Whitehouse security breaches and Balloon hoaxes

The two that broke into the whitehouse have done this sort of thing before, they take the Captain Janks idea (a frequent crank caller to popular media shows and contributor to the Howard Stern show) a few steps further by actually being there. In this case, simple social engineering accomplishing a physical breach in places this absolutely should not happen is the joke.

The recent balloon hoax, where a large balloon was launched into the sky with a fictional child trapped in the basket below (he was later found safe but hiding) had caused rescue efforts to waste resources and time. The media was fixed on it in a way similar to watching OJ Simpson's Bronco glide down the road doing nothing for several hours.

Tiger Woods, popular golfer and manicured by a force of public relations people to be the perfect celebrity, showed he was human and made a "gasp" mistake. It was an interesting one, after a fight with his spouse he crashed his car into a tree. Tiger is doing the opposite of the others in controlling the story, he is trying to hide from it. He is worth an estimated Billion, and there are a lot of people that suck off his success that do not want his archetype tarnished. This only makes the media more curious.

ISOC recognizes six elements to social engineering: Authority, Scarcity, Liking, Reciprocation, Commitment, and Social Proof. Perhaps a seventh principle should be added: Entertainment.

Should Windows be Free?

There are different meanings of "free" in this conversation. As the phrase goes "Free as in speech, not as in Beer". In one case free refers to open sourcing the code, and in the other, it means being available free of cost or licencing fee.

I suppose my question could be interpreted either way. In the free of cost point of view, they did with IE back in the Netscape era, and giving away Windows would certainly impact competition with Linux and Apple.

Some argue that Microsoft's own practices propagate much of the security issues we have today for example, if Windows was free this wouldn't happen (http://www.pcmag.com/article2/0,2817,2355982,00.asp). We would also not have to worry about Virtual Machines being considered entirely knew instances of the computer. The world would be such a simpler place if there was no need for hacked copies of Windows operating without security updates. How much of the botnet activity on the Internet can be traced to this? Consequently, I would be out of a job, as would entire research companies.

I won't get into the economic dilema's of solving problems entire industries are built around, but the term "disruptive technology" comes to mind. What would be more disruptive than an Open Source Windows OS? If Windows 7 was believed to be secure, and the average price of a laptop or desktop was nearly a factor of 10 less than Macintosh ($300 vs $3000 after hardware upgrades) how would that impact Apple? If the Open Source community were willing to use Windows would Linux be necessary?

Either way, an alternative revenue model would have to be created. Programmers deserved to be paid too. Whether this would be any better or worse than what we currently deal with would remain to be seen.

CEH Review Guide is Released !!

The process of writing was extremely interesting. Being my first one, I learned alot that will make the next one twice as easy so I definitely hope to do this again. Thanks to Larry, Nick and Barry for their help along the way.

Cengage was a great publisher to work with as well. So if any others out there get the chance to write for them, I highly recommend it.

The book is available on Amazon. The ISBN number is: 1435488539

A Reminder About Using Wifi On The Road

I while back I performed a test using my AirPcap NX on an airplane that was offering GoGo inFlight service. I sampled about 3 minutes of traffic in Wireshark and parsed it using a tool called "Network Miner".

Short story, I saw that people were using Facebook and in two cases could connect photographs I captured to people on the Airplane. Others were booking Hotels for their business trips (persumably), and some were login into places that revealed passwords because they did not first establish a secure tunnel. That as far as I went with the test, the point was made.

I got to thinking abut how many mobile devices such as Cell phones come with WiFi connectivity. Perhaps to save on data costs, they could be set to automatically switch to Wifi when a network is available. This means a cell phone that is normally extremely difficult to breach, would be placed on an unsecured network and become susceptible to sniffing, MiTM attacks, and the whole gamut. Why on earth would anyone want to do that? Buy an unlimited data plan and turn WiFi off.

Keep in mind that public wifi is still public wifi, even when you are using a phone instead of a laptop. The Airplane technology mostly wants you to stay on the gateway long enough to give up a credit card and pay the $10, after that, you are one your own unless they change the technology.

Teaching Abroad - Germany

I recently completed a trip to Germany to teach a CEH class. This was my first experience there. It turned out to be a wonderful place and the entire process could not have been better or more enjoyable.

A couple noteworthy items for future reference:

The battery life of a netbook + its portability were invaluable on this 15 hour flight. I got a lot done and hardly noticed the time.

When renting computers for a classroom in another country, specify English. Our version of XP in the classroom computers was German, and so were the keyboards. We worked through it, but and thankfully the students were good sports about it and mostly thought it as funny.

Also, get to the location a day early or leave a day later. The class will take up all your time, so be sure to play tourist and see some things too.

Third, since most of what we do in CEH is illegal in Germany, even to possess the tools in some cases.......well I am not quite sure what to about that :)