Planet NYLUG

Communicating incident response plans

2010-03-15T19:12:18+00:00

The purpose of having a written incident response plan is to enable an organization to move from being reactionary to (perceived) information security incidents to being well-prepared and able to respond in a way that has been previously determined.

Having a well-defined response plan in place avoids panic, and allows an organization to assess the impact, determine the proper response, and then execute what needs to be done. As a result, response activities will be appropriately scaled and cost-effective as much as possible. It will also ensure that adequate documentation is maintained so that lessons can be learned when the dust has settled.

One activity that an information security manager should never underestimate is the effort that must be deployed to communicate the incident response plan within the stakeholders and obtain buy-in among all those who are affected by it. The plan must be reinforced it regularly, either through scheduled reviews and discussion in plenary meetings, or by doing actual drills and exercises.

In an organization that is heavily driven by audit requirements, you probably want to collect some form of sign-off to ensure that all members of your team, as well as key constituents, have read the document and taken note of it.

An incident response plan is only useful if everyone who is affected by it knows about it. Do not fall into the trap of developing a plan and not communicating it, of not developing it all.

ICCS 2010

2010-03-12T18:33:23+00:00

Like last year, Fordham University and the New York FBI office are co-organizing the international conference on cyber security. The conference will be held in August in New York City. If the program resembles last year's, it is going to be an interesting event for anyone who works for/with law enforcement on cyber-related cases, and for security professionals with an interest in investigations. The ICCS 2010 web site is located at http://www.iccs.fordham.edu.

Forest Mars and Jingsheng Wang on Drupal makes me hAPI: Open source social publishing architecture

2010-03-12T06:50:07+00:00

Forest Mars and Jingsheng Wang
- on -
Drupal makes me hAPI: Open source social publishing architecture
Wednesday, March 17, 2010 @ 6:30 -8:00 PM
Please note important information about this meeting

Drupal is open source social publishing software that empowers individuals, teams, and communities to easily publish, manage and organize a wide variety of content on a website as well as build more complex web applications. Tens of thousands of people and organizations have used Drupal to power scores of different types of web sites, including community web portals, corporate web sites, social networking sites, personal web sites or blogs, and much more.

Drupal’s roots extend deep into the Linux and Open Source communities. Drupal had its “coming out” at the 2005 FOSDEM conference in Brussels and early iterations were mainly developed on Linux.

This talk will cover the Drupal framework with an emphasis on architecture and programming patterns while touching on a number of other topics such as performance tuning and hosting integration as well as considering the underlying reasons for Drupal’s wide-ranging success, all served up with a healthy smathering of awesome sauce.

The presentation will also include a short real world case study of a Drupal SaaS implementation “the BeerCloud” (an Android and iPhone application which uses Drupal as a backend)

More Information:

About Forest Mars & Jingsheng Wang:
Forest Mars is a Network Architect and Drupal Developer who presents on a variety of topics concerning the Future of Media including Open Source Models, Trusted Network Protocols, and Web Video Broadcasting. Coming from a background in Cybernetics and Information Theory, Forest Mars is known for his work as the Architect of New York’s first WiFi Internet Service Provider, the “Two Rooms” Free Internet Cafe located in Manhattan’s East Village, and “Yellow Hat” a Debian based LInux distro with Tibetan Language support. He also serves as a board member of the Community Free Software Group and Unigroup of New York.

Jingsheng Wang is a Drupal Developer, Android Developer and Reverse Engineer at GreatBrewers.com .

After the meeting … Join us around 8:30 PM or so at

TGI Friday’s
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at TGI Friday’s
(677 Lexington Avenue & 56th Street, second floor, northeast corner), but we are also evaluating
other options for the future and welcome your suggestions.

Much Ado About Coffee

2010-03-10T12:17:43+00:00

Laughing Squid has a recent article about the improving coffee situation in New York. At one point, it seemed that all coffee in NYC was going to be Starbucks or Dunkin' Donuts or even McDonalds, but the advent of the small coffee shop is coming in full swing here. As a recent Brooklynite, one coffee shop I have become a fan of is Coffee Den near Red Hook. It's a small place, family and friend

Fatal System Error

2010-03-09T01:02:43+00:00

WNYC, New York City's public radio station, recently ran a few items on information security. The Leonard Lopate show of January 28th (hosted by guest host Mike Pesca) featured Joseph Menn, the author of a new book called Fatal System Error. The episode is available as a podcast here and runs for about 20 minutes.

Menn also featured a few days earlier on Fresh Air, talking about the same topic. On Fresh Air, the main character in the book, Barrett Lyon, also makes an appearance. Lyon is probably most well known for having some issues with AOL downtime in the late nineties. The Fresh Air episode is available here and runs for about 30 minutes.

