and examples in his lectures, an intersection of teaching and research. For example, he collaborated with the Wall Street Journal in uncovering the infamous stock option backdating scandal, and he demonstrated a design flaw in the new scoring system used for international figure skating competitions. He has worked on Bayesian change point analyses and created the “generalized pairs plot” for the R Statistical Programming Environment. He has worked towards a scalable solution for statistical computing with massive data, extending support for the management, analysis, and exploration of massive data sets in R.
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
Spaceport America is “the world’s first purpose-built commercial spaceport”. Wonder what it looks like? You can now find it on OpenStreetMap, one of the many things I’ve been mapping in New Mexico’s barren & isolated Jornada del Muerto. I’ve indicated various Spaceport America structures, like the state-of-the-art Terminal Hangar Building and Spaceport Operations Center. I’ve yet to accurately locate Spaceport America’s vertical launch pad, which has been in use since 2007.
No, it’s not on Bing Maps, Google Maps, or any of the other Web mapping competitors—just in case you needed a reason why crowd-sourced geodata (or VGI) can’t be beat.
Want an aerial photo of Spaceport America? Over on Flickr I’ve a screencap from the USDA’s public-domain NAIP 2011 release, pretty much the only source for high-resolution imagery of the middle of nowhere.
I will be hosting a meeting of OWASP Long Island on Thursday, February 16th, at Adelphi University. We will continue with the hands-on lab exercises that we started in December.
Seating is limited, so be sure to sign up soon after the announcement goes out on the OWASP-LI site. More information regarding time and place will be made available on that site also.
Chef is a platform for building automated application infrastructure.
This talk examines infrastructure as code, the evolution of a typical
application’s infrastructure over time, and how Chef’s strategy to
configuration management makes it easy to develop, scale and change.
Example code will be examined showing how to achieve emergent
topology, and contrasts Chef with other CM strategies such as golden
image cloning.
More Information:
About Sean OMeara :
Sean OMeara is Technical Evangelist for Opscode, and worked as a
Systems Administrator for over 13 years.
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
Not the first session I do where the main subject is a car...or cars as was the case on this session
First we have the Audi which belongs to a coworker. Gotta say that this is one of my favorite photos from this session.
Then we have the BMW which belongs to the friend of the coworker. This was taken on Fuji Superia 400 and then converted to B&W on post-process.
For this session I took out my Mamiya RZ67 camera and used a roll of Kodak Portra 400. And finally a shot of Julio.
by Robert Menes (noreply@blogger.com) at November 22, 2011 07:10 PM
I hosted the local Long Island chapter of OWASP last night at my place of work for a hands-on evening of playing around in a bring-your-own-laptop lab environment. I had set up an virtual infrastructure that was so vulnerable to attack that it almost looked like a real work place.
For this session, the OWASP guys provided bootable BackTrack 5 RC1 DVDs, and I provided the virtual machines, a switch, power, networking cables, etc. After a brief introduction, we got started right away.
We went through a number of hands-on exercises, ranging from quick exercises with the Metasploit Framework and the w3af to arp poisining and dsniff. After having identified some credentials on the wire, we did some hands-on exploitation of a SQL injection flaw, and we mucked around a bit more with other "features" in this custom-developed web app. All in all, we managed to covered about 6 examples of the OWASP top-10. Around 10:30pm, we called it quits and wrapped up for the night, but not after having agreed to a to-be-continued sessions some time in January.
As a firm believer in hands-on learning (in addition to studying texts), it was very satisfying to see how quickly participants who may have never even used a Linux distribution, took to getting into "breaking stuff". As everything was running on a virtual infrastructure, participants did not have to be afraid to cause accidental damage, and that showed ;)
All-in-all, I think we had a good time. Next time, I'll make a few more tweaks and bring a slightly more powerful server for the VM infrastructure, but that's about all that needs to happen to take this show on the road.
A few weeks ago, I started listening to another podcast: WHY? Philosophical Discussions About Everyday Life, hosted by philosopher Jack Russell Weinstein.
Listening through the backlog, I found an excellent show, Episode 28: “On Liberty and Libertarianism” with guest James Otteson. In it, Jack and James philosophize about so-called “Libertarianism”, talking about how government should relate (or not relate) to both social and moral issues.
