Tuesday, January 31, 2006
Monday, January 30, 2006
Sunday, January 29, 2006
Saturday, January 28, 2006
The dirty secret in network security is that, in organizations that do not budget for network security and training, the network administrators often look forward to the next major outbreak as it's the only time that the company will spend money to fix existing problems.
Thursday, January 26, 2006
Wednesday, January 25, 2006
Tuesday, January 24, 2006
Look for the "Read the book online!" link under "Project Information" on the left.
Monday, January 23, 2006
In answer to the question about taking the Metro, I can't. Hanashi took me on a nickel tour of the local metro station (yeah, you can call me a n00b tourist) and the thing that sticks in my mind the most is that second escalator. Combine my bad eyes/feet/knees with the non-perpedicular seams in the cement walls, the encline, and the fact that the handrails were moving at a different speed than the stairs and my thoughts were: It'd be painful to fall off a step. I wonder if anyone has?
Given the distance traveled, I imagine that falling from the top of the up escalator to be much worse (there's further to go). Next year, I'll have to try taking a picture.
Update: Oh! Thanks for the book, Richard!
Sunday, January 22, 2006
That and ShmushiCon...
Apologies for the quality. I noticed that use of the flash quickly annoyed people so I experimented with taking much slower pictures (you'll see the "effects" that caused in the remaining pictures). Click on the picture for the larger version.
Saturday, January 21, 2006
Friday, January 20, 2006
Thursday, January 19, 2006
Update: It appears that there's some products that are now WiMAX certified.
Wednesday, January 18, 2006
Monday, January 16, 2006
Sunday, January 15, 2006
Because most of the con was at a club across town, soaking up free drinks, it was pretty quiet in the hotel. I was able to talk with Rob, Doug, Howard (both from Rob's class), Hanashi and Telmnstr. Various other con members wandered in and out but it was much quieter.
The Shmoozers had something else to do at that time (their con was still in full swing, with stomping, singing and chanting at 10 p.m.). Though one drunk Shmoozer did run through the lobby screaming. (What was that about?)
Only a few Shmoo'ers were shot with ping pong balls. (No Shmoozers were targeted.)
In any case, I crashed at 10 p.m. and didn't get up until the following morning. Sunday went by pretty quickly, with two morning sessions followed by Johnny Long's presentation (J.L. ripped on Bruce) and the Shmoo Group's closing comments.
Audio and video from the con should be available shortly. The code for various projects, including the Hacker Arcade stuff, will also be available shortly.
I expect the audio/video stuff to be made available via BT only so please be nice and share at least the same amount as you leech. I recommend at least the ones that are wireless-related, which is what was the most-populated topic. The Asterisk talk was a bit basic, being aimed at someone considering it's use, not at someone who's actually set a box up. Heck, if you've got the space, get all of them.
I asked Heidi about the rumor about self-inflicted wounds and she stated that, yes, some people had cut themselves with their badges.
To clear up a bit of confusion, the MK console also belongs to Telmnstr.
General impression: the Con was worth attending. It needs to be longer though. Two days of talks isn't enough.
I have a few more pictures but won't have the time to post them until this weekend.
Saturday, January 14, 2006
- Telmnstr sweating in the heat, working on getting the skill crane up and running (that's a TRS sitting in the right-hand side, acting as the insert coin display)
- really good looking competition to the skill crane (yeah, MK is running on there)(there was a Shmoo-kid hogging the game for quite a while)(Bruce: yours?)
- Telmnstr's set-up for the mini-theater (it doesn't show well but that's a slanted rack that he has the audio equipment bolted to)
- another shot of the skill crane (blame Tel for the game name)
- yet another game (I have no idea what the silver tower does but those are copper-looking wires in the back; high voltage shocks (ala Tesla coil) maybe?)
- another coin op game (that's a working coin slot in the side of the computer, not sure who is responsible for it's existance)
- the standard issue weapon handed out to all attendees (stamped from thin metal, laser etched (I think) with a weird, almost serrated edge to it) (I predict at least one self-inflicted wound this weekend)
- the other side of the blade
More later (maybe). Some here don't like the flash.
The Shmoozers see the Shmoo'ers as "opportunities". The Shmoo'ers see the Shmoozers as "victims". Things only get uglier if you mix in $4 beers, $7 mixed drinks, the free MLM-brand hi-caffeine drinks (ala Red Bull-dosage) and their free pizza ("while you eat that, let me tell you about...").
Oh, and we can't forget the ping-pong shooters that various attendees were carrying. By the end of the night, every time there was a loud poompf from one of the shooters, the Shmoozers would duck and look to see where it was coming from.
To make matters worse, it wasn't just one MLM group. It was three rival groups! One even had a youth group that sat on the floor behind the escalator and said things like "My goal is...", prior to being applauded by the rest of the group.
In any case, we're proably going to hear about this during Beetle's "Administrative Remarks" first thing in the morning.
Friday, January 13, 2006
For the first session, I sat in on "Behavioral Malware Analysis Using Sandnets" by Joe Stewart from LURHQ. It's an interesting approach, using real machines (as opposed to virtual) that are instantiated via scripts and dd. It's the Internet that is virtual and before-and-after snapshots are diffed to see what the malware changed.
The "Asterisk: VoIP for the Masses" by Damin was a bit basic (for me). I went back to the arcade and took some pictures (viewable tomorrow).
For the last lecture of the day, I sat in on "The Church of Wi-Fi presents: An Evil Bastard, A Rainbow and a Great Dane!". In short, if you're using WPA-PSK, change your SSID's often and don't base 'em on dictionary words. Renderman also pointed out or demo'd a few tools that I didn't know about and am interested in experimenting with.
All in all, a good start to the con.
Thursday, January 12, 2006
There are now two easy ways to get Sguil up and running: the VM (blogged previously) and InstantNSM, which is a bundling of the usual components in one package.
One thing to keep in mind: this is a security monitoring tool, not a Snort event browswer. The differnce (other than the quantity of the data and the number of tools providing input)(Snort is not the only input) is that Sguil is a way to manage those events, i.e., categorize them, escalate them, or correlate them.
Wednesday, January 11, 2006
Tuesday, January 10, 2006
Monday, January 9, 2006
If you're interested in learning about Snort, Sguil, VMware, or any of the other tools that Richard as gathered into the VM, this is a good collection of tools with which to experiment. (I've always had trouble getting Sguil up and running.) Thanks Richard!
Sunday, January 8, 2006
Saturday, January 7, 2006
Correct me if I'm wrong but doesn't hitting F5 in IE cause the page to reload? And just how much "damage" can multiple refreshes do?
Friday, January 6, 2006
Thursday, January 5, 2006
Wednesday, January 4, 2006
Tuesday, January 3, 2006
Research groups under the IRTF include:
- the Anti-Spam Research Group (ASRG)
- the Crypto Forum Research Group (CFRG)
- the Delay Tolerant Networking Research Group (DTNRG)
- the End-to-End Interest Research Group (E2E)
- the Host Identity Protocol Research Group (HIP)
- the Internet Congestion Control Research Group (IRCCRG)
- the Internet Measurement Research Group (IMRG)
- the IP Mobility Optimizations Research Group (MobOpts)
- the Network Management Research Group (NMRG)
- the Peer to Peer Research Group (P2P)
- the Routing Research Group (RRG)
- the Transport Modeling Research Group (TMRG)