Both shows are worth listening to as they feature topics that are timely and, for a mainstream show, include relevant technical details. Of course, always keep in mind that both episodes feature the author of the book, who has a vested interested in selling it.

The road to the Turrialba Volcano

2010-03-03T16:17:05+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Chain and lock

2010-03-02T15:54:41+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Incident Response Planning

2010-03-02T00:36:04+00:00

Some time in the past, it seems that my work has shifted mostly from doing (what I consider) actual work to talking and writing about actual work.

Although I spend much of my time writing or reviewing documents and sitting in meetings, every now and then a call comes in that usually starts with something along the lines of "Something interesting happened and I think you may be interested in it". That phrase will send me right over to my incident response documentation toolkit and I start taking notes. Being responsible for incident response management gives me that one escape that everyone should have.

Most incidents can be dealt with as a matter of routine and can typically be addressed by help desk and system administrators. Such calls usually result in a quick resolution and happy customers. In my role (CISO-like) I care mostly about proper execution of previously defined security procedures and about getting some good reporting out of this process. That reporting will then be used to drive process improvements.

Not all calls can be resolved by relying on procedures that are documented in detail. Sometimes you can tell that it will be a good one, just based on the caller ID of the person who reports the event to you. Other times, you'll know in the first minute of the conversation that something interesting is going on. In those cases, having a documented incident response plan will be invaluable.

Your incident response plan may not give very detailed instructions for such odd cases, and that is fine. In such cases, your plans should give you the guidance to determine what to do and know that your actions have been previously discussed with key executives and that they have their support.

If your computer security incident response team (CSIRT) is activated, you want to things right the first time. For incident types where it is impossible, impractical or just too expensive to developed detailed incident response procedures, I have found it very useful to document some incident types, such as "Unauthorized information disclosure", and provide a basic strategy, roles and responsibilities, and reporting forms for these incidents. Rather than focusing on the cause of the incident, my planning revolves around the outcome. This approach is sometimes referred to as an all-hazards approach. An analogy is that in your response planning, you don't really care what started the fire, but you do care about how to fight it.

Incidents like this are meant to be addressed by the CSIRT and for a successful tactical and operational execution they rely heavily on the expertise and training of the incident handlers. I typically use the following boiler template when developing general response templates for CSIRT incidents:

1. One or two pages on general response strategy, including explicit assignment of some basic responsibilities. For example, one of the first steps in the identification and notification phase will be "CISO will send heads-up notice to CIO after initial report has been received".

2. A master checklist containing one or two pages of actionable items that cover the entire response process. Action items can be: a) Determine law-enformcement involvement. b) Assess and document scope of breach. c) Close case. Checklist must have enough space to check off the items, add comments, and record dates/times. Completed checklists will be used as input to writing up the post-incident report.

3. Some basic reporting forms. I tend to conclude my identification phase with a written report that outlines initial findings in a convenient one-page format that I can use to update key stakeholders. The initial incident report will be used as input to writing up the post-incident report.

4. Timeline forms that can capture date/time and actors of all actions that take place affecting the response. All actors are required to maintain their own timeline forms and they are also used as inputs for the post-incident report.

Approaching an incident response in this way, where a basic strategy is known ahead of time and "maintaining excellent notes" is embedded in the response is a key for successful reporting and process improvements.

Bingo!!

2010-03-01T17:10:41+00:00

Just a couple of photos from a recent Bingo event I photographed

Continue reading the rest of Bingo!!

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Old Window

2010-02-28T13:50:54+00:00

-LM

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Starting IsleSec

2010-02-28T12:29:10+00:00

Over on his blog, Matt Johansen announces the startup of IsleSec. Rather than paraphrasing, here is his post verbatim:

"For those of you who are familiar with CitySec meetups, I've been pondering starting up IsleSec here on Long Island. I know there is NYSec in the city but it is a hike for us islanders.

For those of you unfamilar with CitySec meetups, they are informal meetups of local security professionals at whatever bar will tolearate us. It is a great way to meet others in the community and grow your professional network. To quote Chris Hoff while talking about BeanSec up in Boston: "Unlike other meetings, you will not be expected to pay dues, "join up", present a zero-day exploit, or defend your dissertation to attend." Show up, get some wings, drink some beer and add to your business card collection.

I wanted to write a quick post to see if there is any interest around to meet up to make sure I'm not sitting at a bar drinking alone. Feel free to post comments here or hop on the Google Group to express interest.

Judging by people's location who are interested we can adjust the bar location as necessary. I vote we start at Croxley's Ale House in Farmingdale. Following the model of other CitySec meetings we will start by meeting the third Wednesday of every month which works out perfectly because Croxley's has a 10 cent wing special on Wednesdays.

