The Catalyst Career Compass Program

by kriggins on February 16, 2010

in Announcement, Career

If you are employed, you have a job, but do you have a career? Do you want one? What do you want it to look like?

If you have a career, is it going where you want it to? Need some help from a supportive and objective partner who will lead you through a critical assessment of where you are and where you want to go?

Michael Santarcangelo is starting a new service called the Catalyst Career Compass program over at the Security Catalyst. From the description:

Career Compass Overview

Whether you are currently a Security Professional or want to become one, this highly flexible program will help you set and meet your professional ambitions while serving lifestyle goals.

Set your Career Compass:

  • To prepare for a raise
  • To receive a promotion
  • For career development
  • If you are ready to move into the security field
  • To find a new position (within your current company or outside it)

Michael is truly dedicated to helping others. He is looking to iron the wrinkles out of the program with a first batch of guinea pigs...I mean...beta testers 🙂

Check out the post and let Michael or me know if you are interested in participating. I truly believe that you find great benefit from working with Michael and also a new good friend in the process.



I meant to mention this again earlier this week, but forgot to. ShmooCon will be live streaming the entire event this year. The conference starts today at 3:00 EDT.

If you are not familiar with ShmooCon, here is a tidbit from the conference website:

Different • ShmooCon is an annual East coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks, One Track Mind. The next two days, there are three tracks: Break It!, Build It!, and Bring It On!.

Affordable • ShmooCon is about high-quality without the high price. Space is limited! ShmooCon has sold out every year, so unless taking a chance on an eBay auction to get your ticket sounds like fun, register early!

Accessible • ShmooCon is in Washington, D.C., at the Marriott Wardman Park Hotel, just a few steps from the D.C. Metro. Fly into DCA, IAD, or BWI, or take a train to Union Station, and you are just a quick cab ride away from the con

Entertaining • Brain melting from all the cool tech you are learning? Check out some of the contests running at ShmooCon, including the Hacker Arcade and Hack-Or-Halo. In years past, we have also thrown massive parties at a local area hot-spot, so expect that to happen again too!

Here are the links to the different streams. The source page is here.

Friday Feb 5th, 2010

One Track Mind

Saturday Feb 6th, 2010

Build It
Break It
Bring It On

Sunday Feb 7th, 2010

Build It
Break It
Bring It On

I'll be watching as much as I can. You should too!


Reblog this post [with Zemanta]


I made a small update to the Backtrack 4 - Bootable USB Thumb Drive with "Full" Disk Encryption how-to.

Some people are having issues with the xts.ko module not getting copied to the initrd image. This makes the the root and swap partitions unmountable because the encrypted partition can't be opened. Most have been able to correct this by redoing the install, but I wondered if maybe a consistent modules file would help, i.e. don't require the user to edit the file.

To that end, I have modified the how-to. I created a preconfigured modules file like I did for the two pvcrypt scripts and added the wget command to download it.  I also added what the contents of that file should look like.

Both the on-line how-to and the pdf have been updated.

Note: The video does not show this step. It still shows the manual method.



This is just a quick note to introduce the video I made using my Backtrack 4 - Bootable USB Thumb Drive with "Full" Disk Encryption how-to. You can find the video here.

As always, comments, corrections, and suggestions for improvement are welcome.


{ 1 comment }

The Backtrack 4 Final release happened today.

Both the Backtrack 4 USB/Persistent Changes/Nessus how-to and the Backtrack 4 with "Full" Disk Encryption how-to have been updated to reflect this release.



I made some minor updates to to my Backtrack 4 – Bootable USB Thumb Drive with “Full” Disk Encryption.

I fixed a few typos and added a section towards the end that shows how to mount your encrypted volume from the Live CD/USB drive in the event you have issues and need to fix things.

I also added a bit that should get rid of the 'can't find modules.dep' warning that appears at boot time.


{ 1 comment }

I have made an important update to the Backtrack 4 USB "Full" Encryption How-to.

I forgot to include the step where you select the drive install the boot loader to. Missing this step can cause the operating system on the machine you are using to not boot. Please review the how-to.

Below are some links to instructions on repairing boot records for a few common operating systems in case I am too late with this update:

Windows XP:

Windows Vista/7:

Ubuntu Linux:

I apologize for any issues that may have occurred due to my oversight.



I have published my latest Backtrack 4 how-to.

Backtrack 4 - Bootable USB Thumb Drive with "Full" Disk Encryption

This is a step-by-step guide showing how to create a encrypted bootable Backtrack 4 USB thumb drive. I put quotes around full in the title because technically the whole disk isn't encrypted.

