Tuesday, November 30, 2010

You keep using that word...

A few weeks ago I found myself at a vendor presentation by a well-known physical security vendor. I was looking forward to the discussion on "advanced video analytics" and other cutting edge developments. Unfortunately, this was a pure sales pitch... and the "advanced technology" was primarily focused on how this vendor could help scale the customers' security camera video storage by placing it on a "secure server in the cloud."

I was quiet up to this point in the presentation. But, I had to ask: "What do you mean by, a 'secure server' in the cloud?" The room got a little quieter. The sales guy, his pace interrupted, looked at me with complete sincerity and said: "I mean we secure it for you."

I didn't think he meant that he, himself, was hardening the OS and running assessments against it. Even so, with security cameras and alarms as their forte, I couldn't understand how it made sense for anyone at his company to provide such a service.

The morale of this story is: Question everything.

I would never trust my security camera video data to a company storing it in the cloud -- at least not until I had a chance to check it thoroughly (yes, myself). Believe me, I've recently checked other products thoroughly and found them -- let's just say -- not quite meeting expectations.

Saturday, June 12, 2010

Orion Lucid 0.1 RELEASED!

The Orion Incident Response LiveCD (okay, LiveDVD) has been released at:


This is the first public release, and is based on Ubuntu Lucid Lynx. The original alpha version was based on BackTrack 4, but we decided to switch for a variety of reasons. Because of this, there are a few bugs that need working out.

To read the paper that goes with it, see:



SANS Technical Institute Masters Graduation

Last night I received my Master of Science in Information Security Engineering degree from the SANS Technology Institute (STI) at the SANSFIRE 2010 conference in Balitmore. I was also asked to give a speech. A few people have asked for a copy, so I am posting it here:

Good evening, and thank you for attending.

If I seem a bit nervous, it's because I don't normally read speeches -- I prefer "winging it." But I won't waste your time today with extemporaneous rambling. Besides, I have a few important things I want to say.

I especially want to thank the families and friends of the graduates who were able to make it today. My own family traveled from California, Texas, and New Mexico to be with us. I am very thankful that you could all be here today, and I deeply appreciate the support and sacrifices of my wife and two daughters over the last few years while I was working nights and weekends toward this goal. I know I share this sentiment with my fellow graduates.

Thank you also to the SANS Community. Without you, none of this would be possible. From the excellent instructors and gifted students to the SANS Forensics blog team and active SANS mailing lists, you continue to create the most productive and inquisitive organization of network security experts in the world.

The SANS Technical Institute leaders and staff also deserve a huge Thank You today. Stephen Northcutt, Alan Paller, Eric Cole, Johannes Ullrich, Ed Skoudis, and others have put forth a vision, and have applied all their formidable talents to turn it into a reality. STI, if you haven't heard, has achieved candidacy status -- an impressive accomplishment in such a short time. And Dean Debbie Svoboda, perhaps more than anyone else, deserves our appreciation -- as the rudder (and sometimes even the sails) to make this ship go.

I also want to congratulate my fellow graduates: John, Rob, Rodney, and Tim.
As graduates, our work on our masters degree programs is now complete. However, the real work has only just begun.

Recently I re-read my student outcome statement. In it I wrote I was inspired by the sci-fi/cyberpunk author William Gibson, who coined the term Cyberspace in the 1980's.

Gibson painted a fascinating, but dark, picture of the future where technology leads to black market cybernetic augmentation, pervasive surveillance, Console Cowboys controlling cyberspace, the blurring of government and mega-corporations, and blended military operations of electronic and conventional warfare.

Here is a passage:

"You're a console cowboy. The prototypes of the programs you use to crack industrial banks were developed for Screaming Fist. For the assault on the Kirensk computer nexus. Basic module was a Nightwing microlight, a pilot, a matrix deck, a jockey. We were running a virus called Mole. The Mole series was the first generation of real intrusion programs."

Now, just as in the real world, a lot of that sounds simultaneously scary and exciting. But, our goal, as leaders, should be to guide us to the brighter, rather than the darker, aspects of that future. As you know, cyberspace has already become the New Arms Race. As SANS graduates, instructors, and students... we each have a larger role to play. In Randy Marchany's recent blog posting ("Building Skynet -- The Beginning"), he states that we are the Builders in this arms race, but we are not the Controllers. We understand things, and think we have a handle on them, but we are not always making the decisions. Randy concludes with two "Ugly Secrets" that most of us here know very well: ONE) We know we are becoming a surveillance society, because we are helping to build it, and TWO) The Controllers trump the Builders. Some of these controllers are the management and government officials who might, say, turn things we build into weapons of mass destruction, BUT ... more insidiously ... sometimes we hand Control over to automation. You know this is true if you simply recall the last time you were told, with a shrug of resignation:

"I'm sorry, there is nothing I can do, it's the computer."

So, this is my challenge to you: While you are building -- build integrity and checks-and-balances into your creations. Make sure, to the best of your abilities, that you are not enabling the leverage for oppression or creating the surveillance state. And, be very, very careful about ceding the Controller position to automated software. We write the software, and we know it can make mistakes, because WE make mistakes. Bake this thinking in to what you do, who you know, and what you teach. You are leaders, and this is your... And my... Responsibility. This is the challenge I issue to you: the graduates of STI -- and the entire SANS community. And... I am heartened, as I look around the room, because I know we have the right people to do the job. It's not an easy job, but I am still inspired by the words of a certain dead president, that we do these things:

"not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win."

Thank you.

Tuesday, May 18, 2010

You ate... what?

Tonight a friend and I shared a dessert that is positively the strangest one I've ever had. We went to Layang Layang, a Malaysian restaurant in Cupertino. Our food was excellent -- and exactly what I was craving.

But, the star of the meal was this dessert, the Ice Kacang (aka, "A.B.C."). I saw a picture in the menu and read a description before we ordered it. It didn't matter. I still wasn't prepared for the mountain of shaved ice mixed with a bizarre (yet, excellent) combination of ingredients. It arrived to at our table looking like an icy volcano drizzled with caramel. Digging into the center brought more surprises in the form of sweet corn kernels, palm seeds, and little green jelly cubes. Two of us could not finish it, but it had a fascinating array of flavors -- including some that our palettes had absolutely no reference for.

I'm definitely glad we decided to be adventurous. I recommend trying it if you find yourself in the Cupertino area.