So what this all comes down to is that the first IsleSec meetup will be at 6:00 PM on Novermber 18th at Croxley's Ale House 190 Main St Farmingdale, NY 11735 (516) 293-7700. (Get Directions).

If you plan on coming please leave a comment or send out a message in the Google Group so that I know I should show up. (I'll probably show up anyway just in case but it would be nice to know ahead of time.)"

If you are a Long Island information security professional, please consider joining the li-infosec mailing list.

Strawberry farm

2010-02-25T22:52:54+00:00

The family from my mom’s side has lived in farms near the Poas volcano during their earlier years, once they started to make families of their own they started moving away from that area and into the larger cities, like Alajuela and San Jose, but not all of the family moved away from there.

One of my uncles has a smaller farm in that area and it’s now owned and maintained by his son

Continue reading the rest of Strawberry farm

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Service announcement for vendors

2010-02-25T20:44:47+00:00

This is a service announcement for product/service vendors.

As an information security executive, I appreciate all the work you do. The products and services that you develop are feature-rich and help me secure my environment, and I appreciate partnering with you to make that happen.

However, there are some rules that you need to follow:

1. Do not cold-call me and within 30 seconds ask me what my budget is. I'm not going to tell you what I am willing to pay if I don't have a previous working relationship with you and have sufficient confidence in your ability to provide me with a reasonable value proposition. I appreciate the fact that you want to make money, and it is in my best interest that you do. I realize that you will not be around the next time I need you if I do not let you make a profit. I do not mind paying for a product or service that is provided well.

2. Without having any knowledge of my environment, do not tell me that what I have been doing is ineffective and too expensive. It is an insult to my abilities to deliver value to my organization.

3. Do not claim that commercial products are always better and cheaper than open source alternatives. I realize that open source products also need to be maintained and that I need product-specific skills in order to operate them. If what you offer can be operated by somebody who's skill set is limited to operating a toaster, I probably do not want to do business with you.

4. Sometimes your call is not convenient. If I let you go to voice mail, do not call back three times in the following five minutes.

5. Don't schedule a follow-up phone call with a sales engineer if I do not explicitly agree to that.

Thank you for your attention.

Via Boing Boing: Golden-age computer manual encourages you to break DRM, rants against EULAs

2010-02-25T19:50:27+00:00

I read this rather amusing post on Boing Boing today, and thought it funny that a computer manufacturer advocated breaking DRM and ranting on EULAs, both of which are two things I despise. This isn't quite a "rant about DRM and EULAs" post for me right now; I'll get to that later. In the meantime, you can read the original article here.

House cats

2010-02-24T16:18:31+00:00

Went to visit family that lives near the Poas volcano and they have a couple of cats around so I took the change to take a couple of photos of them, I can’t remember their names though…

Continue reading the rest of House cats

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Brown cat

2010-02-24T15:16:45+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

xkcd: Snow Tracking

2010-02-21T22:43:05+00:00

30 minutes to explain information security

2010-02-21T01:47:06+00:00

I was recently asked to prepare a 30-40 minute lecture for high school students. The point of the lecture is to explain what we try to accomplish in information security, and to convince them to enroll in our Computer Science program. After thinking this over for a bit, I realized that presenting to high school kids is not that much different than presenting to c-level management. Here is my rationale:

Short attention span
Little or no interest in details
Focus on outcome, rather than on how the outcome is created
Think they already know all there is to know

So, taking these observations into account, I must divide my presentation in two or three subtopics, each of which does not exceed 10-15 minutes. I must focus primarily on the show effect (what vs. how) and I must work around the fact that they think they know everything, yet they do not.

When presenting, always ending with that one catch-phrase that you want the audience to remember is good practice. Whether that catch phrase is "give infosec more money" or "enroll in the program" is irrelevant.

Initially, I thought that a nice Metasploit demo might be just want we needed to end the presentation. What is cooler than showing how to own a networked box in under five minutes? Not much, right? Well; true as that may be, high school kids do not live in the world of complex command-line invocations and text-based output. Running a Metasploit demo is one thing, but explaining what it actually means is another. Would the audience, that is used to living in world that predominantly consists of Facebook, Twitter and text messaging, understand the coolness of complete pwnage via a text-based interface? Doubtful.

So, taking it from there, I moved to browser-based stuff. Everyone will be used to having a browser at their fingertips and demonstrating a SQL-injection attack that can be used to retrieve private information would be something they understand. Oh wait-- private information is mostly worthless for most teenagers. They'll pretty much tell you everything you want to know right on their public profiles. While the attack would be successful, and I would show how to list out people's home addresses and/or credit card numbers, that would be of little or no value to them.

