11 posts categorized "blackhat"

August 03, 2009

The payback

Often times I am asked or people wonder why I volunteer or about my motives in some of the good deeds I do. The reason is I am a big believer in what comes around, goes around.  Also, the payback for doing some of these things is not what you think it would be, but is much more rewarding.  Recently I experienced two examples the really exemplify what I mean:

1. I volunteered to help out at the flag football training camp in the flag football league I coach in.  It is strictly volunteer and optional.  But the chance to work with kids, teaching the football is something I really enjoy.  I was assigned to the passing station to show kids how to pass a football.  They rotated groups of kids in 6 to 8 at a time, ages ranging from 6 to 11.  One little boy could not hold the ball and was throwing off the wrong foot. I pulled him off the line and asked someone to fill in for me for a minute. I worked with the boy for a few minutes, noticing he had a coordination problem, but with some repetition he got the hang of it.  I put him back in line with the other kids and when it came his turn he make a decent throw. The little kid was really proud of himself. I noticed his dad taking pictures of him throwing and he looked pretty happy too.

After the group of kids moved on, his dad came over to me. Turns out it was his uncle and not his dad.  The boy was visiting from out of town. He came from a single parent home and his Dad was not involved in his life. The boy was autistic and though very excited to come to the training camp that day, had never played any ball before.  His uncle was just about crying seeing how happy his nephew was throwing the ball and playing with the other kids. He could not stop thanking me for making the boys vacation.  Making his vacation? I really didn’t do that much.  But that thanks and seeing this little boy and his uncle walk off the field together made all of the coaching and working with kids I do worth while!  That was the payback.

2. The second example was the three passes to Black Hat StillSecure provided and I gave away to people who wrote me or commented from my blog post offering the three free full tickets. During this past week, each of the three lucky winners made it their business to come by and thank me.  One young lady was on the taxi line with me and some other folks when she found out who I was.  She told me that I was the reason she was here as she would not have been able to come without the free ticket. She was on a panel at Bsides and was loving Black Hat.  Her along with the other two winners were so grateful and said they were getting so much out of the passes. I also ran into the winner of the Black Hat DC tickets I gave away last year. He loved Black Hat so much, that he made sure to get to this years Vegas event.  Again, that was the payback for me.

Sometimes it is not monetary rewards that are really rewarding.  It is the payback!

Reblog this post [with Zemanta]

Posted at 12:03 AM in blackhat, General Background, Sports | | TrackBack (0)

July 30, 2009

Forget about malware, rogueware is where its at!

Black Hat has been a great if not subdued event this year.  Many of the presentations were very good, as were many of the presentations at the Bside event held for the first time this year.  The thing I found most interesting though was my chance to sit down and speak with Sean‐Paul Correll  and Luis Corrons of Panda Security Labs about a new report they just released today on the business of rogueware. By Rogueware they primarily talk about the fake anti-virus and and fake virus scan scams we have seen explode over the last few years.  You know the type, you go to a site and they tell you your computer has been comprimised. You can buy a scan and clean up for fifty dollars. They neither scan nor clean up. In fact they install a trojan or botnet instead to ad insult to injury. The numbers are staggering. In 2008 the number of new rogueware samples found blew away everything that had come before, but 2009 is already dwarfing 2008. The following chart from the report from Panda Labs illustrates this:

growth of rougue av

According to the report, this niche in the bigger malware market netted the bad guys about a half a billion dollars last year!  They have affiliates who front their programs on many web sites. They flood Google with URLs so that their sites come up on legitimate searches.  They have thought of so many ways of delivering the payload.  Of course isn’t that always the problem.  The bad guys are bad and smart and devious. They always are on to the next thing, while we are still trying to defeat the old thing.  I am sure many of you know friends and family who have fell for this rogueware scam.  I certainly have.  One large company behind this menace actually hold yearly affiliate conferences in places like Jamaica, complete with complementary lap dances and hedonistic parties. With this kind of money at stake, you can see why this type of stuff is so popular.

Anyway the report is pretty fascinating. I am going to have Sean-Paul and Luis on a future podcast to talk more about it, so stay tuned.  In the meantime don’t be the next victim contributing to this industry.  Use reputable anti-malware and keep your common sense helmet on when using the web!

Reblog this post [with Zemanta]

Posted at 10:27 AM in anti-virus, blackhat | | TrackBack (0)

July 27, 2009

Black Hat yes, DefCon no, Bsides maybe

Well it is that time of year again. The pilgrimage to Vegas for Black Hat, Defcon and this year security Bsides. I will be at the StillSecure booth for a bit and checking in on the presentations that interest me.  Of course will probably also be around town with the usual suspects enjoying the views. I leave Thursday night, so will not be at DefCon. I definitely want to stop by the Bsides security event and am looking forward to seeing what that is about.

If you are out for the show please stop by and say hello. If not, will do my best to blog about the scene so you won’t miss anything.

