Educating Today’s Youth

Posted April 30, 2009
Filed under: General | Tags: , ,
* Leave a Comment

I have a daughter who is almost three. Something interesting happened when I dropped her off at school this morning.

When I walked into her pre-school classroom (all 2 and 3 year olds), one of the kids pointed at me and said “ten!”. I hadn’t just stuck the landing in a gymnastics competition and I know I wasn’t getting a 10 for my rugged, yet handsome looks. Which made me wonder why this kid would yell “ten” at me?

At that point, I realized I was wearing the following t-shirt:

Sadly, I didn’t have the heart to tell him he should be shouting “two” at me.

Then I remembered that it’s the parent’s job to educate their children anyway…

Price of Wireless IDS/IPS

Posted April 27, 2009
Filed under: blogging, WIDS / WIPS | Tags: , , , , , ,
* Leave a Comment

I realize that it has been almost a week since I posted new content on WiFiJedi.com  – don’t despair!   Over the last week, I wrote two guest posts for other notable blogs.  

Last Wednesday, I made another post to my Computerworld blog (“Cautiously Cutting the Cord”) entitled “RSA Inspired Thoughts on Wireless Security”.  The post spoke about different Wireless Intrusion Detection System (WIDS) designs.  I just started blogging for Computerworld last month and that is my third post – please visit those posts, Digg them (if you think they are worthy), and comment – I love the conversations generated by comments! 

Last Thursday, I wrote a blog post on CWNP.com addressing pricing concerns of 802.11n networks.  The article had sections outlining the costs and benefits of 802.11n networks.  It even had a section titled “WWWBD? (What Would Warren Buffett Do?).  

I was actually going to summarize these posts on WiFiJedi.com over the weekend, but I ran into a technical difficulty. I originally typed out this post using the WordPress application for my iPhone while on a flight from Phoenix to Seattle. Since I was on a flight, I had to save it in the “local drafts” folder of the iPhone app.  However, when I went back to publish the post, the information wasn’t there! I Googled the issue, and found out that this was a known (and fairly common) issue with the iPhone application for WordPress.  The recommended “fix” was to uninstall and reinstall the application. While this method didn’t allow me to recover the data I had already drafted, it did seem to remedy the issue.  Just to be sure, I wrote a test post, saved it to the local drafts, and came back later and pushed it to the WordPress website.

Lastly, if you can’t get enough discussion of RSA, WIDS/WIPS, and Pricing, you can check out Joanie Wexler’s Network World article on “How intrusion prevention costs compare”.  Happy reading!

Super Tuesday Poll – Wireless IDS/IPS

Posted April 21, 2009
Filed under: Poll Questions, Wireless Security | Tags: , , , ,
* Comments (2)

Related Posts:

Sharkfest ’09

Posted April 20, 2009
Filed under: External Training, Industry Events, Packet Analysis, Professional Development | Tags: , , , , ,
* Leave a Comment

I admit it, I am getting jealous with all my colleagues Twittering about the RSA Conference this week at the Moscone Center in San Fransisco.  While the idea of heading to RSA hit me too late to make the logistics work, something that I am planning ahead for is Sharkfest 2009.   What is Sharkfest, you ask?  

Sharkfest is a conference dedicated to the optimization of the Wireshark Protocol Analyzer, which is now owned and managed by CACE Technologies. It is a 3 day conference being held near San Fransisco at Stanford University. The official dates for the conference are June 15th – 18th, 2009.  

sharkfest_banner

The conference has three tracks – one for basic users, one for advanced users, and one for developers.  I am pretty sure that you can mix and match sessions from all three tracks.  The cost of the conference is only $695 per person, and each paid attendee gets a free AirPcap Classic adapter ($198 value), which lets you do 802.11 b/g packet capture in Windows, directly through Wireshark. Groups of 3 or more are also eligible for a 10% discount.  

If you have been following my blog, you know that I am a wireless packet junkie.  I am attending Sharkfest with a couple other Principal Technologists from Xirrus.  It looks like they have a great speaker lineup with Mike Kershaw (Kismet creator), Fyodor, Laura Chapell, etc.  Of course, they will have Wireshark engineers and developers on-hand as well.  