Clearly, I need to spend more time on this. Password cracking? Maybe, if that password can be used to do stuff with their Facebook accounts. Denial-of-service? Now, there is an interesting one. Taking away their access may be one thing, but showing how to DoS an individual's cable modem may not be necessarily the wisest move to do.

Any suggestions among my readers? I'd love to hear your thoughts on this. What can you tell a 17-year old that would capture their interest in a way that would be sufficient to at least let them consider to enroll in your program?

Information Security Surveillance

2010-02-19T20:02:21+00:00

The more I read and learn about the health care domain, and especially the public health arena, the more I find similarities between public health and information security. Take the following example from the CDC web site:

Public Health Surveillance has been defined as the ongoing, systematic collection, analysis, and interpretation of data (e.g., regarding agent/hazard, risk factor, exposure, health event) essential to the planning, implementation, and evaluation of public health practice, closely integrated with the timely dissemination of these data to those responsible for prevention and control. -- Source: http://www.cdc.gov/ncphi/disss/nndss/phs/overview.htm

Sounds familiar? This is exactly what corporate security folks do all day! We have people systematically watching our systems and networks and we make sure that the things that they find on it are analyzed and appropriate actions are taken.

In public health care, a surveillance system provides an epidemiologist with eyes and ears on the ground. That is something we, as information security professionals, also need. We need to partner with our helpdesks to detect deviations from the normal call patterns. We need to partner with our field support techs to make sure that they tell us about policy violations they may encounter and we need to team up with the physical security teams to make sure that proper access controls and intrusion detection systems (as in: motion sensors, break-in alarms, etc.) are in place AND are being monitored.

Start building your information security surveillance system!

It is time we start step up our game and improve the way that we learn from other domains. Epidemiology has been around for a while, and they do a lot of cool stuff.

New toy

2010-02-18T23:38:30+00:00

I recently got myself a new toy to play with: an Xserve G5. The version I have, according to Mactracker, is the January 2005 model, which contains the following: Single PowerPC 970fx (G5) CPU clocked at 2.0 GHz 1 GB RAM 80GB SATA HDD ATI Radeon video card (specific model unknown) It's currently running the client (read: consumer) version of Mac OS X 10.4.11, but I'm looking to install either Mac

Interview with David Byrne

2010-02-18T23:21:18+00:00

David Byrne was at TED2010, and Mark Frauenfelder of Boing Boing managed to get an interview with him. The 10 minute audio interview is on Boing Boing's site, located at this page. I'll be taking a further listen to it and will write a bit more about it in a future post.

Security Thought Leader

2010-02-16T01:56:31+00:00

It is no secret that I am a SANS mentor and a GIAC Gold adviser. Yet, I am honored and extremely pleased to recently be named a Security Thought Leader by the SANS Institute. Of course, I will do my best to live up to the (raised) expectations that comes with such a designation! Read Stephen Nortcutt's interview with me here.

BMW on the road

2010-02-14T04:33:39+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Luke Kanies on The Future of Puppet – What a Model-Driven Infrastructure Means to You

2010-02-12T06:58:41+00:00

Luke Kanies
- on -
The Future of Puppet – What a Model-Driven Infrastructure Means to You
Wednesday, February 17, 2010 @ 6:30 -8:00 PM
Please note important information about this meeting

Please join us on February 17th, 2010 for a special guest, Luke Kaines, the founder of the Puppet Project.

This talk will have a general focus on the future of Puppet, and will
particularly delve into how Puppet’s model of the world will be used
to drive new tools and capabilities. While Puppet is obviously about
configuring your infrastructure, the fact that it uses declarative
models rather than merely relying on chunks of opaque code is critical to
both how we got here and where we go in the future.

This year will be the year of data for Puppet. For example, its most
recent major release provided the means to address a host’s compiled
configuration as a separate, manageable entity, meaning it can be
stored, controlled, and validated at will. The next full release will
have granular event reporting, with correspondingly greater ability to
correlate configurations to the resulting changes.

Each successive release thereafter will further expose the data that
lies at the heart of a Puppet infrastructure. This talk will discuss
some of the kinds of data we’ll be bringing to the forefront of your
Puppet infrastructure, along with how you can take advantage of it and
how it will change your view of the world.

More Information:

About Luke Kanies:
Luke is the founder and CEO of Reductive Labs and the founder of the
Puppet project. Previously, he was a consultant, open source
contributor, and article author. He has focused on tool development
since 2001, developing and publishing multiple simple sysadmin tools
and contributing to established products like Cfengine. He has
presented on Puppet and other tools around the world, including at
OSCON, LISA, Linux.Conf.au, and FOSS.in.

