— Space Rogue (@spacerog) August 8, 2014
- The keynote was really good.
- His talk contained perfectly placed twitter-friendly soundbites.
- All the ‘noisy’ tweeters attended his talk.
— ░░░▒▒▓Jess R. ▓▒▒░░░ (@Jofo) August 8, 2014
— Space Rogue (@spacerog) August 8, 2014
— ░░░▒▒▓Jess R. ▓▒▒░░░ (@Jofo) August 8, 2014
I often shoot myself in the foot by agreeing to doing things and then realizing it eats up a lot more of my time than I’d originally anticipated which is why I haven’t been blogging or making videos much recently.
Some of the things that have been consuming my life lately have included (cue fast-paced soundtrack)
I travelled to Las Vegas to attend Guidance Software’s CEIC conference.
I must say, Vegas is very different outside of Blackhat / Defcon / Bsides season and I did miss not seeing an ocean of black shirts and wonderful hair styles. Although, I did get to find a shisha bar – so it wasn’t all bad.
For non-shihsa related news, my 451 Research colleague David Horrigan and I co-wrote a writeup on the conference which can be obtained here free of charge and registration.
Oh, and I also got to hang out with the goodDoctor Krypt3ia
In June, the good folk atEskenzi held their annual event. The first day consists of analyst / vendor meetings where I got to speed date a whole host of vendors. The second day consisted of a CISO roundtable – which in theory should have played out like the hunger games. Three sides converged, CISO’s, vendors and analysts – I was hoping for fireworks, nasty comments and backhanded digs. But this is London and despite the efforts of some of our American guests, the proceedings remained rather civilized.
And I got to hang out with and pick the brilliant mind of Mike Rothman.
The next day it was the RANTConference – where I donned my Host Unknown mask. We had a great time, and my nail file swag was definitely the highlight. You can see the video here:http://youtu.be/XlhgKlmc7K8?list=UUTwY3LNRujMskBDbQvKoiBw
ACG put on their London conference. It was the first time I’d attended an ACG and it was extremely good. I was lucky to moderate a panel entitled, “is Anti Virus dead?” – the summary outcome was ‘yes’.
There was the inaugural Bsides Manchester which was brilliant. Matt Summers who was instrumental in setting up the first Bsides London invited me to MC the main track and I couldn’t say no to him. After all, he’s the man who imported Bsides into the UK… he’s kind of like Jack Daniel, except younger, with no facial hair, not as much style, class or interesting… but you get the idea. It did afford me the luxury of getting selfies from the front whenever I wanted.
As the old adage goes, you wait for one new and cool conference up north and suddenly you get two. Steelcon was held in Sheffield and organised by Robin Wood. This was a special conference for me as not only was it the first time that I’d been invited to give the opening keynote – but I was invited to deliver it along with my daughter, Girl Cynic. I’ve been meaning to put up a video of our experience which I may do so in the future, but suffice to say it went well. There was a kid’s track which the children all seemed to really enjoy and the whole day was really well put together.
My final trip came a couple of weeks ago when I attended McAfee’s analyst event in Amsterdam. It was an enjoyable whirlwind 36 hours in the Dam, where I got to spend some time with the ever-elusiveRaj Samani.
So with all these events and travelling happening in the last few months – I had to tap out and not go to Blackhat, Defcon or BsidesLV this year. Maybe now Eve and Gillis will stop this online campaign of terror! J
With so many breaches occurring on a regular basis, perhaps it’s time for a new kind of CISO. A Bat CISO!
Because infosec has cured cancer, ended poverty and created a utopian paradise that the villain in Demolistion Man could only dream of – the industry often finds itself trying to fix the really big issues via twitter and other social media platforms as well as within the hallways of conferences as to what is wrong with the infosec conference scene.
A few suggestions have been thrown out about what can be done to remedy the problem and what the ideal number and style of infosec conferences look like.
The infinitely quotable Grugq posted a thought-dump on the issue and most recently, Rob Fuller commented on the role alcohol plays within the infosec conference scene which caused a firestorm of opinions to rain down from all sides.