One of James’ fantastic talking points was on traffic. In short, all the rules and regulations that both drivers and pedestrians must follow are dehumanizing. Destroying the human connection between driver and pedestrian takes the social issue of road sharing and turns it into… well, something else, where drivers and pedestrians no longer need to think—it becomes a matter of just reading signs, staying within lines, and blindly following the guidance of blinking lights.
In the show, they discuss a Finnish town with a high number of traffic accidents. The town removed traffic lights, stops signs, and other regulatory sundries and traffic accidents went down.
They’re beginning to do the same on London’s Exhibition Road in the UK:
The idea is that when driving zones are heavily delineated, drivers tend to be on autopilot, focusing on other cars rather than pedestrians or cyclists. That’s why London has so many guard rails on either side of pedestrian crossings, preventing pedestrians from straying into the road where they’re not supposed to. But 10 years ago, Kensington and Chelsea experimented with removing the railings from Kensington High Street and found that the number of pedestrian accidents dropped by 60%. It seems that when drivers are forced to be more aware and pedestrians are forced to take more responsibility for themselves, everyone is safer. Rules, it seems, were counterproductive.
Interestingly enough, The Guardian publishes this in the Arts & Design section and describes the movement as liberal. In my opinion, it’s anything but. Leave it to the Europeans to re-pioneer freedom & common sense.
In September, I was asked to deliver a guest lecture on network forensics to a group of undergraduate criminal justice students with very few format computer science of networking training. This one ranked fairly high in my list of interesting challenges, so I decided to pick up the gauntlet.
The class took place last week and went fairly well. The group was relatively small, but I was able to connect with them and get some interaction going. I started out by asking the people there what "the network" looked like; for illustration purposes, I had brought a patch cable and a switch. At this point, students started to realize that it may be a little problematic to acquire a network patch cable ;)
I proceeded by explaining that a typical network infrastructure has very little persistent data, and that the technology must be prepared ahead of time to capture useful data data is forensically sound. We spoke briefly, and at a very high level, about networking, IP addresses and ports, which flowed into the concept of a "Pen Register and Trap & Trace devices for the network" Enter: netflow".
At this point, it was time for an exercise and I provided the students with two Excel files. One file contained an excerpt from an inventory database, and the other contained 15 minutes of (actual) netflow data from a single sensor. The 15 minute window amounted to a spreadsheet with about 650,000 lines. The assignment was to identify which computers in a specific lab were interacting with Gmail at a specific time. My objective was to show the level of detail that we can obtain by just looking at flow data, AND the sheer size of the data set that we have to deal with.
After netflow, we went on to full packet capture. It was evident very quickly that the students would be wholly unable to deal with that by themselves (remember: these were criminal justice students without much computer science and/or networking experience!). Instead, I demonstrated the solution to a scenario for them that revolved around the theft of a company's intellectual property. The file that was leaked was called 'ProductDesign.zip'.
While preparing for class, I had set up a hypothetical workgroup network with one server and three employees. The server was an email hub (webmail, imap, pop), a secure file storage, and a department directory.
The employees were John- a senior engineer, about to retire on a very small pension, Mary, who just married somebody from the Ukraine, and Janice, an intern pursuing a marketing degree.
The first step towards the solution was inspection of the web server logs. They revealed that exact time that John downloaded the file in question. Further scrutiny revealed that the file was downloaded from Mary's PC.
At this point, I asked for hypothesis. We got some very interesting ones!
However, looking more closely, we can see that Janice's PC might have had a remote desktop connection open to Mary's computer. At this point, we have all three employees as possible suspects.
Going back further in time, we identified that Janice phished Mary and John under the pretense of assisting the IT department with collecting preferred usernames/passwords that would be set after weekend maintenance.
Janice is now prime suspect.
Looking at what happened after ProductDesign.zip was downloaded, we see that less than 10 minutes after one of the downloads, Janice sent an email from her work account to an anon23@evil.local that listed "it is done. I have a copy on my USB disk".
From a network forensics perspective, we have now identified a possible suspect, and pointed out two machines for forensics analysis (Mary's PC and Janice's PC).
The session took about 2 hours and included a tour to a networking closet ;)
All in all, I think the students picked up a few things.
I did save the virtual machines and the packet capture, so if you are interesting in doing something like this, feel free to let me know and I'll see what I can do to get the artifacts to you.
Although I admit that I am not entirely sure why, I am one of those people who enjoys obtaining professional certifications. I am brave enough to admit that ego might have something to do with it ;)
At the time of writing the post, I hold CISSP, GCIH, GCFA, CISM, CISA, and OSCP certifications and all of them are in good standing. That means that I have paid the annual dues, maintain my continuing professional education, and live up to audit standards.
