"Stop Watching Us Rally" - How I wish I could be there!

     I recently gave a presentation entitled "NSA Wiretaps are Legal and other Annoying Facts." I am not a lawyer and maybe I got some things wrong. I am ok with this since my point was to get the community talking. The basis of my talk was that the NSA is performing many surveillance actions at the direction of the President, under the guise of crappy law written by incompetent lawmakers in Congress, and with the aid of a Supreme Court and a legal framework that couldn't care less about the Constitution. I made mention of the rally put on by Stop Watching Us. My only regret is that I cannot be there in person. That is why I am writing this. I want to get the word out!
     Please use the link to check out Stop Watching Us and sign their petition (571,000 have signed so far). Also, sign up for their rally. If you cannot go to DC on such short notice, fine, you can attend online. After you do this, please use these 2 links to find you Representative and Senator. When you find them, send them an email AND fax. Then call them! This has to STOP!
     Don't stop there. Think long and hard about supporting the EFF and their Constitutional campaign.

I will leave you with a quote from one of our founding fathers. Keep in mind that these guys were in the midst of throwing off the yoke of tyranny and the blood was still in their mouths from the fight.

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."

Benjamin Franklin, Historical Review of Pennsylvania, 1759
US author, diplomat, inventor, physicist, politician, & printer (1706 - 1790)

Hack3rCon^4: Eye of the Storm

     What do you get when you mix Information Security, prepping, and technology with mountains, makers, and moonshine? Hack3rCon! I was fortunate enough to both attend and speak/teach at Hak3rCon^4 this year. This is my second time to attend Hack3rCon and I was not disappointed. For the meager price of $75 the attendee will be privy to cutting edge tools, "A" list presenters, and fellowship.



     This year's con began on Friday with a community driven class on the installation and use of the new Kali Linux BackTrack load. This class introduced the novice to the tool. The relaxed setting and knowledge of the instructor set the tone for the weekend. Students learned that installing and setting up Kali is easier than earlier versions and is not as frustrating for noobies. Friday ended with an @HackerFamilyDinner at a local steakhouse.
     Saturday began with Dave Kennedy as the keynote. As always, Dave captivated the audience with his simple way of communicating the holes in security "best practice." After all, just because the masses are doing it, doesn't mean that it is best. He wrapped his presentation by performing a quick demo of his new tool [working title: Pentesting Framework]. This was promptly followed by a series of outstanding presentations that ran until 5PM. After a short break for dinner, 304 Geeks treated everyone to a gun safety class (something you never see at a conference).
   The conference wrapped up on Sunday with another lineup of great talks, the wrap-up of the CTF, and several raffle drawings. People said their goodbyes and, as usual, teams were formed to tackle some hard infosec problems.
    My thoughts of this conference are all positive. The small size, usually around 100 people, coupled with the low price for a ticket and the caliber of the presentations makes this one of my favorite cons. I look forward to attending next year.

As always, videos for this con can be found at irongeek.com. Thanks Adrian!

I would also like to thank the rocking sponsors for making this con possible. This is the first time I have thanked sponsors on my blog. This should tell you something about the level of support.

Hack3rCon^4: Handgun Safety Course

     For those of you that attended my handgun safety course, and are wanting to file for your license in West Virginia or Virginia, you will be required to present a copy of my NRA Instructor credentials in addition to the affidavit. Please go here to download my credentials. NRA Card 

Hack3rCon^4: Notes and slide deck "NSA wiretaps are legal and other annoying facts"

I have had several people request my slide deck from Hack3rCon^4. Because of bandwidth and email issues, I have uploaded it and my notes here. Dropbox

The video of my presentation can be found on IronGeek's site.

Have fun and don't forget to speak with your elected officials often!

*****Note: I got a couple of things wrong in my presentation.
1) The coauthor of the 2nd Amendment that I was referring to is George Mason. Some really good quotes on the 2nd Amendment can be found here and here. Before discussing what the founders "intended," read what they actually said!
2) I eluded to the 17th Amendment as a joke but got the timeframe wrong. The 17th amendment forced States to hold direct elections for Senators in 1913. Prior to this, some States still allowed  Senators to be appointed by those State's governors. This intent of the 17th Amendment was to stop the corruption of Senators at the State level. This worked! However, Senators are now corrupted at the national level.