After the meeting … Join us around 8:30 PM or so at

Chrome for OS X now supports extensions

2010-02-12T06:58:26+00:00

Google Chrome has started to win me over on Linux and Windows, where it's starting to displace Firefox as my browser of choice. Its lightweight architecture, fast rendering engine, and smaller memory footprint make Firefox feel bloated in comparison. But the Mac version of Chrome was, for a long time, far behind the Windows and Linux versions in terms of certain features. One of these features

Usable qbit design?

2010-02-05T15:53:58+00:00

Honestly, I probably need to read the article (I should probably subscribe to Science, really), but this sounds pretty cool, if someone has managed to build a kinda almost sorta useful qbit on a chip: Princeton scientist makes a leap in quantum computing

Sounds pretty cool regardless.

A name change? So soon!?

2010-02-02T22:38:29+00:00

Well, yes! Now that I think about it, what else do you call a blog that's about technology and food? Simple... you call it "More Blogs About Technology and Food". :) And the name itself was also inspired by the Talking Heads album "More Songs About Buildings and Food", which in itself was about, yes, buildings and food.

Barbed wire fix

2010-02-01T03:40:16+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

So now we have the iPad...

2010-01-27T23:42:51+00:00

Earlier today, at the Yerba Buena Center for the Arts in California, Apple finally made the announcement: the rumored tablet computer was shown, and was given an official name now. Folks, say hello to the iPad! And as it's been shown today, reactions have been polarized. On one side are the people yelling out "ZOMG MUST BUY!!!!111!!1!", and on the other side are people saying that the iPad is

Google Summer of Code 2010 is a GO!

2010-01-27T20:27:42+00:00

Great news! Google Summer of Code 2010 is a GO!! Read the initial e-mail and the follow-up e-mail for more information!

Be sure to subscribe to the Google Summer of Code Discussion list to keep yourself informed about the program and to receive updates as they become available.

Cheers!

PlayStation 3 has been hacked!

2010-01-24T17:36:19+00:00

One site that I follow a lot, Hack A Day, has just posted this story about how the Sony PlayStation 3 was hacked to have full read/write access, bypassing the Hypervisor. Homebrew software can't be too far behind now. :) Check out the link for more info.

The Obligatory First Post

2010-01-24T17:15:50+00:00

First post on a new blog. I'm going to get to enjoy this! I figured that if I ever want to comment or talk about anything, a blog is the best way to go about it. And there is much that I would love to talk about! So, to start... I'm a tech geek, open source advocate, budding foodie, beer snob, amateur photographer, software developer, and generally just full of crazy ideas. I live in Brooklyn,

Meeting January 27th: Edward Capriolo on Hadoop – Computation clusters at Scale

2010-01-23T06:20:31+00:00

Edward Capriolo
- on -
Hadoop – Computation clusters at Scale

Please note important information about: this meeting

This presentation gives a brief high level overview of Apache Hadoop. Hadoop is a Java software framework that supports data-intensive distributed applications under a free license. It enables applications to work with thousands of nodes and petabytes of data. Hadoop was inspired by Google’s MapReduce and Google File System (GFS) papers.

After the overview, we will delve into a with a practical example of Hadoop solving a “big data” problem.

Finally we will discuss how the demonstrated Hadoop processing model scales out to terabytes of data and hundreds or even thousands of computers.

More Information:

About Edward Capriolo:

Edward Capriolo does System Operations at About.com. He researches high/traffic high-availability and scalable solutions. Edward is a committer to the Apache Hadoop Hive sub project.

Facility Data updates

2010-01-18T23:55:48+00:00

It's been a while since I last updated on the progress of the Facility Data Module. So without farther adieu here we go:

The relation between the FacilityDataFormSchema and FacilityDataFormSection is now Many to Many meaning that sections can now be re-used between several form schemas (or reports).
It now runs without errors on OpenMRS 1.5.x

The first item was a big problem that was a sore spot for this project since it wasn't too intuitive, ideally a user should be able to re-use a section. The second item was a freebie since the errors were likely all due to the incorrect modeling.

What's next on my list is the following:

Allow for sections to be re-ordered within the schema (this is currently not possible and is a show-stopper.
Fix up the calendar management pages -- those are horribly ugly, but this is after all a first pass, so that is to be expected right?
Currently, it does not validate inputs for Numeric data types -- It need to.
There still needs to be the ability to analyze the data that exists in the system to submit to funding sources; those pages need to be implemented but that is phase two of the project.
There are likely other sore spots that exist that I do not see at this point and time that will be fixed at a later date.

That is all for now.

Joe Rollino

2010-01-15T15:35:22+00:00

From a couple days back, but...

Never heard of him till he died. My loss.

