For your team to purposely pull your talk from DefCon because they have asked that the feds not attend this year is absolutely silly. If your purpose is openness and community, it seems rather fishy that the organizers simply asking that the 'Feds' don't attend (i.e. the guys trying to track hackers) would incite you to pull your talk. I think it is completely disingenuous to say that this is not a political move because the community will still be there - you just aren't targeting the community anymore with your talks and your target audience may not be present...at least that's the way you make it seem.

Seems to me that their motivation is pretty much the same as Moss's *the Dark Tangent" in "uninviting" the feds in the first place.

Publicity.

Looks to me like it's working.

Here's a reality check: Most feds don't come to DEFCON, they come to BlackHat, and stay through (part of) the weekend for the con because:

• It used to be included in the BH cost (now just discounted) and
• You get cheaper airfare if you stay over a Saturday, so you save your agency / employer $$ on airfare.

Now let's kick in a little reality: Sequestration has hit the feds a LOT harder than most people realize, with furloughs, draconian travel restrictions including forbidding weekend travel, attending conferences, etc. The feds that DT uninvited were probably not going to be there anyway, and my guess is he's trying to stir up some shit and boost non-fed attendance.

The feds that will be there are either the ones who are genuinely interested in the community, coming back to see old friends, attending more than likely on their own dime, or, those on a mission.

Neither class of fed is going to pay attention to the un-invitation.

Just my 2% of $monetary_unit. I don't know shit, I've only been going to the con for 13 years.

-Red

Up front, I have a BS in Math, concentrated more in the abstract than applied, and it's 30 years old. I've also spent the last 20+ years in InfoSec, dabbling in programming along the way. I look back on what I took which has served me the best since:

- Formal Logic (might have to look in the Philosophy department for that one, it was dual credit for us)

- Structured Programming

- Number Theory

- Mathematical Modeling

Lots of the rest of it was fun, but I haven't really used much of the college level math since then. The geometry and trigonometry I had in high school have served me much better.

Hope this helps.... Red

+1

What he said, MH is the tool for this task. I have mail going back to early 90s, each message in a separate text file, sorted into directories by year. Once you're archiving in this format, you can then index the files for more rapid searches, or, if you're old school, just grep around when you're looking for something.

Best thing is, once you have them organized this way, you're done, and can burn backups of the archive (by year) directories to CD or other long term storage, and not have to worry about loosing anything.

One warning: beware filesystem limitations on number of files in a directory. If you convert a HUGE amount of mail at one time and dump it into one dir, you may end up with a problem, so RTFM (read the friendly man pages) and plan ahead accordingly. You may need for example to split a year into quarters if that years mail exceeds a limit (not that I've run into that problem....)

BTW, the O'Reilly book is a must. Grab the pdf, but get a paper copy if you can as it's quite hefty.

Hope this helps.....

Red

There are flaws to both sides of your analysis because you left out a couple of "players" which are obviously and currently present in both meatspace and cyberspace: terrorists and rogue states.

Terrorists typically have no specific nationality, do NOT wear uniforms, and are not necessarily readily identifiable as such, or as to their origin or objective.

Rogue States simply by definition do not follow the rules, and believe it or not, in conventional warfare, there are internationally recognized laws of war, Geneva conventions, etc. Not only do these guys not play by the rules, they have also been known to sponsor terrorists, and hackers.

The proposal might help if signatory nation states ever openly "went at it". It won't help in the case of covert attacks because of the problem you and others point out of attribution, and won't help at all with the players I describe above.

They'll simply ignore it.

Red

First, if it's not already explicitly in scope for your existing contract, negotiate a "train my replacement" clause or task, at a premium over what you're already billing. Be frank with your customer that you both need to realize that they are asking you to train your replacement. You might be surprised to hear them say "no, we just want additional staff". If that's the case, negotiate for a long term contract of your own as a condition of training.

Then, mentor the young pup. Treat him like your son or daughter. Teach him everything. You can't teach experience though, so you're ahead no matter what. During this time, evaluate the person's capabilities, including the capability to listen and learn. Think of this as having an intern on somebody else's dollar.

If it all goes south and you lose your customer, you might be able to pull him with you (assuming he's worthy).

THEN you're in a nice bargaining position.

Red

No.