Posted at 08:35 AM in blackhat, tradeshows, Travel | | TrackBack (0)

July 14, 2009

All charged up

alan fishingHi! If you haven’t noticed I have not blogged for over a week.  That is a long time for me to go without a word on here.  My dropping out involved more than blogging. I dropped out of most everything except being a daddy and husband.  It had been way too long since I actually unplugged and just spent time with my family.  My friend Brad Feld writes a lot about work-life balance.  I was badly in need of some balance. Unlike most people I actually love what I do.  But when it becomes work and I don’t like doing it, something is wrong and my work suffers.  Shortly after my work suffers, my family suffers because I become some sort of proto Mike Rothman-like grump.  That does not make for a happy home either.  So I unplugged for the week. Went fishing with my sons, played baseball, sailed a Hobie Cat, spent quality time with my wife and generally just unplugged.  The picture to the left is a bonito I caught.

Anyway I am back now, recharged and ready to rock n’ roll. I am excited to get on the road and start talking to people again. Black Hat will be here in a few weeks and I am looking forward to it! The Security Bloggers Network continues to grow and we have some announcements coming out around that as well.  Also, I am going to be doing a new series of podcasts on some great new topics that I am very excited about.  I have enlisted the StillSecure marketing team to help me promote them.  You will be hearing more about them soon! Generally I am ready to dive back into the security fray. It seems like the challenges are greater then ever and we have lots to do to keep up.  Looking forward to it!

Posted at 12:13 PM in blackhat, family, General Background | | TrackBack (0)

February 19, 2009

Back home from the Road

Well it was a whirlwind couple of days. I flew up to NYC early Monday morning and flew home from the Black Hat DC briefings late last night. 

This was my first Black Hat DC, after attending many of the Vegas editions of the show.  The DC edition is a lot of fun.  Much smaller and much more low key then its glitzy Vegas brother, the DC show is really all about people who work for the government or for companies who do government work.  Of course the DC area is still thriving with all of the money the government is spending.

black hat dc jaime There was not a lot of vendors, maybe a dozen all told.  I caught up with a bunch of media folks and fellow security people.  I also got a real kick as each person that was lucky enough to get a free ticket to Black Hat from StillSecure came by to say hello and thank me.  Seeing people who read the blog and sometimes comment, but you never see in person is a lot of fun.

While Black Hat DC is not the biggest conference, it is one that I am going to add to my calendar every year!

Related articles by Zemanta
Reblog this post [with Zemanta]

Posted at 08:57 AM in blackhat, links and appearances | | TrackBack (0)

February 18, 2009

At Black Hat DC today

blackhatI will be at Black Hat DC today catching some of the briefings and spending some time at the StillSecure booth.  If any of you are attending stop by and say hello!

Posted at 07:42 AM in blackhat, links and appearances, tradeshows | | TrackBack (0)

January 26, 2009

Would you like to win a free ticket to Black Hat DC?

blackhat Black Hat DC, while lacking the glitz and glamour of its Vegas sibling is a great place to dig in and learn. With a fantastic schedule of briefings and training, many security folks from within the Beltway and from without converge for 4 days of serious security.  The problem is of course that it is not cheap. A full conference pass is thousands of dollars and early registration has ended already.

The show this year is Feb 16th to the 19th at the Crystal City Hyatt Regency. StillSecure is a sponsor of the event.  As such the good people at Black Hat and StillSecure have made available a full conference pass that I can raffle off here on my blog.  So if you would like a free full conference pass to BlackHat DC (airfare and hotel not included) leave a comment on why you think you are most deserving.  Next Monday I will announce the winner!

Good luck and hope to see you at the show!

Posted at 11:16 PM in blackhat, tradeshows | | TrackBack (0)

August 09, 2008

Black Hat wrap up - secure@microsoft, booth babes and bloggers

You can read plenty of other blogs about some of the great presentations at Black Hat.  So I thought I would take another angle and talk about some of the other stuff that may be important to you.

 

1.  Picture 049secure@microsoft.com – This years hottest party was again the Microsoft party.  This year it was at the LAX club in the Luxor.  As usual there were quite a number of people at the door who thought they could talk their way in or worse yet were told they “were one the list”.  I was happy to be able to go and saw many of the usual suspects there as well. I had to leave the party early to go catch my red eye flight home, so went right to the airport from the party.  As I wrote earlier, Microsoft is trying really hard on security.  But I couldn’t help but notice the irony of this grainy, lousy picture of the DJ booth at the party.  If you can, notice the computers that the secure@microsoft.com DJs are using. That’s right they are Macs!