If you are interested in registering for Sharkfest, I would suggest doing it soon.  This is the second year for the conference and the conference organizers told me that they are limiting the number of attendees so that it doesn’t grow out of hand too quickly.  As someone who attended the first several Shmoocon conferences, I can tell you that you want to get in on the ground floor.   

Related Posts: 

Copycat Twitter Worm?

Posted April 17, 2009
Filed under: blogging, Security, Social Media | Tags: , , , ,
* Leave a Comment

I originally wrote this piece as a guest post for An Information Security Place. However, I wanted to re-post at WiFiJedi.com FRIDAY 4/17 Update: Apparently the behavior described below is tied to a buggy Pidgin plugin. I haven’t been able to confirm that 100%, but thought I should deliver the latest & greatest…

—————————————————————————————–

As most of you know, Twitter was hit with a series of worms this past weekend. They were created by 17 year old, Mikey Mooney, creator of the website StalkDaily.com (don’t visit the site). The original worm seemed fairly innocuous, with messages that were created to drive traffic to the StalkDaily website.

I wrote a Computerworld blog post, where I detailed the original attack as well as provided a list of security recommendations. In that post, I commented that Twitter users should be on the lookout for modified worms, especially as additional details of the original attack come to light.

After Twitter patched the original cross site scripting (XSS) flaw, which exploited the “link” field in a user profile, another variant of the worm appeared. This time, the worm exploited the “color” setting of the user profile. Modifying the worm highlighted that the XSS vulnerability was not limited to a single field and that Twitter would have to institute a comprehensive patch, not a band-aid solution.

The variant of the worm automatically generated tweets with the term “mikeyy”. These were sarcasitic in nature and seemed to be tounge-in-cheek. Examples include:

  • Mikeyy I am done…
  • Mikeyy is done…
  • Twitter please fix this, regards Mikeyy

The general consensus today is that the “StalkDaily” and “Mikeyy” worms have been adequately addressed. However, I am not fully convinced. Four days after the original worm, I am still seeing suspicious behavior. A colleague of mine has a Twitter account that automatically started generating tweets saying “I am not here right now.”

Using a third party iPhone application, TweetStack, I am conducting periodic searches on the string “I am not here right now.” I found that this is not nearly as wide spread as the “StalkDaily” Twitter worm, but has affected at least a couple dozen accounts.

While this could be yet another variant of worm created by Mikey Mooney, my suspicion is that this is a copycat worm created by another party (most likely a Scriptkiddie).

Are YOU still seeing anomalous behavior on Twitter? I would love to hear about it! Please comment below as well as notify the Internet Storm Center if you see anything noteworthy.

Super Tuesday – 802.11n Benefits Poll

Posted April 14, 2009
Filed under: 802.11n, Poll Questions | Tags: , , ,
* Leave a Comment

There was no public outrage for the lack of a “Super Tuesday Poll” on WiFiJedi.com last week.

However, as “they” say… the show must go on.  Here is this week’s poll: 

 

Related Posts: 

Groundswell by Charlene Li and Josh Bernoff – Book Review

Posted April 13, 2009
Filed under: Book Review, Social Media | Tags: , , , , ,
* Comments (1)

I would like to offer periodic book reviews on WiFiJedi.com   The plan is to review wireless networking and security books. However, I have been doing a lot of reading about blogging and social media these days. Therefore, this week I am reviewing the book “Groundswell” by Charlene Li and Josh Bernoff.  

Please let me know in the comments section if you like the idea of book reviews.  Also let me know if you would like them strictly on wireless, or if you don’t mind if they are off topic.  

I originally bought this book based on a You Tube video of the author, Charlene Li, making a presentation under the “Authors @Google” program. I guess the Groundswell sold one more copy of her book…

In many ways, this book reminded me of Jim Collin’s “Good to Great” book. “Groundswell” is very quantitative in nature. There are a TON of in-depth case studies – the book even contains a case index in addition to a subject index.