NYTimes.com
Daily News
Post

Died at 104, after being hit by a car. Was still able to bend a quarter. Won a silver star and bronze star in WWII. Damn.

In line for Gallo Pinto

2010-01-14T03:21:07+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Certification study group

2010-01-08T21:07:18+00:00

I am currently considering to start another GCIH mentor class, or to host a certification self-study group. If you are interested in pursuing a formal certification in information security, I would appreciate it if you could fill out a brief survey. It will hopefully not take more than 5-10 minutes of your time and it would help me out a lot. As results become available, I'll make the raw results available to whomever is interested.

Is that a nova?

2010-01-08T16:28:08+00:00

As some astronomers would say, they look like novas but in fact they aren’t. These are the photos that I took during New Year’s, around midnight, from my apartment overlooking San Jose.

Continue reading the rest of Is that a nova?

Follow me on twitter | Add me as a friend on Facebook | Contact Us

City lights of San Jose

2010-01-07T03:28:16+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Holy Crap!

2010-01-06T17:32:24+00:00

Scientists create the world's smallest 'snowman' - Telegraph. 10 microns. 'nuff said. (ok, for those not familiar with what a micron is, that's 1/5th the width of a strand of hair).

Backpack at the beach

2010-01-05T12:32:43+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

IsleSec every third Wednesday of the month

2010-01-04T19:02:08+00:00

After our (first) meeting last month, Matt Johansen and myself have decided to give IsleSec a continuation.

IsleSec builds on the tradition of popular CitySec meetings, such as NYSEC, BeanSec, etc. and it provides an informal place for people to hang out, have a bite, drink beer (or something else), and chat about security-related issues.

We invite everyone with an interest in information security, ranging from techies to security executives to join us. Yes, even security auditors are welcome ;) Vendors can come too, but please do not use the meet-up as a place to sell your wares. If you want to car pool, or take the train out to the meeting with company, please drop a note on our general access email group.

IsleSec meetings will be held every third Wednesday of the month in Croxley's Ale House in Farmingdale, NY. Croxley's is located next to the train station and is easily reachable by car from Nassau and Suffolk.

This month's meeting will be on January 20, 2010. The meetings typically start when the first person shows up (somewhere between 6pm and 7pm) and continue until the last person leaves (somewhere between 10pm and 11pm). Sponsors are more than welcome to contact me to arrange how to give us free beer.

Merry Christmas

2010-01-03T23:57:31+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

2010 is here

2010-01-01T20:09:51+00:00

Hello everyone…it’s been a very very long time since I last posted something on this blog. Last night the world celebrated the new year, as it has been done for many years, and one of the most common ways of celebrating is with the use of fireworks.

First off we have a shot of the moon, December 31st had what is known as a blue moon, this means that there is a second full moon in a month and the last time that a blue moon occurred on the 31st of December was back in 1990

There isn’t much to the shot above, it was taken using my 300mm lens, which I hardly ever use, @ ISO 100, the shutter speed of 1/125th of a second and the aperture was set at f/11. Would have been better if there were any stars or even clouds as it would have made for an even more interesting photos, but the clouds moved so fast when they were close enough to the moon that I didn’t manage to catch them…I wasn’t going to wait for an hour for another cloud to go by ;)

Continue reading the rest of 2010 is here

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Happy New Year

2010-01-01T14:06:13+00:00

Welcome to the Future!

"What was more, they had taken the first step towrd genuine friendship. They had exchanged vulnerabilities." (2010: Odyssey Two)

All the best wishes for 2010. May it be a quiet year.

Google Voice tips & tricks: Send free international text messages!

2009-12-30T21:00:00+00:00

Just throwing this out there in case anybody wants it.

You can SMS an international number such as one from the UK to their UK number (+447xxx) using Google Voice, then once they reply you get a special Google Voice number(406-###-####) and once you get this you can SMS them as you would any number and it will relay through google voice at no cost to you!

Caveat: Calling this 406 number *WILL* cost you at the Google Voice rate for calling the UK (or whatever country you are SMS'ing to).

Happy texting!

Computer security badness hierarchy revisited

2009-12-15T20:17:40+00:00

Last week was the last week of my SANS mentor class for Hacker Techniques, Exploits and Incident Handling. Hopefully my students will try out for certification and pass gloriously.

As always, we wrapped the 10-week teaching cycle up with the ever-entertaining capture-the-flag (CtF) session that really drives home a few key points. In a previous blog post (computer security badness hierarchy. January 13, 2009), I argued that when we focus on our responsibility for securing information technology (as part of a much larger socio-economic information system), information security practitioners really only have to worry about a few types of things: Bad Users, Bad Configuration, and Bad Software.

