Month: August 2009
Upcoming Opportunities to Meet
I figured it was time to update my Where’s Andrew page and thought I’d do a quick post letting people know where I”m going to be over the next few months. If you’re going to be at one of these events, please let me know and we’ll catch up (or meet) over a pint or two:
- Wednesday, December 9th and Thursday, December 10th, 2009 – Presenting a briefing on the OSSEC HIDS with Daniel Cid at the SANS WhatWorks in Incident Detection Summit 2009 with Richard Bejtlich in Washington, DC.
- Tuesday, October 6th and Wednesday, October 7th, 2009 – Attending SecTor 2009 IT Security Education Conference in Toronto, Ontario. (plans confirmed!)
- Wednesday, September 16th to Tuesday, September 22nd, 2009 – Attending SANS Network Security 2009 in San Diego, California.
- Monday, September 14th and Tuesday, September 15th, 2009 – Attending the SANS WhatWorks in Data Leakage Prevention and Encryption Summit 2009 in San Diego, California.
Remember When Clouds Meant Something Different?
Justin Foster, a fellow Canadian infosec guy, brought up an interesting point today in a tweet he sent out:
I remember the good old days when a cloud was something we drew to represent the Internet between two points. *Sigh*
He’s also responsible for the following diagram for those of you who are visual people:
“Cloud” is one of those marketing terms that I can’t stand because it is now applied to absolutely everything out on the Internet AND in data centers. In my day we called those areas DMZ and those vendors Application Service Providers (ASPs)…..consarnit!
The Real Life Trojan Horse – How Would You React?
I honestly believe that my circle of friends are smart enough to recognize a bad thing when it comes up. That being said, I have always had my doubts about the average person. Luckily my faith has been somewhat restored based on this article stating that someone has been sending unsolicited laptops around to to United States Governors whose offices, as detailed in the article, have promptly contacted the FBI to investigate. As I’m sure you would expect the FBI isn’t too happy about it. From the article:
The mystery began in West Virginia earlier this month when Gov. Joe Manchin’s office received five Compaq computers on Aug. 5. A week later, Manchin’s office received a sixth notebook, a Hewlett-Packard model.
The Charleston Gazette, which first reported the story, said Manchin’s office didn’t turn on the machines for security reasons. West Virginia state police said HP confirmed the notebooks were ordered online for delivery to the governor’s office, but didn’t reveal who made the purchase.
Wyoming and Vermont have also reported similar incidents, which has led to the FBI investigation.
If opened up your mail box and noticed a package, addressed to you, containing a laptop…would you use it or would you first ask yourself “I wonder who sent me this?” or would you treat it as the “bank error in your favor, collect a new laptop” card a la monopoly? I have a sneaking suspicion that even the most non-technical of people, on average, would think something was wrong and contact either the post office, the police, or maybe even their “techie friend” to take a look. That being said, I wonder how many people would react similarly if they were to receive a small gadget, such as a shiny new iPhone 3Gs, in the mail? I have a sneaking suspicion that people would be more likely to open the box, move their SIM card over, and see if their new free toy worked.
Thoughts?