Saturday, June 12, 2010
The Orion Incident Response LiveCD (okay, LiveDVD) has been released at:
This is the first public release, and is based on Ubuntu Lucid Lynx. The original alpha version was based on BackTrack 4, but we decided to switch for a variety of reasons. Because of this, there are a few bugs that need working out.
To read the paper that goes with it, see:
Last night I received my Master of Science in Information Security Engineering degree from the SANS Technology Institute (STI) at the SANSFIRE 2010 conference in Balitmore. I was also asked to give a speech. A few people have asked for a copy, so I am posting it here:
Good evening, and thank you for attending.
If I seem a bit nervous, it's because I don't normally read speeches -- I prefer "winging it." But I won't waste your time today with extemporaneous rambling. Besides, I have a few important things I want to say.
I especially want to thank the families and friends of the graduates who were able to make it today. My own family traveled from California, Texas, and New Mexico to be with us. I am very thankful that you could all be here today, and I deeply appreciate the support and sacrifices of my wife and two daughters over the last few years while I was working nights and weekends toward this goal. I know I share this sentiment with my fellow graduates.
Thank you also to the SANS Community. Without you, none of this would be possible. From the excellent instructors and gifted students to the SANS Forensics blog team and active SANS mailing lists, you continue to create the most productive and inquisitive organization of network security experts in the world.
The SANS Technical Institute leaders and staff also deserve a huge Thank You today. Stephen Northcutt, Alan Paller, Eric Cole, Johannes Ullrich, Ed Skoudis, and others have put forth a vision, and have applied all their formidable talents to turn it into a reality. STI, if you haven't heard, has achieved candidacy status -- an impressive accomplishment in such a short time. And Dean Debbie Svoboda, perhaps more than anyone else, deserves our appreciation -- as the rudder (and sometimes even the sails) to make this ship go.
I also want to congratulate my fellow graduates: John, Rob, Rodney, and Tim.
As graduates, our work on our masters degree programs is now complete. However, the real work has only just begun.
Recently I re-read my student outcome statement. In it I wrote I was inspired by the sci-fi/cyberpunk author William Gibson, who coined the term Cyberspace in the 1980's.
Gibson painted a fascinating, but dark, picture of the future where technology leads to black market cybernetic augmentation, pervasive surveillance, Console Cowboys controlling cyberspace, the blurring of government and mega-corporations, and blended military operations of electronic and conventional warfare.
Here is a passage:
"You're a console cowboy. The prototypes of the programs you use to crack industrial banks were developed for Screaming Fist. For the assault on the Kirensk computer nexus. Basic module was a Nightwing microlight, a pilot, a matrix deck, a jockey. We were running a virus called Mole. The Mole series was the first generation of real intrusion programs."
Now, just as in the real world, a lot of that sounds simultaneously scary and exciting. But, our goal, as leaders, should be to guide us to the brighter, rather than the darker, aspects of that future. As you know, cyberspace has already become the New Arms Race. As SANS graduates, instructors, and students... we each have a larger role to play. In Randy Marchany's recent blog posting ("Building Skynet -- The Beginning"), he states that we are the Builders in this arms race, but we are not the Controllers. We understand things, and think we have a handle on them, but we are not always making the decisions. Randy concludes with two "Ugly Secrets" that most of us here know very well: ONE) We know we are becoming a surveillance society, because we are helping to build it, and TWO) The Controllers trump the Builders. Some of these controllers are the management and government officials who might, say, turn things we build into weapons of mass destruction, BUT ... more insidiously ... sometimes we hand Control over to automation. You know this is true if you simply recall the last time you were told, with a shrug of resignation:
"I'm sorry, there is nothing I can do, it's the computer."
So, this is my challenge to you: While you are building -- build integrity and checks-and-balances into your creations. Make sure, to the best of your abilities, that you are not enabling the leverage for oppression or creating the surveillance state. And, be very, very careful about ceding the Controller position to automated software. We write the software, and we know it can make mistakes, because WE make mistakes. Bake this thinking in to what you do, who you know, and what you teach. You are leaders, and this is your... And my... Responsibility. This is the challenge I issue to you: the graduates of STI -- and the entire SANS community. And... I am heartened, as I look around the room, because I know we have the right people to do the job. It's not an easy job, but I am still inspired by the words of a certain dead president, that we do these things:
"not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win."