Edge_os_3 2. A new low for booth babes – What would a Shimel review of a trade show be without a booth babe rant.  Hey I recognize it is Vegas and all, but EdgeOS went way over the line this year.  A booth babe dressed as a Las Vegas showgirl or some other type of costume makes a statement.  I personally don’t like exploiting woman to make that statement, but I understand.  However, these guys had woman who were dressed so raunchy and classless, that I could not bring myself to post a picture of them.  Come on guys!  You want to resort to the booth babe thing (and BTW I think the Black Hat crowd does not respond to that), at least have a little class.  These girls looked like street walkers and do you and your company no favors.  Is that really the image you want to promote?  Grow up!

Authors note: I have received several requests to see a picture of the booth babes in question and judge for yourself. So I am including for you to make your own call

 

3.  The Security Bloggers Network – We are back!  With the end of the Black Hat show, the SBN is going back to being the SBN.  The old logo is back and our promotion with Black Hat is at an end.  However, I want to personally thank so many of you SBN members who blogged about Black Hat.  The Black Hat marketing folks made it a point to come over to me and thank us for the overwhelming support and help of the community.  Our network delivered big time with them and they are already thinking about ways we can work together next year.  I will keep you all posted on that.

 

securitybloggersWe have several new promotions we are working on with the SBN and will have more on that soon. Also, we learned some valuable lessons.  Next time we will work with the network members more closely in doing these affiliations.  Also, for any show like this we need to have an official bloggers get together.  Not because we don’t want to buy our own drinks (thanks to Chris Hoff for doing more than his share in picking up a big bar tab), but frankly we need to reserve a place that has enough space for us.  Security bloggers are big time. We have a great community of people who get together. Lets make it better.

 

I have some other ideas around the SBN I am working on too and want to form a committee to help. If you are a member and want to get involved, please drop me a line or comment.

 

Anyway, another year of Black Hat is in the books. It was a good one and I can’t wait until next year!

----

Posted at 12:22 PM in blackhat | | TrackBack (0)

August 07, 2008

My excellent adventure at Black Hat

Yesterday was a great day at Black Hat. I would tell you all about it, but it seems Mitchell thinks that it best that we don't talk about what goes on here at Black Hat. Now, far be it from me to break "Cardinal Rules" (has anyone ever really thought about what exactly is a "cardinal rule"? Why not a Blue Jay or Falcon rule?) but if we can't talk about it, what good is it. I think Mitchell is confusing divulging the really juicy Vegas stuff, from just the mundane. So let me tell you about my excellent adventure yesterday at Black Hat.

I was one of the multitude standing in the back listening to Dan's DNS report. You probably have already heard that it is bigger and worse than originally reported. I than spent a lot of time with the Microsoft people talking to them about their security stuff. I will tell you that despite many who rail against Microsoft, these guys actually are doing a great job on security and in dealing with the security community. Much better than a certain company named for a fruit whose marketing people killed the presentation of their own security research team. After lunch I took a front row seat to watch Hoff present on virtual security. He has some very pretty slides, but the message was clear. Great presentation by Hoff. I spent most of the rest of the afternoon catching up with lots of security bloggers here. I am amazed by the number of us here at Black Hat.

Had a quiet dinner with Mitchell (I would tell you about it but you know about what happens in Vegas with Mitchell) and than went to the Breach party at the Shadow Bar (I love that place, but it was too hot last night). We than went over to the Fuente cigar bar and next thing you know we were joined by about 30 of our closest security blogger buddies. It was a great time and their are pictures floating around twitter somewhere of it. We talked and laughed into the late hours, winding up at the Augustus cafe again for an early breakfast.

Well it is back to the show today and another round of parties tonight. Ah, it is tough living the life ;-)

Zemanta Pixie
----

Posted at 12:52 PM in blackhat | | TrackBack (0)

July 23, 2008

Is there any reason to go to Black Hat still?

Blackhatbloggers I was reading the Security Bloggers Network feed this morning. I had missed a day or so and had a lot of articles to go through. I was also thinking of what could be the next topic suggested for members to blog about as part of our cross-promotion with Black Hat.  Than I realized there really was not any need.  The topic was obvious, DNS. I didn't do an actual count of how many times it was mentioned (as Mr Bump did with NAC vendors mentioned in the Information Week NAC survey), but there had to be at least a dozen and half, if not more articles on the great DNS leak of 2008. 

Dan Kaminsky's research was exemplary, but his naivete about people keeping the exploit under thier hat was not.  While Thomas Matasano apologized for his mistake, frankly from the moment Havlar Flake begain speculating on it, it was just a matter of time. 

Anyway, the cat is out of that bag, but something tells me that Dan K's presentation will still be a standing room only crowd in just a few weeks in Vegas.  But beyond that there are still a bunch of good topics to be discovered at Black Hat.  Not to mention lots of social activities brewing for both BH and DefCon.  I amreally looking forward to it. I would hope that no one is feeling the air out of the ballon on this one!



Related articles by Zemanta
Zemanta Pixie

Posted at 02:41 PM in blackhat, Science, tradeshows | | TrackBack (0)

Next »
My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search

Attend a Computer Forensics Boot Camp to better your skills and become a better worker

Categories

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About