The book is well structured. It is broken into three main parts and has a logical idea flow of listening, talking, energizing, supporting, and embracing the groundswell. While I liked the structure, it took more time to read than most books due to its academic nature. 

Overall, the authors take a practical, high-level approach to social media. They focus on the people, objectives, and strategy BEFORE they focus on any given technology.

This should definitely be a cornerstone text in any library on Social Media!

Twitter Worm Blog Post on Computerworld

Posted April 12, 2009
Filed under: Cellular / Mobile Phones, Security, Social Media | Tags: , , , ,
* Leave a Comment

computerworldI have started blogging for Computerworld.  I am serving up content for their Mobile & Wireless space.  

I wrote a post over the  weekend detailing two variants of a Twitter worm – one advertising StalkDaily.com (don’t visit the site) and another highlighting the 17 year old behind the website who goes by the name of “mikeyy”.  

My post details how the worm spreads, as well as provides specific security recommendations.  You can read the post in its entirety at: 

http://blogs.computerworld.com/twitter_worm_still_on_the_loose

I am also excited because I have my first Computerworld comment.  I really enjoy the community aspect of blogging, so feel free to leave comments here at WiFiJedi.com or at Computerworld anytime !

Packet Analysis 2.0

Posted April 9, 2009
Filed under: Packet Analysis, WLAN Vendors | Tags: , , , , ,
* Leave a Comment

It seems like I am going to bring my wireless packet analysis to a whole other level – “Packet Analysis 2.0”, if you will. Two of my favorite wireless capture and analysis tools have recently been updated – OmniPeek Professional and Wireshark.

I have been at meetings at our company HQ (Xirrus) most of this week, so I haven’t had a lot of hands-on time with either updated tool.

OmniPeek Professional has just been updated to version 6.0.1, as of April 3rd. It seems to offer much more flexibility of viewing multiple data windows through mechanisms similar to tabbed browsing.

I also downloaded a few plug-ins for OmniPeek Professional, including the multichannel aggregator – once I acquire one more USB 802.11n dual-band adapters, I will try to write a blog post documenting my experiences with the aggregation feature.

The new version of Wireshark seems to focus on a lot of bug fixes, although it includes an experimental package for Mac OS X 10.5.5 and above. Version 1.0.7 of Wireshark was announced April 8th. On the Wireshark front, I am attending Sharkfest this June, which I am pretty excited about.

Now that I am thinking about wireless product upgrades, I realized that AirMagnet also came out with an updated version to their Site Surveyor product about six weeks ago (version 6.1_13206)

So many product updates, so little time…

Related Posts: 

Stephen Northcutt Interview

Posted April 7, 2009
Filed under: blogging, Social Media |
* Leave a Comment

I am very excited to announce that I was recently invited to blog for Computerworld!  My blog is titled “Cautiously Cutting the Cord”.  In my first post, I spoke with Stephen Northcutt (CEO of the SANS Institute). We spoke about wireless networking & security, social media, and other topics.  While I posted the wireless portion of the interview at Computerworld, the rest of the interview follows:


DH: Another topic that I know we are both interested in is Social Media. I want to know your thoughts on where social media is headed, what the security risks are, and how you plan to either use or not use social media to expand and protect your brand with SANS.

SN: My first observation with regards to social media is that we may go through some transitions, but on the longer haul it’s going to definitely be a change in the way we think, the way we work, and the way we process information. Just this morning, I was watching a video of some research that they’ve done where you wear a camera and projector around your neck and when you run into information, the system helps you process it in context. So if you run into another person, the system might display word tags about the other person on their chest to help guide your conversation. Another example of that system is if you’re going to the airport you might just hold your ticket in front of the camera and it will begin to give you information about your flight status and gate and that sort of thing. So these things have very bona fide, obvious uses.  


DH: What about the security risks of social media?

SN: Well, the biggest security risk for social media is the OPSEC (operational security) kind of stuff.  We are going to be giving out more information about ourselves than ever before.  Bad people will use that to craft attacks against us pretending to be someone else or pretending to give us some sort of opportunity. But we will get through this – we will be wise.  Speaking only for myself, I’m not terribly worried about someone being able to fool me by the information that’s out on social media in the same way that I can look at in an inbox, and if the subject line is fishy, I can usually tell without opening the message. I see the subject line and I know that it’s not for me.


