Friday, January 25, 2008

CyberCrime Film

Just back from SANS Security in New Orleans, I jumped at the opportunity to hop on down to Tribeca for the premiere of a documentary, The New Face Of CyberCrime.

Being a skeptical New Yorker, I couldn't help but wonder if what we were about to view would be an infomercial for Fortify Software, the sponsors of the documentary, however, I was actually impressed with the short. They included a snapshot into the brilliant Marcus Ranum, and a very personal one-on-one with Myron Ullman, CEO of JC Penny, whom I thought was extremely eloquent. He offered-up a highly evolved approach to intrusion and penetration, one that I (having a martial arts background) sometimes refer to as, the Xing Yi approach. Plain and simple, it's the understanding that the minute you think your network is impenetrable, is the second you'll be hacked, a lot like the acknowledgement that even though one may be an accomplished martial artist, a bullet is a bullet. In my opinion, Ullman depicted the arbiter of a well done film, that someone so high profile was willing to be that candid, and that honest, admitting that they simply "don't want to be that headline."

Afterward, the filmmaker and some of those interviewed in the film were present and taking select questions from the audience. One of the panelists, a journalist, spoke volumes when he pointed out that the TJX incident would have had a lot less negative publicity, if the higher-ups had been more apologetic and more empathetic to their customers. Instead, they kept insisting on finger pointing. Great example, is the opposite happened when Bank Of America was breached and went out of their way to apologize publicly, promising their customers they would not be held liable, and in many ways raising the bar and setting the standard that others in that situation now follow.

The food and drinks after the film ROCKED, and my friend Bill, Chair of and I decided to end the evening by grabbing his new XO (One Laptop Per Child) notebook and head over to Starbucks to configure it for its one-year free wifi with T-Mobile. What we couldn't seem to figure out was the meaning behind the color schema for the different networks that appear as dots on the screen. I was guessing that blue denoted a Linksys router and perhaps silver was Netgear, but I later discovered that the color of the circle is based upon the name of the access point. What still isn't clear to me, is what about the name defines the color that your circle will be. If you know, please comment here!

Thursday, January 24, 2008

SANS Security New Orleans

Photo Credit: Kathy Northcutt/SANS Institute (2008)

Here's our facilitator team from my most recent SANS Digital Security bootcamp in New Orleans.

SANS Institute is to information security what Top Gun is to the Air Force. SANS travels all over the world, setting up bootcamp training in computer crime forensics, perimeter protection and wireless security, to name a few. Their instructors are hands down, the best of the best, the elite.

I have had the privilege of being a SANS facilitator, assisting the instructors at now three SANS bootcamps (Orlando, San Diego and New Orleans). My goal is to work at least 2 SANS events each year.

I was especially glad that I could attend the SANS bootcamp in The Big Easy. New Orleans has seen anything but easy these past couple of years, and it was great to contribute in some small way to the recovery of their economy. In addition to pumping hotel, airfare and meals into the local market, I managed to pull a few cranks on some penny slots and still have enough leftover for these lovely alligator oven mitts (above photo). Last time I was in New Orleans (2000?), I went on a guided swamp tour to see real gators in their natural habitat. One of my few regrets in life is that I didn't save the cloth alligator cap that I bought as a souvenir from that trip, but no time to go 'gatoring this go-round, this visit was 99% business! (If you're wondering where the other 1% went, you can go to my other blog,, guess you had to be there...)

Unfortunately the photos I took were from one of those instant cameras and either the one I purchased had gone through the flood, or the developer did something wrong, but the pictures came out extremely grainy and pixilated. Guess I'll just have to go back!

Ah, I see another SANS in your future!