However, staying in good standing takes efforts, and the more time I spend thinking about it, the more I am considering dropping the CISM and the CISA. The CISM was helpful when I took responsibility for a complete information security program, but now that I have a few years under my belt, I don't think it adds much value anymore. The same is more or less true for the CISA certification. While studying for the certification has been tremendously helpful to better understand how audit processes work, I don't ever expect to be an auditor.
So, at this point, CISM and CISA do not add much value to me, and I believe that I am at a point in my career that I don't need to distinguish myself by maintaining a laundry list of professional certifications. While ISACA (the certifying body for CISM and CISA) organizes local chapter meetings, I don't really feel drawn to them.
SANS certifications appeal to my inner geek; they demonstrate a level of technical understanding and, in some cases, may demonstrate some hands-on skills. The SANS certs also allow me to teach, which is one of my passions. Keeping them active is pricey, but I guess all hobbies have their cost.
That leaves the CISSP. The one thing that I have benefited from with the CISSP was that it helped me to develop an understanding of the width of the information security field. And, as sad as it is, CISSP certifications are too often a prerequisite to make it past HR filters. As the certifying body, (ISC)2 has never delivered anything of value to me.
Will dropping my CISSP make it harder for me to transition to another job, if I would ever want to do so? I don't know, but I am afraid it might.
Could (ISC)2 be doing a better job? You bet! But, in order to do so, it will need to change. Change is hard, and often needs new blood. Maybe it is time for (ISC)2 to shake things up a bit and appoint a new generation of leadership. Not coincidentally, (ISC)2 is currently in the process of electing their new board, and I believe that one candidate especially would be a very good choice to play an important role in that change.
It is for that reason that I endorse Wim Remes to run as candidate for the (ISC)2 board of directors. Please check out Wim's platorm at http://blog.remes-it.be/petition.html. If you are a CISSP in good standing, and if you also believe that (ISC)2 could do a better job at serving the community, please head over and consider Wim's platform.
As a mentor and a teacher, it is great to see your students grow up and do something useful with their lives.
Well done, Matt! How cool is it to see your name in the BlackHat speaker list? I look forward to seeing Hacking Chrome OS.
Time flies when you are having fun. Before you know it, another year has passed and Black Hat USA and Defcon are here again.
Like previous years, I will (attempt to) fly to Las Vegas to attend all of the Black Hat Briefings and some of Defcon. Ceasar's Palace is probably going to be awesome, and if the Rio improves the Defcon experience enough that I don't feel like I'm in a meat locker, I might try to attend the whole thing again next year.
As always, the programs for both conferences look fantastic. There will be some great speakers, and I'm sure there are going to be some not-so-great ones too. That's ok; that's part of the charm of both cons.
This year, I really don't have a strong agenda of what talks I want to see, and who I really need to meet up with. If you're around and feel like hanging out for a bit, feel free to shoot me an email, or catch me on Twitter. Right now, my plans are to arrive Tuesday morning and leave Friday afternoon.
If you are interested in getting trained in Hacker Techniques, Exploits, and Incident Handling by me, please take a look at this announcement. Once again, I have teamed up with SANS to bring their Security 504 course to Long Island. We will start classes on December 8, and will continue for a good 10 weeks on Thursday night from 7:00 p.m. - 9:00 p.m.
SEC504 is a class that will benefit any experienced system administrator, network administrator, developer, or information security professional who has a responsibility to protect their organization's computers, networks, or intellectual property. I will take you through the process that a cyber criminal follows, we will discuss and use(!) a large number of tools to illustrate cyber attacks, and we are going to learn about the incident handling process.
Let me know if you have any questions or comments.
The United States Defense Information Systems Agency (DISA) puts out quite a bit of reasonable information. Some of it is even entertaining!
In particular, I am referring to an unclassified project called Cyber Protect. Cyber Protect is a flash-based network security simulation game in which you take the seat of a cyber security architect and you have to work within a budget to purchase components to defend your network against evil hackers.
While there is a lot of talk about the fact that perimeters are fading, clouds are great (and secure?), and we need to enable ubiquitous computing, the simulation is based on the more traditional network security concept of defense in-depth.
Players get to chose from a wide range of tools to purchase and implement, ranging from firewalls, intrusion detection, access control, antivirus, and encryption products to end-user training, backup and system redundancy.
