I am a big fan of comments on this blog. I really enjoy interacting with those who visit.
I am not a big fan of people who feel it is necessary to leave extremely nasty and vile remarks. Luckily, that hasn't been too much of a problem until today.
Today, somebody left a comment on the FBI Citizens' Academy post that was not aimed at having conversation about the topic. The author's only intent was to call me names and say how bad the FBI is.
If the author was interested is discussing why he thought I should temper my enthusiasm, I would have left it there and responded. I actually started out editing the comment to remove the insults and innuendos I don't want my nieces and nephews to see 
and then typed a reply.
Then I stopped.
The author didn't leave a legitimate email address and used an anonymous proxy to hide his IP address. If he didn't want to be contacted about his views, I sure wasn't going to waste my time addressing them.
Anyway, in light of this experience, I thought it time to make it clear what my policy is regarding comments on this blog. So here it is and it's really simple.
Comments Allowed
- Comments that espouse my unfathomable wisdom
- Comments that add to the discussion.
- Comments that disagree with me - Please. Go for it. I am happy to have a spirited debate.
Comments Disallowed
- Anything I deem to be in poor taste or offensive. Yup. Anything, and I pick.
That's it in a nutshell. Please feel free to weigh in, just keep it civil
-Kevin
Well, I intended to do a nice post about the 2nd birthday of the blog with nifty stats and other fascinating tidbits, but, with the week we've had, it completely slipped my mind.
Two years ago on March 22nd, the first Infosec Ramblings post went live. At that time, it was on WordPress.com.
Since then, there have been 490 posts, 799 comments, 1998 interesting bits linked to, and we are sneaking up on 1000 subscribers to the RSS feed.
Thank you to all of you out there who take the time to pay attention to my drivel and be assured that it will continue.
-Kevin
I am really excited about a new opportunity that I can finally talk about. 
No, I am not joining the FBI....yet I have, however, been accepted to the FBI Citizens' Academy.
From the FBI Citizens' Academy site:
Want to find out first hand how the FBI works? Hear how the Bureau tracks down spies and terrorists? Learn how to collect and preserve evidence? See what it is like to fire a weapon and put yourself in the shoes of a Special Agent making a split-second, life-or-death decision?
I think this is going to be a lot of fun and give me a much greater understanding and appreciation of what the FBI does.
Here is a link to a Q&A with some folks that have attended.
I will be blogging about the experience as much as I am allowed.
-Kevin
If you are employed, you have a job, but do you have a career? Do you want one? What do you want it to look like?
If you have a career, is it going where you want it to? Need some help from a supportive and objective partner who will lead you through a critical assessment of where you are and where you want to go?
Michael Santarcangelo is starting a new service called the Catalyst Career Compass program over at the Security Catalyst. From the description:
Career Compass Overview
Whether you are currently a Security Professional or want to become one, this highly flexible program will help you set and meet your professional ambitions while serving lifestyle goals.
Set your Career Compass:
- To prepare for a raise
- To receive a promotion
- For career development
- If you are ready to move into the security field
- To find a new position (within your current company or outside it)
Michael is truly dedicated to helping others. He is looking to iron the wrinkles out of the program with a first batch of guinea pigs...I mean...beta testers
Check out the post and let Michael or me know if you are interested in participating. I truly believe that you find great benefit from working with Michael and also a new good friend in the process.
-Kevin
I apologize for the downtime today. It was entirely my fault.
Things should be okay now.
Kevin
I meant to mention this again earlier this week, but forgot to. ShmooCon will be live streaming the entire event this year. The conference starts today at 3:00 EDT.
If you are not familiar with ShmooCon, here is a tidbit from the conference website:
Different • ShmooCon is an annual East coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks, One Track Mind. The next two days, there are three tracks: Break It!, Build It!, and Bring It On!.
Affordable • ShmooCon is about high-quality without the high price. Space is limited! ShmooCon has sold out every year, so unless taking a chance on an eBay auction to get your ticket sounds like fun, register early!
Accessible • ShmooCon is in Washington, D.C., at the Marriott Wardman Park Hotel, just a few steps from the D.C. Metro. Fly into DCA, IAD, or BWI, or take a train to Union Station, and you are just a quick cab ride away from the con
Entertaining • Brain melting from all the cool tech you are learning? Check out some of the contests running at ShmooCon, including the Hacker Arcade and Hack-Or-Halo. In years past, we have also thrown massive parties at a local area hot-spot, so expect that to happen again too!