DH: Do you think that social media and its threat will legitimize the need for more security awareness training?

SN: I certainly hope so.  One of the experiments that we are trying on Twitter with SANS is to tweet a security tip of the day, every single day.  If we are fortunate enough that this works and people follow us, then more and more people will be exposed to these tips.  Furthermore, if security people encourage others to follow us, then we are reaching the right audience, which is a really cool thing.  The investment is so low. With 140 characters, how much time does it take to read? I guess 4 or 5 seconds.  You can read a tweet in almost no time. 


DH: How do you see social media as an opportunity to expand your brand?  How do you see social media as a potential threat to your intellectual property or your brand?

SN: Well I don’t see social media as a threat to our intellectual property. We sort of have a fixed problem of people trying to steal our intellectual property, with a fixed solution (the legal system) and I don’t think social media changes that. In terms of a threat to our brand, obviously if anyone that we would view as a competitor does a better job of using social media –  get more followers or get more press – then obviously that could take some shine off our brand. On the positive side of things, with LinkedIn, I’m approaching 600 connections at this point and they’re all business. Wherever those people go, they remain linked to me unless they choose not to. I’m not linked to Stephen Northcutt, I’m linked to SANS Institute so I’m building connections for the business.  There’s a guy who has already written an application already that ties Twitter to Salesforce and so there is some serious opportunities to leverage the technology if we can believe in it.  My one concern is that if too many people from SANS go chasing  too much social media it will dilute the brand message and also churn up some time that could’ve been spent doing other things. So while I do get on Twitter, I am a bad Twitterer. I’m on there once every three or four days because I know there is a SANS Institute account and I know they’re going to do something every day, and I don’t feel the pressure.


DH: The Internet Storm Center also has a Twitter account that they update a few times a day with different threats as well. 

SN: That’s great! I didn’t even know that – I try to follow them.


DH: That’s really all I wanted to cover but I figured you are gracious enough to talk to me about two things I am passionate about, was there anything you wanted to communicate, either about your organization or something that you think needs more coverage?

SN: I think that we have two exciting opportunities right now as a community. Neither one of these are SANS specific and I want to be VERY clear about that. The NSA blue team has wanted to put their methodology into the hands of the public for some time (maybe not all the secret sauce you understand) but to try to begin to turn around the absolute devastation that American corporations and US government are facing under the persistent technical threat of other countries infiltrating our information for their purposes. The project is called the Consensus Audit Guidelines.  SANS does host them, there found at http://www.sans.org/cag but they’re not ours and we’re not claiming they are ours.  We’re not the sole arbiters of them.  The person in charge of the project is the former CIO of the Air Force, John Gilmore -somebody who is definitely his own man. We’re just excited that we get to participate and make suggestions.  I would love to see more attention to the CAG, more of the community contributing to the CAG effort of people trying to implement some of the controls in their organization and then reaching back into the community with their experiences.  I think this is potentially one of the most important things we are doing.

SN: The other is that the government is about to announce a scholarship program for younger people that show talent in science and technology area, who have an interest in information security. Apparently something along those lines has been happening in China, and is a big part of how the Chinese developed their ability to extract information from both the US and other part of the world assets.  They found a few good hackers who were willing to train others and so forth.  We’re less interested in the United States in hacking, but we certainly do need to be interested in configuring well, and so I’m hoping this program is a success. You know, the government starts many, many, many programs (and not all of them succeed), but I hope this one succeeds. I hope that SANS can have some part in that success.  Additionally, I hope that anyone who ever hears this recording or reads the transcript will be interested in doing what they can to mentor some promising young person.  For one thing, some of these folks who have an interest in security are going to end up in organized crime or hacking, and so trying to give them an chance to do something exciting and challenging as well as being part of the community is too important of an opportunity to pass up.

 

« Older Entries
Newer Entries »