Had a blast at the SANS/NIAL conference. Got to put faces to quite a few Internet voices, the most notable (to me) being Chris Green of Snort.
I hereby retract any previous comment about Steven Northcutt. He seems to have mellowed in the last 5 years. The "Ego of the Decade" Award is hereby transferred to Ed Skoudis, this year's "star" of the conference.
For those of you that haven't heard Ed talk, his "theme" is doom-mongering the coming super-worms, capable of everything from polymorphism, multi-os attack, multi-vulnerability exploitation, zero-day exploits and pre-scanned target lists (all rolled up into one tight package). This is the sort of thing that kept people awake at nights during the 60's when there was a sure danger that Russia had suitcase bombs and pony nukes.
Ed is ignoring the fact that most of the super-worm's spread can be minimized with proper egress/ingress filtering (i.e., does your MS SQL server really need to allow outside world access or just to the local web server?), proper monitoring, and using operating systems with "proper" security models (there's a paper somewhere on this web site about using the proper tool for the job at-hand)(i.e., use Microsoft on the desktop if you have to, but don't use the same operating system in your border equipment and Internet servers [a monolithic network]).
Anways... Because the NIAL conference was hosted by the SANS people, we got to participate in a few of the BOF's and classes on Wednesday night - Friday. One of the things that make discussion lively at the evening BOF's is the free beer (as in free software!). (Heh, always wanted to say that.)