We use LVM and the native encryption routines included in Ubuntu 8.10 to encrypt all partitions except for a small boot partition that never contains any data.

This how-to is a departure from the persistent install method I have documented in the past. It also means we don't have to mess with Truecrypt or do the home directory shennanigins we were going through. I will be incorporating it into the main how-to in the near future.

As always, I am interested in your thoughts and feedback.



I am very pleased to announce that my Peer2Peer session submission for RSA 2010 was accepted.

Here is the definition of a Peer2Peer session from RSA in case you are not familiar with them:

Have a security issue you would like to discuss with your peers? Want to share your experiences with a new technology? Care to explore best practices with colleagues? Then submit a P2P session!

Peer2Peer sessions are limited to 25 people who share a common interest and want to discuss or learn more about a particular security issue. The sessions are interactive and moderated by someone who knows the subject at hand and also can keep the conversation flowing. No PowerPoint allowed!

The first Yay! is that you won't be subjected to a PowerPoint; the second is that you will get to help shape the conversation and learn from your peers.

The title of my session is Risk Management: Getting Engaged.

Before we can effectively practice risk management in our organizations, a number of things have to happen. One of the key things that must occur is getting our business partners to engage with us. In this Peer2Peer session we will explore different ways to capture our business partners attention so that we can effectively and efficiently provide the risk management activities that help our organizations make appropriate risk based decisions.

Here are the details:

Session Track: Peer2Peer
Session Code: P2P-203B
Scheduled Date: 3/3/2010
Scheduled Time: 10:40 AM - 11:30 AM
P2P Session Title: Risk Management: Getting Engaged

I hope to see you there!


Reblog this post [with Zemanta]


If you do any sort of technical writing on WordPress, you have likely run into the wonderful little quirk of it turning your lovingly formatted double dashes '--' into singe em dashes. Rather annoying.

To add insult to injury, the silly thing shows them as double dashes in the editor, but then renders them as em dashes when viewing the post, making it next to impossible to know what is going on.

I thought I had it fixed at one time, but apparently the behavior snuck back in. I finally got tired of writing "those are two dashes not one" all over the place and went in search of a better answer.

Lo and behold I found one. Peter Cooper had the same problem and figured out how to take care of it. You can see his post here. His is for WordPress 2.5, but it also works for 2.8.x. I have combined his directions along with some info from the comments on his post here just in case I need it again and can't find it 🙂

Update: After I posted this, one of my friends on twitter, Chris John Riley, offered up another option. Add an HTML comment with just a space between the dashes. You will have to do this in the HTML view instead of Visual view of the editor. It will look like this:

-<!-- -->-

As I said to him, definitely less intrusive, although, with the method below, I just double dash away and don't worry about it 🙂

Thanks Chris!

WordPress has a built-in function called wp_texturize(). The purpose of this function is to make your beautiful prose lovely to look at too. 🙂 Unfortunately, for those of use who do technical writing, it also completely mucks up some of our stuff.

To stop this from happening you need to edit the functions.php file in your current theme. This file is in your wp-content/themes/<your theme> directory.

All you have to do is add the following three lines to the end of the functions.php file.

<?php remove_filter('the_content', 'wptexturize'); ?>
<?php remove_filter('comment_text', 'wptexturize'); ?>
<?php remove_filter('the_rss_content', 'wptexturize'); ?>

These lines tell WordPress to quit mucking with punctuation in the main content, comments and rss feed. If you want to allow it to do so in any of the three, just omit the appropriate line.

Here is my functions.php file for reference:

  // Current version of K2
  define('K2_CURRENT', 'hidden cause you don't need to know');

  // Is this MU or no?
  define('K2_MU', (isset($wpmu_version) or (strpos($wp_version, 'wordpress-mu') !== false)));

  // Are we using K2 Styles?
  define('K2_CHILD_THEME', get_stylesheet() != get_template());

  // WordPress compatibility
  @define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' );
  @define( 'WP_CONTENT_URL', get_option('siteurl') . '/wp-content' )

  /* Blast you red baron! Initialise the k2 system */
  require_once(TEMPLATEPATH . '/app/classes/k2.php');
<?php remove_filter('the_content', 'wptexturize'); ?>
<?php remove_filter('comment_text', 'wptexturize'); ?>
<?php remove_filter('the_rss_content', 'wptexturize'); ?>

One final note, this also affects all other punctuation changes, so you won't get smart quotes, etc.