Most CtF's are completely in line with my hierarchy and by using tools such as nmap and metasploit and by leveraging exploit code that is readily available in places like the Offensive Security Exploit Database (formerly known as Milw0rm), most challenges in "hack labs" can be solved easily.

The major exploitable categories are typically credential re-use (bad users), unpatched software (bad software), running unnecessary services (bad configuration) and lack of port filtering (bad configuration), and can be found on most (if not all) enterprise networks. Of course, there are many more attack vectors (think "Web" and "end-point").

As a security practitioner, there are few tools more valuable than a well-designed and fully implemented vulnerability management program. When possible, it is nice to drop the $100K+ to purchase one of the commercial suites, but by ensuring that all your computers (servers, desktops and laptops) are configured according to a hardening template and that they receive all patches in a timely fashion is already a major gain. Put on top of that a decent (current) anti-malware package, and you have a nice start.

Do not underestimate the complexity of "just" doing this. If you haven't started this yet, get going. If you have started, but don't think you're done: welcome to the club ;)

If you are embarking on such a project, think about collecting some metrics about how well you are doing it so you can measure progress and define success. Think of numbers like: percentage of end-points that have been patched appropriately, percentage of end-points with current anti-malware software, average lag between publication of vulnerabilities and completion of roll-out, number of end-points in compliance with the hardening template, etc.

NYLUG Holiday Pizza Party: December 16, 2009 @ 6:30-8:00PM

2009-12-15T05:34:08+00:00

NYLUG Holiday Pizza Party

Please note important information about: this meeting

Please join us this Wednesday, December 16th 2009 for our annual holiday season pizza party. We’ll have some community news, maybe a short talk or two, and then share pizza and bid farewell to 2009.

Those interested in volunteering to help run NYLUG are encouraged to attend. Among the positions we’d like to get some assistance with are:

Speaker Coordinator: Finding speakers, getting abstract from the speaker, and optionally, the responsibilities of the announcement coordinator
Publicity Coordinator: Manage our Twitter & Identi.ca, Facebook, email announcements, Blog, RSS feeds, calendar, strategy and content, and optionally, the responsibilities of the announcement coordinator
Announcement Coordinator: Writing the meeting announcements for our meetings, workshops, etc. (This tends to be more work than most people assume up-front)
Media Production Coordinator: Audio & Video from our events gets titled and produced in a variety of formats and uploaded to archive.org. We’d also like to stream our general meetings.
Activity Coordinator: We’ve had a lot of successful smaller events over the years, and we’d have a lot more if someone were to take the lead in proposing and helping to organize them. All it usually takes is picking a time and place and being there yourself.

Those looking for less responsibility are encouraged to volunteer for the:

Media crew: Help us record, and distribute our meetings.
Web site crew: Help us create content for the NYLUG site and maintain it.

Cool Tools

2009-12-08T17:06:00+00:00

One of my favorite websites, Kevin Kelly's Cool Tools. Like its name suggests it's a listing of cool tools. Some I like, some not so much. But this is where I found out about my previously mentioned RailRiders. honestly, when I need something a bit unusual this is one of the places I look first.

Glasses and a xmas tree

2009-12-02T23:01:27+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

It's MFBT (for multiple values of "B")

2009-12-02T07:45:13+00:00

When I joined Mozilla Corporation, you either ran your own blog¹, had a Mozillazine blog, or didn't involve yourself in such frivolities at all.³

An X-Ray of Major Software Releases

I remember asking the then-VP of Engineering who I should talk to about "getting my blog Mozilla set up." Since the company was about twenty people back then, the answer wasn't obvious, so he pointed me to #mozillazine. I went and asked around and I got my Mozilla blog.

And all was good with the world. For a time.

But times change, and at some point in the last four years, it became cool⁴ to run your own blog.

So now, years later, since all the cool kids are doing it, I finally set up my own blog.

If the name—The Sober Build Engineer—doesn't immediately make sense, maybe the introduction will help.

In an attempt to not spam Planet Mozilla, I won't be syndicating everything; but if you find my ramblings amusing⁵, the raw RSS feed is always available.

I'd like to thank MattyT, Mozillazine, and OSUOSL for hosting "my Mozilla blog" for the last few years.

And I hope to see y'all on the flip side⁶.

Oh... and of course, the first round is on me...

__________
¹ Not as likely, since it wasn't as "cool" back then²
² Yes, I'm that old....
³ Until the "blogosphere" became a "big deal"
⁴ Dare I say chic?
⁵ Or otherwise...
⁶ Bug 532342 tracks movin' me over

Blossom

2009-12-01T17:59:34+00:00

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Tonight’s Python Workshop/Hackfest

2009-11-24T20:12:20+00:00

None of the regular crew that holds down the Python Workshop/Hackfest/Hacking Society will be able to attend this evening. If you attend, you may be the first or only person to arrive, so just ask the librarian for the key to the room (in the basement) where we meet.

