02/07/2010

Depression in Men

Whoa...

"Depression in men can have devastating consequences. The CDC reports that men in the U.S. are about four times more likely than women to commit suicide. A staggering 75% to 80% of all people who commit suicide in the U.S. are men. Though more women attempt suicide, more men are successful at actually ending their lives."

I've spent a good chunk of today reading up on health issues of all sorts and this was the only time I paused for impact. Then I thought back on friends lost and realized I've known many men but no women who have ended their own lives. I just thought that was a function of the types of work and company I kept. I didn't realize it was such a general statistic.

While mental health is on my fingers I suggest the book "Crazy Like Us" for your reading list. Cheers, -Pk

02/07/2010 at 21:55 in Health | | Comments (0) | TrackBack (0)

| | |

Four links for equals sexteen

  • Stop trying to build the tallest buildings and start doing more of this. And tell me The Hole House, being in Texas and all, doesn't just scream "Clint Eastwood was here."
  • Some creatures have very reasonable expectations for their lives. And maybe some need to set their goals higher. Maybe.
  • Nerf warfare is the only mandatory training actually needed in a corporate environment. And thus the only hacking universally condoned in all corporate policy handbooks is Nerf modding.
  • The Nintendo Wii's nunchuk controllers are innovative, yes. But this traditional control pad with biohaptic-enabled response if really what gamers want.
You cannot get those few minutes of your life back. They are gone. Forever. You're welcome. -Pk

02/07/2010 at 18:33 in Uncategory | | Comments (0) | TrackBack (0)

| | |

What e-readers need next

As I continue to donate, Freecycle, and occasionally burn my book collection my requirements of e-readers get more complex. And for my purposes only e-ink devices will do (so no XXXL iPhone). Here is a short list of what I think is missing from the currently announced crop of e-readers.

  • Security. You want me to put my engineering documents, presentations, etc. on them but you have no defined security model, encrypted storage, over-the-wire self-destruct, etc.?
  • External display. Again, carry my documents but can't get them via cable or BlueTooth to a projector?
  • Integration with BlackBerry Connect and similar services for email and calender use.
  • Support for multiple profiles for family use along with the already established multi-device syncing capabilities. Just set two or three of these around the house for the whole family to use.

If you can manufacture a fully-capable tablet computer with e-ink display and days worth of battery for cutthroat prices then great. Until then I don't expect tablets, regardless of who backs them, to take away from the Kindles and Skiffs of the world. Third-party developers will start porting CRM, ERP, and other resource planning systems to e-reader devices too. I also expect e-reader rentals with unlimited access to news and books to be available at airports.

Of course this is all a matter of preference really so we'll see how the market shifts. -Pk

02/07/2010 at 14:22 in Books | | Comments (0) | TrackBack (0)

| | |

02/06/2010

Distributed Static Code Analysis?

Every few weeks I check BOINC hoping to see some really intriguing project that solves impossible problems... like women, the perfect salsa, or pitching for the Red Sox. And I continuously try new projects only to end up back on SETI.

So I'd like to call out to SourceForge, Fortify | Ounce | Coverity, and the community to develop a distributed software assurance system for Open Source software. The idea would be that checked-in code would automatically be queued up and distributed in functional units to participants. All the same Distributed.net concepts with teams and some monetary award from sponsors could apply. The vendors who participated would also get valuable testing feedback and earn karma points with the community that would carry into the closed workplaces.

Add on top of the basic functionality the opportunity for education! Throw all the automated findings in a public queue for registered SourceForge users to review and generate patches or identify false-positives. Let users rate solutions up and down and you've got a treasure-trove of information for the comp.sci crowd.

Screw this.... I want in! Who came up with this idea? Are they looking for contributors? When did I start dash-ing everything? -Pk

02/06/2010 at 20:55 in Security | | Comments (0) | TrackBack (0)

| | |

02/05/2010

Good deeds

I tend to get asked about or to do the things you don't ask other people. Well, let me clarify.. I tend to get asked VERY PUBLICLY. A funny story comes to mind.

It happened seven years ago while I was at work in a conservative corporate Engineering department. News had broken that another Engineer had been passing counterfeit bills all over creation. And because eventually uber-stupidity had to strike he started passing fake Franklins at casinos. So we're all at work and a coworker calls over from a few rows and asks me how somebody would make such high-quality counterfeits. The rest of the scene involved people gathering around my cube honestly expecting an answer. When I explained kindly I actually don't have experience in counterfeiting "US currency" they suggested maybe it was smarter that I tried other currency first *blinks*. Oddly enough my departure from this company probably didn't do anything to clear their minds of those misguided questions.

It would follow that my good deeds sometimes are a little off too. Again, if it's amongst friends it's not a big deal. Most people who bother to read this post do all the things I do at the very least. I think the only difference is people ask me in public or strange situations. As if ~everyone~ should know that I'm not quite all together normal.

So today three situations happened that I could only laugh about...