Here are the links to the different streams. The source page is here.
Friday Feb 5th, 2010
One Track Mind
Saturday Feb 6th, 2010
Build It
Break It
Bring It On
Sunday Feb 7th, 2010
Build It
Break It
Bring It On
I'll be watching as much as I can. You should too!
-Kevin
DOWNLOAD ISSUE 24 HERE (February 2010)
- Writing a secure SOAP client with PHP: Field report from a real-world project
- How virtualized browsing shields against web-based attacks
- Review: 1Password 3
- Preparing a strategy for application vulnerability detection
- Threats 2.0: A glimpse into the near future
- Preventing malicious documents from compromising Windows machines
- Balancing productivity and security in a mixed environment
- AES and 3DES comparison analysis
- OSSEC: An introduction to open source log and event management
- Secure and differentiated access in enterprise wireless networks
- AND MORE!
I am installing a new theme over the next few days so I expect some hicups and snags around here. I apologize for any issues you may have, but things should be back to normal in a couple days.
-Kevin
I have submitted a topic for consideration for Security BSides San Francisco 2010 which happens concurrently with RSA.
For those not familiar with Security BSides, the following is from the website:
What is BSides?
BSides is an ad-hoc gathering of information security types born from the desire for people to share and learn in an open environment. It is an intense event with discussions, demos and interaction from participants. It is entirely community driven. It is where conversations for the next-big-thing may be happening. We've followed the BarCamp format... because it works.
My topic:
- Title: Discussion: What Makes a Good Risk Management Practice?
- Abstract: All of our organizations have to manage risk, specifically information security risk. What does it mean to do that well? What are the moving parts that make up a good risk management practice? This discussion/panel/talk will not focus on assessment methodologies or frameworks. It will also not focus on the "information security program." We will spend some time focusing on the other moving parts of a risk management practice. Engagement with our business partners, how we bring it all together, how we can manage the inputs and outputs of the risk management process, etc. It will be an opportunity for those interested to share and learn from each other.
This topic is modeled after the RSA Peer-2-Peer sessions in that it is not a presentation. I anticipate a discussion where we can all contribute to the conversation and try to define what we it means to build a good risk management practice in our organizations.
Please vote for my topic by tweeting the following if this sounds like a conversation you'd like to be a part of:
@SecurityBSides I vote for “What Makes a Good Risk Management Practice?” by @kriggins #BSidesSF http://bit.ly/BSidesSFtalks
-Kevin
I made a small update to the Backtrack 4 - Bootable USB Thumb Drive with "Full" Disk Encryption how-to.
Some people are having issues with the xts.ko module not getting copied to the initrd image. This makes the the root and swap partitions unmountable because the encrypted partition can't be opened. Most have been able to correct this by redoing the install, but I wondered if maybe a consistent modules file would help, i.e. don't require the user to edit the file.
To that end, I have modified the how-to. I created a preconfigured modules file like I did for the two pvcrypt scripts and added the wget command to download it. I also added what the contents of that file should look like.
Both the on-line how-to and the pdf have been updated.
Note: The video does not show this step. It still shows the manual method.
-Kevin
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=83b0b788-6b29-435b-b4f8-0ae86e0a9e27)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=4c266037-76a8-43ef-970f-2158e576d204)
Commenting vs Being Nasty
by kriggins on March 29, 2010
in Announcement, General
I am a big fan of comments on this blog. I really enjoy interacting with those who visit.
I am not a big fan of people who feel it is necessary to leave extremely nasty and vile remarks. Luckily, that hasn't been too much of a problem until today.
Today, somebody left a comment on the FBI Citizens' Academy post that was not aimed at having conversation about the topic. The author's only intent was to call me names and say how bad the FBI is.
If the author was interested is discussing why he thought I should temper my enthusiasm, I would have left it there and responded. I actually started out editing the comment to remove the insults and innuendos I don't want my nieces and nephews to see
and then typed a reply.
Then I stopped.
The author didn't leave a legitimate email address and used an anonymous proxy to hide his IP address. If he didn't want to be contacted about his views, I sure wasn't going to waste my time addressing them.
Anyway, in light of this experience, I thought it time to make it clear what my policy is regarding comments on this blog. So here it is and it's really simple.
Comments Allowed
Comments Disallowed
That's it in a nutshell. Please feel free to weigh in, just keep it civil
-Kevin
{ 4 comments }