My EPIC week of FAIL! and better things to come

So, this week was a hum-dinger! I tackled some tasks at work that, well, didn't work. I finally started some high priority home projects that, well, FAILED! I decided that self deprecation is about the only thing I can get right this week so here it is...





WORK
Q: What happens when you spend hours creating a powerpoint presentation and import it into Captivate (like I have done many times before)?
A: It crashes your computer of course.

Q: What happens when you restore files from the midnight backup?
A: It does not restore the the last 6 hours of work of course.

Q: What else happens?
A: You also have to do another 5 hour FTP of Rachel-Pi.

Q: What happens when you change your password and forget what it is?
A: You continue an all day loop of forgetting and reseting your password.

HOME
Q: What happens when you root for the Jets while putting DD-WRT on that shiny new router?
A: You accidentally rip the power cord out of the back, bricking the router.

Q: What happens when you perform a "hard" reset (like I have had to do many times before)?
A: You listen to things go pop, watch the blue smoke escape, cry as the power light goes black, and cover your nose from the acrid odor.

Q: What happens when you root your old Android phone in order to get ready to play at SkyDogCon?
A: You remember that you stopped using the phone because it won't hold a charge longer than 1 hour!

Q: What happens when you decide to give up on all things electronic and you take the trash to the curb?
A: The Herbie cart slips out of your hand and trash spills all over the yard!

On the plus side, I will be starting a new blog series that will include learning a new tool, reviewing it, and interviewing the author. Many brilliant people have responded favorably to my interview requests and I will begin with Armitage and  Raphael Mudge. 

Oh, last but not least, I have been accepted to speak at SkyDog! This week was not a total FAIL.

I think I will sleep until Monday now.

What are you doing in May? I'm going to another BSides!

     BSides is one of the greatest ideas I have seen in a while. Its stated goal is to be a "community-driven framework for building events for and by information security community members." That leads me to the next BSides I will be attending. On May 17, 2014, the Ezell Center at Lipscomb University will play host to BSides Nashville.
     Looking at the list of organizers/volunteers, I can tell you this should be a quality event. This coupled with the location and the keynote speaker already slated to present is money baby!
     I had the opportunity to hear Brett Wahlin, the CISO of HP, speak (you still haven't accepted my invite on LinkedIn by the way). He came to the University of Kentucky HealthCare and helped to educate our IT staff on the importance of protecting the confidentiality, integrity, and availability of our strategic asset, data, without resorting to FUD. This is something very few people can accomplish. FUD usually creeps into the conversation in some way.
     Looks like I will need to start a new research project so I can have something new for the CFP (happening now by the way). See you there!

Make sure you check out the websites and follow them on Twitter for updates.
BSides Nashville website: http://www.bsidesnash.org
Security BSides website: http://www.securitybsides.com/w/page/67993467/BSidesNash2014

Twitter handle: @bsidesnash
Twitter tag: #BsidesNash

As always, feel free to comment.

   

Louisville Metro InfoSec Conference

     A small conference, in a big city. This year I attended the Louisville Metro InfoSec Conference. This is my third time to attend and will not be my last. The quality of presentations is always great and the small number of attendees give the con an intimate feel. This year, the highlights for me were the second keynote speech by David Kennedy (Burn it Down! Rebuilding and Information Security Program), the presentation by Adrian Crenshaw (Information Security in University Campus and Open Environments), and the lock pick area run by Kyle Stone.
     What can I say about Dave's speech. As usual, it was very entertaining. Start with a gut check, add a liberal dose of humor, and end with 5 key steps that will help any organization improve their business. Yes, I did say, improve your business. After all, no one wants to start a business to meet compliance. They want to make money. Watch Dave's presentation for more information.
     Adrian had a very interesting presentation. He helped the audience understand how an average college co-ed could wreak havoc on the open networks at universities. After all, most university administrators actually believe that creativity is stifled if you even attempt to secure your environment. He also highlighted the means by which IT and InfoSec can counter these "hackers." The presentation is heavy with links to tools but I recommend it since the tools are worth it.
     Finally, the lock pick village was the break I needed from the typical con burnout. There are few things better than picking up a couple of small pieces of metal and opening those wafer locks!
   

As always, the videos can be found on www.irongeek.com.