Of course, those aren’t the only opinions in this space – we often also get the chance to grab some popcorn and witness some absolutely mind-blowingly epic micro-movements which generate dialogue that Simon Pegg would be proud to have penned himself. Examples include
Not to belittle some of these issue, I mean I know how cranky I get without caffeine, but the problem is that these are what I’d say are, “server side” issues that primarily are up to conference organizers to address and resolve. Average attendees have little say or influence in how conferences are run – so what can you, as an average attendee do in order to maximise your chances of having a fruitful and useful experience?
It’s like me complaining that the luggage allowance on flights isn’t enough, or that there isn’t enough legroom in economy. Sure they are valid complaints that need the U.N. to get involved, but these can only be fixed by the airlines and not by the passengers. On the other hand, you can make your flight a much more pleasant experience by simply investing in luggage bags which meet the airlines dimensions and a bottle of sleeping pills.
Until a couple of years ago I wasn’t a regular conference goer. However, in my job as an international analyst, my job revolves around me going to quite a few conferences. At first it sounded like the ideal job, but my boss did warn me it would take all the fun out of going to cons… and she was right. So, I’ve adopted a bunch of activities that try to make cons a better experience for me. In other words, these are some of the ‘client-side’ changes I’ve made.
1. Book early
There’s something quite heroic about booking a last minute flight, not knowing if you’re going to get to the airport, sharing tweets with the world letting them know how you like to live dangerously and always on the edge. In reality though, few things worse than booking late to find all the nearby and good quality hotels have been taken leaving you across town in a seedy part of town. Sure, it may allow you to experience some of the local culture, but I prefer to conserve as much energy as possible – it’s a marathon and nothing is worse than my short legs having to carry me halfway across town to walk all day at a conference.
Less walking, less tiredness = more happier conference goer. Read the rest of this entry »
Some people just want to watch the world burn. Others just want to give bad security advice. Check out Troy Hunt’s blog post on the matter.
If you like to keep up with my ramblings on the Facebook or twitter, you’d probably have seen that not only was I nominated in several categories for the European Security Bloggers Awards, but so was Girl Cynic.
Well, apparently Girl Cynic has been doing something right because she won the award for most entertaining blogger whilst I won the award for best video blogger. It’s an honour and I’m immensely proud to win an award two years in a row, not to mention glad to see the Girl is helping keep things in the family. All that’s left really is for me to get her to write my reports for me and I can quit my day job and retire! I’m sure that day will come soon enough…
Until then, Girl Cynic did demand that her picture go up on the website as she now see’s herself as an equal partner in this venture. The student really has surpassed the master… created a monster have I.
A full list of the nominees and winners can be found here.
P.S. As its customary to thank people when winning an award, I’d like to thank you and everyone who voted – this one’s for all you guys! <exit stage left>
Phishing emails can be nasty pieces of work. They put a lot of effort into appearing legitimate in order to trick users into falling for their scams. In this video, I only take a look at this one specific email which claimed to come from Apple. There are lots of signs to look out for that aren’t covered in the video. Each of these signs may not mean anything on their own, but putting them together could indicate a phishing attempt.
Some of the other things you can look out for that aren’t in the video would include things like the email being sent from a weird address, like Yahoo or Gmail. Or it claims to come from a government department of some sort.
Slowing down helps a lot – nothing bad will happen if you don’t open or respond to an email immediately – well, I guess unless it’s your boss, in which case you could get fired. But at least you didn’t infect the whole company… now that’s what I call going out on your shield!
Jimmy is a good guy – I like him, he works in security and trains MMA. Which means if he can’t gain access to your server, he’ll simply beat the password out of you.
As they say, a little photoshop is a dangerous thing – and the temptation was too great to not take advantage of the opportunity.
Which led to the birth of Jimmy Sozé
This got Jimmy a bit worked up, so I challenged him to a duel.
He said he’d kill me – to which I said that’s a crime punishable by hanging till he’s dead, dead, dead!
The subsequent barrage of messages proved that Jimmy was indeed unchained. Read the rest of this entry »
For the times you feel like the ball inside a pinball machine.