  • This morning while I was taking the garbage out a neighbor called over to me and asked if I could help them. Break into their own house. Very specifically suggesting SHE thought I might know how to pick locks. I don't know this young lady (I know she lives there) but something about me called out to her "BURGLAR!"... Guys might ask other guys about this but I'm simultaneously vibrating breaking-and-entering and safe-to-ask to this woman? I tried not to chuckle as I grabbed my bumping keyring and went to open her front door. When I came back over she was on the phone with a girlfriend exclaiming how cool it was. She tried to give me a tip.
  • While I was at the local indoor bazaar one of the employees at the Verizon kiosk decided to ask me, from about twenty feet away, if I knew how to get a fake Facebook account. Again... FTW kind of vibes am I giving off? I pointed him to FNG and told him Facebook actually didn't know it wasn't his real name. I'm curious to know what all the other people wandering around were thinking when they looked at me. To top it off I had Ceridwen with me in her stroller so my vibes must also include daddy did time.
  • The third was much less awkward.. the corner gas station clerk asked me while I was trying to prepay if I could show him how to "fake Google". After a minute I figured out he meant futzing with the user agent string. I took him to User Agent Switcher on his little netbook and was on my way. Still paid full price for the gas so he isn't getting anymore free support from behind the plexishield. Seriously though, isn't it bad enough every gas station clerk always has a wireless headset on and a conversation about cigarettes and money? Do I need them bypassing registration to some support forum for frostie machines?
I just realized I want to choke on a turkey leg. My pheromones don't work right.... they carry signals from the geek corners of the Internet. I think I'm going to cry pcaps. -Pk

02/05/2010 at 22:55 in Uncategory | | Comments (0) | TrackBack (0)

| | |

God's Waiting Room

They call Florida God's Waiting Room and I hope I don't have to explain that.

And it appears God now has a faster processing system! Florida is turning into Swiss cheese. -Pk

[ Dear Gods, I'm just joking around. Please don't take my parents, brother, or uncle who live in Florida. Err... I mean. Umm. Thank you, -Pk ]

02/05/2010 at 12:32 in Uncategory | | Comments (0) | TrackBack (0)

| | |

02/04/2010

Incident Response - Swarm style

A former colleague asked me to recommend some reading material for incident response during active attacks. I'm sorry to say I can't possibly be happy with this post because I know him, his environment, and his unique challenges. And if I drop specifics I might end up in a Legal tussle with a Rhino.

With that said let me throw a few things out there...

  • A response is best begun when you're sure you can respond thoroughly and continuously. A panicked response will cause you to lose footing and give away certain operational advantages. To that end the first order of business should be covered in the basic CERT CSIRT resources.
  • Make sure you readily create attack trees against your own infrastructure. And read "Chained Exploits" and "Malware Forensics" as soon as feasible.. relating and refining your own attack trees. Get your team and other resources lined up and run through whatever fire-drills you can. I suggest talking to your industry peers to setup competitive exercises if feasible. [ UPDATE 02052010: Two people complained about Chained but the point of that book is to understand combined threats used in tandem. Not just one-off really clever and interesting exploits. Which is why I linked it to attack trees in this context. -Pk ]
  • If you're always in an Incident Response it just means you finally know what's going on. I'm only half-joking...
  • The SANS WhatWorks in Incident Detection/Response series will always be useful in this regard but unfortunately I'm unaware of video recordings of the sessions. However, take a look at the agenda for 2009 and you can search backwards using the speaker names and topics. Register for 2010.
  • The Tracking GhostNet presentation is definitely worth reviewing and is still fairly current in the broad sense. I expect many vendors and companies to come forward with their own APT stories shortly so setting a Google News/Blog alert is a good idea too.
  • And then tons of stuff and links off of the FIRST Best Practices and Security Reference sections. If you're a FIRST member there is even more tasty goodness on their site.

I'm sorry to say I can't really narrow it down more than that... there isn't just a short list that jumps out at me as comprehensive or even reasonable per given event *shrug*. Cheers, -Pk

02/04/2010 at 22:49 in Security | | Comments (0) | TrackBack (0)

| | |

Start planning Mitnick's Sweet 16

My my, it has been only fifteen years... err.. it's been fifteen years already?

Sometimes it seems like something that happened before I was born but nevertheless, Mitnick was the defining hacker identity for quite a few years. Like it or not.

So I think BlackHat, DEFCON, ShmooCon, CanSec, etc. should all have Sweet 16 reviews of the industry with Mitnick as host. Get some other, pardon the expression, old-timers up on stage too..... I'd love to see Zimmerman, Ranum, and some semi-retired characters up on the stage. Mitnick should have to wear a Disney princess costume for at least part of it though. -Pk

02/04/2010 at 15:00 in Security | | Comments (0) | TrackBack (0)

| | |

The Kremlin Wars

Everybody has their opinions on STRATFOR or that sector in general but I encourage you to request a free copy of The Kremlin Wars: Searching for the Minister of Organized Crime.

"The battle for the control of crime syndicates would be highly explosive in any circumstance or in any country. But when it is combined with the ongoing Kremlin Wars — and when it involves OC organizations with reach, clout and capacity as great as Russian OC’s — the conflict will be exponentially greater."

Somebody call Oliver Stone... this is going to get interesting.

While Italian and Japanese Organized Crime (OC) get a lot of cult attention the Russians and Chinese have their Guv'ment-OC integration down to a science too (in the US we just call it Congress). -Pk

02/04/2010 at 02:36 in (Geo)Politics | | Comments (0) | TrackBack (0)

| | |

02/03/2010

#WednesdayWanker

This tweet caught my eye as just stupid.

@fmanjooIt's fine to say retard when you just mean stupid. Just like it's OK to say lame, moron, idiot. Nobody thinks you mean disabled people.

If you go to his Twitter you'll see that it didn't end there..

I am the last person to be readily and fully politically-correct. I think it's gone well beyond sensible in most settings. However, once you say something and people disagree, to continue tweet after tweet trying to pragmatically and logically justify offending people is silly stupid. Like my grammar, just silly stupid.

So an unfollow click later this Wanker (see, not PC!) is off my list. -Pk

[ It should be noted that I've volunteered many hours to mentally disabled children and have seen the hurt the random use of that word can cause. -Pk ]

02/03/2010 at 23:26 in Uncategory | | Comments (0) | TrackBack (0)

| | |

Next »
My Photo

About

Search


Categories

February 2010

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28            

Twitter

Archives

License

  • Creative Commons License