The game is amusing to play, and it does a decent job of making the point that "stuff" needs to be maintained after it is purchased.
It took me two tries to make it to a 100% score. If you have 20 minutes to kill, check out the product. You can find it at http://iase.disa.mil/eta/cyber-protect/launchpage.htm
As information security officers, it is our job to walk the thin line of implementing (and operating) controls, and enabling our business to do what they are there for in the first place. Often we do so by implementing technical controls that somehow claim that they make us more secure. I am talking about things like intrusion prevention, log management, etc.
While it sometimes may be necessary to have an IPS, a SIEM, and all kinds of other cool technologies in place, the real value that these tools provide is gained when they are handed to a person who has the skill and time to operate them, and who is able to extract meaning from all the different alerts, warning, notifications, and traffic lights that these devices produce and the mere push of a button.
I am a firm believer two of the most important processes that an ISO should take ownership of is creating a network situational awareness process and a good incident response process. In some (most?) environment, these detective/compensating processes might even be more important than preventative processes.
When looking at the preventative side, we all do things like implementing firewall policies, building antivirus capabilities into the fabric of our desktops (and servers), conducting regular vulnerability scans, building a patch management infrastructure and conducting occasional penetration tests. And, as much as these processes are important, they are expensive, slow and painful initiatives to start.
A few months ago, I have started taking a slightly different approach, which I believe will be very successful in the long run. I have started several working groups and some tasks forces. In my thinking, I generally distinguish three main governance structures:
Committees: involve (too) many people who meet in a formal setting on a not too-frequent regular schedule. Committees have broad mandates, are not time-bound, and provide recommendations. A committee does not make decisions, but they provide recommendations.
Working groups: have a clearly defined mandate and address concrete problems. Working groups are typically focused on a large problem that may require smaller task forces to address parts of the overall problem. Working groups meet somewhat frequently in a semi-formal setting. A working group has the potential to continue for a long time, but don't necessarily have to.
Task forces: are similar to working groups, but are more focused. Being on a task force is real work. You are expected to deliver your part of the work, do it well, and do it fast. A task force will have a single objective and work towards that objective without distraction. Once the objective has been met, the task force is dissolved.
The working group of which I am expecting a lot is the desktop management working group. Desktop management is one area in which we (as security professionals) can make major gains very quickly. The mandate of the of working group spans just about any desktop issue, ranging from changing to gold images to new software requests, software deployment strategies, antivirus selection, group policies, process changes, etc.
In the few weeks that the desktop management group has been in existence, we have identified several parties who are directly affected and who did not have a real voice up to this point. Now that they are part of the working group, we have seen several improvements already.
The turn-around time to our clients has improved, as has the consistency of the response that they are getting. Internal communications have improved.
By making some simple changes, I believe that we have already reduced our exposure. In the long run, my role as information security officer will decrease to that of a participant, and a more logical role will take the lead.
However, the fact that we have this group now is something that I feel has improved our security. And that is what this job is all about.
Today, every OS in the world requires regular reboots in order to be up to date and secure. Since reboots cause downtime and disruption, sysadmins are forced to choose between security and convenience.
Until Ksplice. Ksplice can patch a kernel while the system is running, with no disruption whatsoever. We use this technology to provide Ksplice Uptrack, a service that delivers important security and bugfix updates to your systems. (It’s free for Ubuntu Desktop and Fedora, and is also a free feature of Oracle Linux Premier support.)
In this talk, we’ll provide a detailed look into how the Ksplice technology works and how the Ksplice Uptrack service works, at a technical level primarily targeted at system administrators and developers, but largely accessible to the average user as well.
More Information:
About Waseem Daher:
Waseem Daher is a Senior Director of Software Development at Oracle. He joined Oracle through the acquisition of Ksplice, where he was cofounder and COO. He received both his BS and MEng at MIT, and he lives and works in Cambridge, Mass.
After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.
http://www.houseofbrewsny.com/
Directions from IBM: http://goo.gl/VUdO1
Code|Beta Blog
Fyndo's musings
Information Security Strategy
Josh Zeidner
MadRhetoric
More Blogs About Technology and Food
NYLUGblog
Natan's News
Random Thoughts of Jon
Rob's Musings
Samat Says
The Sober Build Engineer
Vitaliy
Last updated:
May 17, 2012 12:00 PM
All times are UTC.
Powered by:
