Monthly Archives: July, 2012

Security B-Sides Las Vegas 2012 – Big Data’s 4th V (or why we’ll never find the Loch Ness Monster)

What is big data?

There are multiple definitions of big data other than just a buzz word. For the purposes of this talk it is large data sets. More sources are creating more output, phones, smartphones, web, SMS, etc…. For example real people can be identified based on online movie reviews which can be easily traced back due to statistical infrequency based on reviews of more obscure movie titles or items.


What is vulnerable?

Data harvesting tools, overload of data or sharing of too much private data without giving more private summaries or ranges so identification is not so easy.

Mr. Ottenheimer’s example, a request for information of 13 year olds which drink Pepsi. What data would you give to marketing if you wanted to retain privacy?


What now?

Protection of confidentiality, integrity of the data and availability.


The discussion was built on hard learned experiences dealing with large data sets. Mr. Ottenheimer is the author of two books, one of which is Securing the Virtual Environment. How to defend the enterprise from attack” and previously presented at B-Sides with A Cloud Odyssey and Dr. Stuxlove.

If you’d like to see more please watch the entire video or check out his blog.

Presentation Video

Davi Ottenheimer’s blog

DefCon 20 Badges Update 1

My smartphone camera and badge have made the rounds today at DefCon. Meeting new people and making sweet badge love to other badges. I am still on the lookout for other badges as well! If you have different badges and want to share please tweet me @secevangelism I’ll be around the con.



DefCon 20 Badges

I was issued an Isis badge, although not the best photographer. There are 57 different badges this year, this one is marked with the designers Lostboy’s signature, numbered #10,  0101 with human 13 marked on the bag. It lights up and reacts with other badges. I will try and take pictures of some of the other badges as I meet people. Here is a link to pictures of some other badges by Wired Update: Awesome write up in-depth about the badges and how to communicate with them on Parallax.com Human badges are in 21 different styles this year and some example code and tools can be downloaded from Parallax.com or these links (re-post)

Security B-Sides Las Vegas 2012 – Keynote: The State of Security B-Sides

Security B-Sides is a community driven effort a little over 3 years old. In that time it has grown to 5 continents, 9 countries and 34 events. Jack Daniel introduced a brief overview of the history, past and present challenges in an extremely transparent manner. The organizers of Security B-Sides around the world are passionate about growing participation in the security community and deeper engagement in lacking areas in places like Latin America, India, the mid-west and south of the USA. So ardent are the organizers that in many cases they have devoted their own funds in addition to a significant amount of time. This has resulted in a stunningly successful program.

My personal involvement has been a brief encounter with Security B-Sides Berlin in December 2011 and volunteering for the Security B-Sides this year in Las Vegas. The conferences host presentations, workshops, discussions and allow open engagement with others in the community at no cost. Let me repeat that, no cost. The only catch is space is limited due so you must check the wikis and reserve a spot to attend. If you are unable to get a ticket I highly recommend volunteering to assist in this effort as I have this week and plan to for future events. Additionally, if you wish to be a speaker and are new to presenting many of the events have a mentor program to help you get started in sharing.

Line up for Security B-Sides Las Vegas 2012

Security B-Sides Wiki

Last HOPE Number Nine Lock Picking Village

Physical Toools you can use Lock picking is a skill I have frequently required but one I thought was entirely too difficult for me to attempt. On occasion I have been known to lock my keys in my car (5-6 times a year), loose luggage keys or worse yet lock myself out of the house (I have a 24 hour locksmith card in my wallet). Since my main focus has been on the digital version of lock picking I largely ignored this useful physical skill. I was so wrong! On the morning of the last day of the conference, when most attendees where still slumbering or fuzzy headed from the previous evening’s revelry I crept towards the Lock Picking Village to try my hand on some locks. Fortunately for me JK-47, an expert lock picker and accomplished trainer on the topic took me through an overview of tools, lock types and techniques. Using a Bogota and under JK-47’s skillful direction I was able to pop my first Basic #1 lock with ease. A representative from TOOOL was also on hand to give additional guidance to the small crowd in the village which consisted of children, teens, parents, geek chics, an attorney and anyone curious. I was able to pick the locks Basic #1-5 and a Master lock. JK-47 gave a demonstration of how to unlock handcuffs with a paper clip. Short and skinny, I am now the proud owner of my own lock pick set and unlocked a luggage lock I lost the key to. I personally found practicing strangely relaxing, similar to knitting I suppose. The participants came from all walks of life and almost all ages. We laughed, struggled, assisted each other and smiled at our accomplishments. I had a fantastic time and I look forward to seeing TOOOL at DefCon next week. If you would like to know more about TOOOL or lock picking in general please check out these links and videos: Official TOOOL Slides and resources
Locks are Worthless  by JK-47 The quote on the front page of TOOOL is very relevant:

“Rogues knew a good deal about lock-picking long before locksmiths discussed it… If a lock is not so inviolable as it has hitherto been deemed to be, surely it is to the interest of honest persons to know this fact, because the dishonest are… certain to apply the knowledge practically… the spread of the knowledge is necessary to give fair play to those who might suffer by ignorance.”

 ~ A.C. Hobbs, Locks and Safes: The Construction of Locks. London, 1853.

Last HOPE #9 Keynote The Yes Men

The Million Meme March to fight online censorship and a call to boot hats! Prior to the keynote I had heard of spattering about The Yes Men. I could kick myself for not knowing more in detail about them before. The presentation was both hilarious and highly inspiring. In the first half of the talk we were given an overview of some of their previous works involving disruptive actions which brought international attention to many important yet seemingly ignored issues by the media. One of these issues is very close to my heart, the Bhopal Disaster of 1984 in India. This accident caused so much death and intense suffering but pollutants remain on-site and inadequate medical coverage for survivors continues. The Yes Men commented they didn’t see their actions as “hacking” but from the perspective of a way to protest and do something to address graver injustices currently perpetrated in the world which require media coverage to assist in remediation. The Yes Men have a new mission so to speak, to draw attention to and cease online censorship. The project is called The Million Meme March, headed by the Supreme Ruler Meme and rather fashionable Vermin Supreme. As he puts it a league of memes might be required to cease governments from further SOPA/PIPA/ACTA/CETA type treaties or legislation which adds traffic stops and rumble strips to our freedom on-line. One suggestion, everyone make memes as a form of on-line viral protests against digital censorship. The Yes Men are taking suggestions now and looking for ideas from the public. Please browse some of the videos and explore. Very few of us seem to want internet censorship yet it’s occurring worldwide on varying levels. Start exploring how to make your own Memes and check out some great video and audio: QuickMeme
MemeGenerator #millionmemes Twitter hash tag (Picture from Radio Statler ) The Yes Men Labs Link to some Vernon Supreme videos, When I am President everyone will get a pony (YouTube). Link to the video of WTO Finland Spoof, “Management Leisure Suit” (YouTube) Link to BBC video The Yes Men posing as representatives of Dow Chemical (YouTube). Link to the audio (MP3)

Volunteering at Last H.O.P.E # 9 New York City 13-15 July 2012

For years I have been trying to attend the conference but life, work, school or finances always had a way of interrupting my attendance. Life almost stopped me this year after we lost our house and hero cat Myrra to an electrical fire in June, 2012. After surviving such a life changing event I decided life is too short to waste constantly dreaming of attending and to actually attend regardless of our situation. I grew up reading the magazine 2600. Like many it had a positive influence on my curious growing mind and heavily influenced my chosen career.

Originally, I volunteered for any assistance. Unfortunately, I was not physically capable of working as hard as I wished due to smoke inhalation injuries from our house fire. However, Lindsay, the volunteer organizer was extremely sympathetic to my fiery situation and made sure I could still participate for setup and tear down. She set aside some extra swag t-shirts since we lost pretty much everything and gave me a copy of the book The Best of 2600 A Hacker Odyssey to help rebuild our library. I must admit tears welled up a bit when Lindsay was so kind and gave me the book and the newest copy of 2600 magazine after all the equipment trucks were loaded up. My emotions got the best of me and I left without expressing just how great of an experience the conference was and how thankful I am to Lindsay for all her support. Thank you so much for everything.

I never thought when flipping greedily through the pages of 2600 in my youth, scouring each page carefully for tidbits of knowledge that one day I would attend the conference much less they would help clothe me and keep me slightly sane by replacing part of my collection 2600 magazine collection. The next conference will be in two years, 2014. I look forward to volunteering again, this time more physically capable and involved if possible. Thank you to Lindsay and all the other volunteers and organizers for being so fantastic. Volunteering at Last H.O.P.E. Number Nine was memorable and I look forward to 2014.

  

Blog Status and Brief Legal Update

Great news! We have retained new legal counsel, with a wealth of experience in this area, who has advised that I can start Blogging again.


 

Under legal advisement there are no public postings on this blog

Apologies but at this time the main author of this blog is under legal advisement to not comment further on this blog at this time.