July 31, 2006 | Comments: (0)
Black Hat Training and sunburns
I spent the past two days here in Las Vegas in the Tactical VoIP: Applied VoIP Phreaking class, taught by The Grugq for the first time. While it wasn't the most organized class, it did have a good amount of practical information on VoIP and exposed quite a few of the vulnerabilities that exist today with enterprise VoIP deployments. We worked with several tools including ones that did SIP injection, SIP ping (good for tracing the path a SIP call as it moves through the network) and MGCP server enumeration. Luckily I didn't have to learn Python to get these tools to work, but, if the class was nothing else, it was definitely fun and informative. I'll have a podcast with The Grugq up in a few days with his take on SIP Worms and Vishing (VoIP Phishing).
For the next two days I'm taking the NSA's (yes, that NSA) INFOSEC Evaluation Methodology course taught by Security Horizon. For me the IEM is a follow on to the excellent NSA INFOSEC Assessment Methodology course taught by Security Horizon I took last year here in the Big Hot. I found the IAM a bit rudimentary, but it covers all of the steps needed during a security assessment from the process perspective. It seems that the IEM is going to be about tools, attacks and defense. I look forward to seeing how it will pan out over the next two days.
Considering these two classes as the Odd Couple, where The Grugq is Oscar, Russ Rogers' teaching the IEM class is the exact opposite; a Felix with defined, clear-cut policies and procedures and almost retentive. But hey, what do you you expect when it comes to a NSA certification? BTW, if you're lucky enough to take a class from Russ, I would highly suggest taking it.
Did I get sunburn? No, unless you count one from florescent lights. I think I might actually leave here with less of a tan than when I got here (sort of like Oliver Rist when he goes to Hawaii).
Posted by Victor R. Garza on July 31, 2006 10:59 AM
July 28, 2006 | Comments: (0)
I'm back in 'Vegas for one of my two favorite events of the year, the Black Hat Briefings / DEFCON conference combo.
The only other reason I like to come here are the number and variety of the buffets, because it's certainly not for the heat - I hear it reached over 110 degrees a day or so ago. Suffice to say I've got on SPF 75 when I'm out in the sun.
I am looking forward to spending time with The Grugq on VoIP Hacking and Russ Rogers from Security Horizon to finish up my NSA IEM certification.
I'll be catching up with The Grugg after class to discuss new VoIP attack vectors and post the interview as a podcast shortly.
Cisco has already said that they won't have the kind of news that made headlines last year at the Black Hat conference. But I'll be keeping my eyes and ears out for any interesting news.
Posted by Victor R. Garza on July 28, 2006 03:57 PM
July 28, 2006 | Comments: (0)
CEAS Interview with Dr. Gordon Cormack
I recently had a chance to catch up with Dr. Gordon Cormack, a Computer Science Professor at the University of Waterloo and the chairman for the third annual Conference on Email and Anti Spam held this year in Mountain View, CA.
Garza: Can you give us a short synopsis on what CEAS is all about?
Cormack: There are many interesting scientific challenges in email communication and enhancing email communication and mitigating the abuse. I think that now we're in a position to look more carefully at these rather than just to fight to keep our heads above water. There are a number of scientific conferences on many of the technologies that we discuss at CEAS, but there is no scientific conference that is driven from the actual electronic communication application. So, there is a machine learning conference, but it would not be driven specifically by spam and email. And similarly there is an information retrieval conference and so what makes CEAS unique is that all of these investigations are driven, first and foremost, by the application of email.
Garza: There are a number of presentations being given here from academia as well as industry. Can you talk a little bit about the mix?
Cormack: Well, to start with, these are all scientific papers and peer reviewed. So contributors submitted a full paper that was submitted to three referees who then considered the scholarly merit of the paper and we chose from 79 submissions, we chose 27 contributed papers. Then we have two invited speakers as well. Invited to provide pizazz and provocative new ideas (laughter).
So in that sense there is no hard division between industrial papers and academic papers. They all had to jump the same bar. That said I'd say we have equal parts pure academics who are interested in science for science's sake, we have industrial research people and then we have more commercial industrial or operational industrial people so it's a fairly even mix.
Garza: We've seen a variety of different educational institutions and the large Cisco, Google, IBM and lots of other presenters from industry as well. What do you see as the overall theme for the show?
Cormack: Many technologies are used to fight email abuse and we're not strictly a spam conference even though there's a fair spam component.
Garza: And you were saying that spam is actually, or there is actually a larger spam component now…
Cormack: I would say that that happens to probably just be the mix of papers that were selected. I think maybe the whole effort to filter spam is becoming more consolidated. Maybe you seeing more of a standard method, more on spam testing corpora, and more on sober reflection on how to do this and how to measure whether its working or not. Maybe a couple of years ago it was still more of the 'wild west' where people are inventing new things and making extravagant claims but not backing up those claims. Again, more science coming in, and less, something else.
Garza: So there's more science method or methodologies trying to attack the problem of spam?
Cormack: Now I should repeat that there's more to email than spam. There are people investigating positive uses of email. You know, doing user studies, looking at social networks that arise from email. And there are forms of abuse other than spam, there's phishing and who knows what else. When you watch Rob Thomas' talk you'll see he talks about the underground economy and all the people that can compromise networks and how it works and how it's very much a social network of its own that's very well established and has pretty defined rules and its thriving.
Garza: And he talks specifically about using this for crime method?