The next gathering will be December 8, 2009.

Google Wave invites

2009-11-24T04:43:06+00:00

This post is for those wanting a Google Wave invite.

Just add a comment below and I’ll contact asap so that we can get you added to the invite list so that you can access Google Wave.

-LM

Follow me on twitter | Add me as a friend on Facebook | Contact Us

Tea Pot

2009-11-24T04:24:50+00:00

Asian tea

2009-11-23T03:06:18+00:00

The daily bus ride becomes a blur after the second day

2009-11-17T16:09:47+00:00

Great Clothing

2009-11-17T14:17:20+00:00

I've been buying a lot (ok, all) of my clothing from RailRiders recently. It's all Nylon fabrics, which may not be the classiest thing, but they're comfortable, sturdy, and I love 'em. Expensive, but worth it. Mostly for outdoors enthusiasts, but since I routinely refuse to come in out of the rain anyway...

Urban decay

2009-11-16T01:26:05+00:00

There is this house behind one of the 3 churches that exist in the city of Heredia which is falling apart and has been abandoned for quite a while now. Finally got a shot of the corner of the house that shows the decay that this house has had over the years.

We can see that the house was built using the old style in which the walls were made of a mix that includes dirt and has also cement, if I’m not mistaken.

Continue reading the rest of Urban decay

Science Supplies

2009-11-14T21:10:57+00:00

While I'm going on about cool websites, I rather like United Nuclear Scientific Equipment & Supplies. Vaugely related to the previous topic, because I keep thinking I want one of their lab glassware kits for the kitchen. Honestly, lab glassware's much better designed than most kitchen glassware.

Planet NYLUG

Communicating incident response plans

ICCS 2010

Forest Mars and Jingsheng Wang on Drupal makes me hAPI: Open source social publishing architecture

Forest Mars and Jingsheng Wang - on - Drupal makes me hAPI: Open source social publishing architecture Wednesday, March 17, 2010 @ 6:30 -8:00 PM ** Please note important information about this meeting **

Much Ado About Coffee

Fatal System Error

The road to the Turrialba Volcano

Chain and lock

Incident Response Planning

Bingo!!

Old Window

Starting IsleSec

Strawberry farm

Service announcement for vendors

Via Boing Boing: Golden-age computer manual encourages you to break DRM, rants against EULAs

House cats

Brown cat

xkcd: Snow Tracking

30 minutes to explain information security

Information Security Surveillance

New toy

Interview with David Byrne

Security Thought Leader

BMW on the road

Luke Kanies on The Future of Puppet – What a Model-Driven Infrastructure Means to You

Luke Kanies - on - The Future of Puppet – What a Model-Driven Infrastructure Means to You Wednesday, February 17, 2010 @ 6:30 -8:00 PM ** Please note important information about this meeting **

Chrome for OS X now supports extensions

Usable qbit design?

A name change? So soon!?

Barbed wire fix

So now we have the iPad...

Google Summer of Code 2010 is a GO!

PlayStation 3 has been hacked!

The Obligatory First Post

Meeting January 27th: Edward Capriolo on Hadoop – Computation clusters at Scale

Edward Capriolo - on - Hadoop – Computation clusters at Scale

** Please note important information about: this meeting **

Facility Data updates

Joe Rollino

In line for Gallo Pinto

Certification study group

Is that a nova?

City lights of San Jose

Holy Crap!

Backpack at the beach

IsleSec every third Wednesday of the month

Merry Christmas

2010 is here

Happy New Year

Google Voice tips & tricks: Send free international text messages!

Computer security badness hierarchy revisited

NYLUG Holiday Pizza Party: December 16, 2009 @ 6:30-8:00PM

NYLUG Holiday Pizza Party

** Please note important information about: this meeting **

Cool Tools

Glasses and a xmas tree

It's MFBT (for multiple values of "B")

Blossom

Tonight’s Python Workshop/Hackfest

Google Wave invites

Tea Pot

Asian tea

The daily bus ride becomes a blur after the second day

Great Clothing

Urban decay

Science Supplies

Forest Mars and Jingsheng Wang
- on -
Drupal makes me hAPI: Open source social publishing architecture
Wednesday, March 17, 2010 @ 6:30 -8:00 PM
Please note important information about this meeting

Luke Kanies
- on -
The Future of Puppet – What a Model-Driven Infrastructure Means to You
Wednesday, February 17, 2010 @ 6:30 -8:00 PM
Please note important information about this meeting

Edward Capriolo
- on -
Hadoop – Computation clusters at Scale

Please note important information about: this meeting

Please note important information about: this meeting