There is inherent danger in taking on a criminal element, cyber or otherwise, either as a reporter or a member of the law enforcement community. They are criminals, and do not adhere to the norms (laws and ethics) of society. Brian has chosen his path of reporting on and exposing these miscreants in a public forum, and to not hide his identity, knowing full well the risks of repercussions. He was so aware of the specific threat of being SWATted that he approached his local Law Enforcement authorities in advance of this attack to educate them and alert them to the possibility that he might be targeted. No, he didn't "deserve" what happened, and I would never imply that he did.

There is some safety in publicity; obviously, in this case, it was insufficient. DDOSing your web site in retaliation is one thing. THIS attack crossed the line. THAT's what "poking the wrong bear" means.

Red

I'm guessing you've tried the cheapass foam plugs....

First (cheapest) option is to look for triple-flange earplugs. Look at a sporting goods store in the firearms department.

If that doesn't work for you, look into getting custom molded plugs made. I have a set from my time as a competitive shooter, and when they are in, and correctly seated, I cannot hear ANYTHING, even though I can feel the noise in many cases. For voices and random dorm noise, that should be sufficient.

Another option is a set of noise canceling headphones. Just don't feed them any input and they will still reduce ambient noise. I would recommend you borrow a set from a friend before investing, as the best are "over the ear" types, and they tend to create a sensation of pressure in your ears. Some folks find that uncomfortable.

Hope this helps......

Red (retired Field Artillery Officer)

Get the store a dawg. It needs to be a medium to large but friendly breed with a loud bark.

The key is, the store is his home. His people (the owners) come to visit him and spend time with him there every day. He gets lots of visitors who he can greet (customers).

End of the business day, his people leave him a small amount of food, plenty of fresh water, and a nice place to sleep, as well as run of the store.

Post signs. Dawgs protect their territory, which is why it needs to be HIS store (his home), not a bring to work dawg.

Caveat Emptor: check with the liability insurance carrier up front.

Red

If you have a version control system in place. it's not an issue cause you can roll back or at least see the previous versions.

If you're operating on a more basic level, clone the crufty code, put the cruft in comments explaining CLEARLY why you cut it out.

When you fix or replace what you cloned, comment there as to exactly what you think was wrong or broken, and how you fixed it.

One thing that is certain, with production code, you will NOT be the last person to work on it. Pay it forward with good practice.

Red

It's part of the standard, and I know, cause I helped write it.

Set the SSID the same for each AP. Set them on different channels so that the AP's don't "step on" each other's bandwidth. Roaming is a station-side (client in common usage) decision, so your PCs will automatically pick the AP with the best signal strength.

As far as authentication goes, this all depends on the AP. All should support PSK (preshared secret keys, aka passwords) and in that scenario, set them all to the same value on each AP. The PSK should be at least 24 characters long, and the SSID for the net unique to keep the security at acceptable levels and reduce the possibility of offline dictionary attacks against the PSK.

Assuming the APs support it, Enterprise grade authentication with individual per-user passwords is within reach at little to no cost. You can tie into Active Directory or set up a free AS (Authentication Server) using FreeRadius on a linux box. The definitive reference for doing this with an MS server is a book titled "Deploying Secure 802.11 Wireless Networks with Microsoft Windows". Make sure you check for updates to the book online, and there is an appendix which details how to set it all up in a lab environment, which will let you prove principle without screwing with the production network.

Google around and you will find loads of information on how to do this with Open Source, the key articles being some from Linux Journal from about 6-8 years ago.

Hope this Helps......

What do you fine folks think?"

I think you're not a very well trained sysadmin.

There is no reason to not have various parts of the filesystem mounted from different disks or partitions on the same disk. If you do this, you can run part of the system on one filesystem, other parts on others as appropriate for their intended usage. This is commonly done on large servers for performance reasons, quite like the one you are asking about. It's also why SCSI ruled in the server world for so long since it made it easy to have multiple discs in a system.

So run most of your system on something stable, reliable and with good read performance, and the portions that are going to take a read/write beating on a separate partition/disc with the filesystem which has better read or write, whichever is needed, performance. If you segregate your filesystem like this correctly, an added benefit is that you can mount security critical portions of the filesystem readonly, making it more difficult for an attacker.

Red

Interesting position the government is taking.....

I wonder if it applies to the government's data (actually, it's OUR data when you think about it) which they are busily migrating wholesale to the cloud?

Red

Stitch 'em onto an appropriate undergarment and make a scalemail shirt.

Red