Cormack: He's talking, yes, he's saying its basically an organized crime network but not organized in the normal hierarchical form but this is a kind of social network that has kind of evolved and there are 16 year olds and 14 year olds that are breaking into military computers or banks and they barter, but Rob expresses his better than I do…
Garza: In terms of the focus, I'm sure that we're seeing issues in terms of the presentations for short term implication, for people to actually modify their products to be better spam filters and anti-spam products as well as looking at the more future technologies to leverage anti-spam down the road and as it has been continues to be a growing issue.
Cormack: I think that's true. I think we're able now to start looking farther down the road and do more fundamental research, so, now that we're no longer just trying to keep our heads above water we can consolidate what we've learned and we can also start to look at what are the challenges and what are new technologies that might, as you say, really be embraced later on. And again, not just new technologies for fighting spam but new ways of organizing your mail. There's a paper her on suggesting that you might have forgotten to put an attachment on your email. How often do you send an email and say 'I'm attaching this' and then you forget. Well, there are technological algorithms that aren't so different from the spam algorithms that can help to suggest 'did you really mean to attach something,' but forgot.
Garza: So the future of email?
Cormack: The future of email, and more electronic communication broadly defined. Instant messaging for sure. Blogs, they're kind of on the, to the extent that they're used for two way communication maybe they'd be in scope as well. We're not particularly targeting electronic publishing, we're targeting electronic communication. Uses and abuses and how to counter and how to enhance the uses and how to mitigate the abuses.
Garza: Are you seeing your attendee numbers grow? You were saying there was about a hundred…
Cormack: No actually, it's down a bit and I would say it's mostly down because I think we're getting fewer operational and commercial people now than we were. Maybe this is related to, they don't have to swim so hard to keep they're head above water so they're employer's aren't as desperate to send them to find out what's new, but I'm not sure…
Garza: The presentations and papers are up on the CEAS web site?
Cormack: Yes, at least the full papers are up right now but I'll try to get the presentations up shortly.
Garza: I appreciate your time, Gordon.
Cormack: No problem.
Posted by Victor R. Garza on July 28, 2006 11:35 AM
July 11, 2006 | Comments: (0)
In today's cast I had a chance to catch up with Tom Russell, Senior Director of the Security Technology Group at Cisco, to discuss new product announcements in the ASA product line.
In our talk we take a look at the newly released ASA 5505 and ASA 5550 from Cisco, and see how these new technology integrate with your remote and local infrastructure.
Check out the accompanying presentation here.
Listen to the interview with Cisco now. 
LISTEN!
Posted by Victor R. Garza on July 11, 2006 11:28 AM
July 10, 2006 | Comments: (0)
Cisco talks about NAC 4.0 Appliance
In today's cast I had a chance to catch up with Rohit Khetrapal, Director of the Clean Access division at Cisco to discuss a new network access control announcement.
In our talk we take a look at the newly released NAC 4.0 Appliance from Cisco, and how this new technology integrates with your infrastructure better than technologies from other vendors, at least if you've got a Cisco-based infrastructure, and maybe even if you don't.
Check out the accompanying PowerPoint here.
Listen to the interview with Cisco now. LISTEN!
Posted by Victor R. Garza on July 10, 2006 09:22 AM
July 04, 2006 | Comments: (0)
Microsoftie talks about exit and always pertinent Schneier
I happened to come across Scoble's take on blogging and his exit from Microsoft here over at Wired. It's an interesting interview.
While you're there, check out Schneier, who was writing from WEIS: Workshop on the Economics of Information Security, at Cambridge University. As always, his insights are timely and to the point. He's also got a bunch of great links from the conference in the article.
Have a happy and safe 4th!
Posted by Victor R. Garza on July 4, 2006 10:08 AM
July 01, 2006 | Comments: (0)
Backup, backup and more backup
I've noticed recently that more and more of my clients and friends are having drive failures.
Now I don't know if it's the recent heat waves, global warming, or the fact that most of the drives that are in play right now were purchased quite some time ago and have just run their spindles out, but at least once a week for the past two months I've heard about a full on drive failure or seen a drive showing the signs of impending doom.
Since we're at the halfway mark for the year I'm suggesting that we all take a look at our backup solution and make sure that the whole end to end backup process is working.
If you've got VMWare running (and who doesn't these days) make sure that your image restore process works by creating a full server and workstation restore into a VMWare session.
I've worked with several backup packages over the years where it looked like the backup process worked, but once a restore was tried there was nothing but failure.
So, give your backup a good shaking out to make sure there are no surprises waiting for you if you do have to deal with a failing or failed drive or drive array.
Remember your laptops and other miscellaneous endpoints that are usually missed because they're not always connected to the network.
And don't forget to backup your router, switch and router configs while you're at it. You'll be glad you did.
Posted by Victor R. Garza on July 1, 2006 06:21 PM
| ZERO DAY PODCAST |
| Listen to the latest podcast: |
MP3
•
•
•
Archive
•
![[VoiceIndigo Mobilize - Listen to podcasts on your mobile phone]](http://www.voiceindigo.com/ht/images/mobilize_logo_sm.gif){kind=logo}
|
TOP STORIES
WiMax OK for commercial useAgile mgmnt for small teams
Why developers avoid Vista
CBS to buy CNET Networks
Icahn's letter to Roy Bostock
Yahoo opens up Search Monkey
AT&T limits iPhone purchases
Silverlight gets put on Linux
Intel to develop PC with Alibaba
Cybercriminals can rent a botnet
ADDITIONAL RESOURCES
- Virtualization: A Step by Step Approach to Success
- Dialing up Agility with Business Transformation
- 5 Things You Need to Know About Storage Virtualization
- Is your smaller organization ready for High Availability?
- Is system maintenance doing more harm than good?
- Virtual Test Lab Automation: Manage development infrastructure
