Andrew Hay

Mike Murray has posted a really good presentation on Building a Sustainable Security Career. I encourage you to give it a read if you’re unhappy with your current job or want to reevaluate your career plan.

Cheesy reference to The Hitchhiker’s Guide to the Galaxy aside, I’ve finally decided that my new corporate laptop is going to be a MacBook. The decision was not easy to come by but I had a little help from my friend Brian and my colleagues in the Security Catalyst Community Forums (registration required).

The main reason behind the switch is that my Compaq X1300 laptop of 2 years shuts off, not down, at random. I believe there may be an electrical problem with the motherboard as I sometimes hear electric crackling and the fan usually doesn’t spin. Unfortunately, these days it’s less expensive to purchase a new laptop then to invest in a major replacement part which costs the same.

I’ve decided on the standard MacBook as opposed to the MacBook Pro because I like the portability of and price of the MacBook. Since I’m not a gamer I don’t require the large screen and dedicated video card that comes with the MacBook Pro.

Here are the specs of the system that I’m going with:

• 2.0GHz Intel Core 2 Duo
• 2GB 667 DDR2 SDRAM – 2×1GB
• 160GB Serial ATA drive @ 5400 rpm
• Superdrive 6x (DVD+R DL/DVD±RW/CD-RW)
• Apple Mini-DVI to VGA Adapter
• Keyboard/Mac OS – U.S. English
• AirPort Extreme Card & Bluetooth

I can’t wait!

On Tuesday, April 24th, 2007 I will be presenting the SANS SECURITY 452 StaySharp: IP Packet Analysis track here in Fredericton, New Brunswick, Canada.

Knowing how to decode network traffic with tools is a necessary skill for any serious network or information security administrator. Being able to decode the bits and bytes that represent our mission-critical networks gives you the skills to identify malicious activity, troubleshoot network failures, and analyze other desirable or undesirable network events.

This Stay Sharp class will give you the basic skills to decode network traffic with open-source tools available for Unix and Windows systems. You’ll be able to use these basic skills to analyze current or future network protocols and a better understanding of your network traffic.

Who should attend this course?

• IDS, firewall, and network administrators looking to learn packet decoding skills
• Analysts looking to learn new techniques in packet analysis
• Network administrators and operations professionals seeking a deeper understanding of network analysis techniques

If you live in Fredericton, or the surrounding areas, and want to know more about this training sessions then please take a look at the following links:

• The SANS Institute – http://www.sans.org/
• About the Stay Sharp Program – http://www.sans.org/staysharp/about.php
• Stay Sharp Program FAQ – http://www.sans.org/staysharp/faq.php
• SECURITY 452 StaySharp: IP Packet Analysis – http://www.sans.org/staysharp/details.php?id=3501

Also, if you’d like to learn more about the instructor (me) then please check out my About page and Resume. I look forward to seeing everyone there!

“Do you know that Canada is the World’s Third Largest producer of Diamonds?”

Hmm that’s interesting. I wasn’t aware of that. Please, do go on…

“In fact, Major discoveries in Recent years have made this one of the most Lucrative mining areas in the world.”

Wow makes me feel good to be a Canadian. I wonder what else this informative stranger has to say…

“Utilizing leading-edge geological theories, Kimber Resources (KRXR) has assembled a portfolio of diamond claims in this Highly Prolific region.

Good for them. It’s good to hear about a company doing well this ever changing economic climate.

“Rumors of a major discovery are just hitting the street and giving the issue really nice volume.”

Volume’s good. They always talk about shampoo that adds volume being a good thing.

“This, however, is just the beginning.”

Really? I wonder what’s next? The suspense is killing me!

“Trrading at just over $2, when official news is out we are going to see this gem well up into the $4 range!”

OK I’m sure he meant to type “Trading” but that’s besides the point. This insider information sounds like a goldmine!

— —

Well I’m sure you can sense my sarcasm in this post (I should hope so because I’m laying it on pretty thick). These pump and dump stock spams are really starting to get to me. I don’t understand where these desperate people are that keep these scams alive. Every couple of months I take a look at the Spam Stock Tracker site to see how much the site owner would have lost had he invested in the stock tips he received via email spam.

If you would like to learn more about pump and dump schemes, also known as microcap fraud, please take a look at this excellent page which details the process.

As reported by the Ottawa Citizen, and numerous other sources, a hacker attacked the Canadian Nuclear Safety Commission website, littering it with dozens of photographs of a nuclear explosion and raising concerns about the security of information held by the nuclear watchdog agency.

There is no excuse for any government funded agency in Canada to be susceptible to an attack of this nature. The Communications Security Establishment (CSE) offers training to all levels of government, certifies products, and also conducts research and development on behalf of the Government of Canada in fields related to communications security.

I’ve assisted the CSE during their evaluation of a product and they were very thorough in their evaluation process. Not only do they follow their defined test plan to ensure proper validation, they also create “free form” scenarios in an attempt make the device do something unexpected, like removing key values from configuration files to see what happens.

This attack leads me to believe that the defacement of this website was due to a breakdown in process. The developers of the website, either internal developers or consultants, did not perform adequate validation of their code to ensure security. The project officer who signed off on the completion of the project should ultimately be held responsible for this breach. Part of their project goals should have been a complete inspection of the final product with respect to security using publicly available Government of Canada Publications published by the CSE.

I can’t help but think what a huge problem this breach would have been had this been anything more than a simple website defacement.