Yes that seems like a generalization, but it is partly based on my own experiences. We seem to be great at talking to each other about what the message is, but if we’re talking to another “non-info security” professional, we can’t explain things in ways that work.
Thinking about the devices that are supposed to make it possible for Tor user friendly for mass market consumers. These are boxes like the Onion Pi, Anonabox, TorFI, Cloak, etc. I think the designers are missing a few things.
Selil, and I were talking about education before his panel talk. The thing that stuck me was his analogy of how education works. High school is about making people consumers. The Bachelor degree is about making sure people have knowledge and skill to make things. The grad schools after that are about focusing and specializing. Masters degrees are more skilled and focused than the Bachelor. The Doctorate degree is the pinnacle of focus. Thinking over some of the conversations I had at Derbycon, that makes a great analogy for our industry too.
Here is how I saw the the pyramid structure above fit to our industry’s conferences.
The Attendee badge holders really are the equivalent of the high school graduate. Some of them are just getting in to the industry, while others are just the consumers of what we have to say.
The Bachelor grads are mostly the vendors. They have things they make to be consumed in mass. This isn’t a bad thing. And some of them are groups, made up of people of different levels.
The Master and Doctorate students and grads would be the speakers. The specialized knowledge and content that the consumers are there to learn. Some of us are better than others, but we’re all the ones digging deep and submitting the talks. Yeah sometimes people at this level are at the con and not speaking for various reasons.
While I love Derbycon, and the people I meet, I think I’d like to see less of the consumers. I’m not saying become elitist and not invite them, I’m saying I want to see those of that have specialized in things enough to give talks to encourage others to get up and talk too. I know you can’t have a con with 2000 speakers, but I think we need to get people out of the consumer side and in to the skill and knowledge side.
This semester, the first quiz in each of my Information Assurance classes was to gauge the skill of levels of the class. I liked that, I think it would have been good last Winter if the Digital Forensics 2 class would have done that.
It gives the professor a better way to know what people’s skills are, which should improve the class. It gives the professors a way to help students that are a little behind. it’ll also hopefully allow the professor to make the class harder for some of us.
Back in May and June, I did a project for school with 6 Raspberry Pis to build a WIDs. It went good. I wrote an article, I’m waiting to hear back if it’ll get published.
After the project, I had 6 Raspberry Pis kicking around. I have a project I want to work on, that could lead to another article. I just need to build my skills up to that first.
To get there, I wanted to build an Onion Pi. This will tie in to another project I’m working on. As some of you know I’m a fan of The Onion Router (TOR), especially when I’m doing Intelligence related research. The Onion Pi would be a good thing to have in the bag of tricks.
To get the Onion Pi working, I needed to go through the Adafruit Wifi Access Point. This is the second time I build an AP. This one is just a little different than last time. This time instead of an Edimax wireless card, I went with one of my TP Link TL-WN722Ns. I wanted the external antenna. I was using the 2014-09-09_wheezy_raspbian image.
Hostapd didn’t work right. It kept throwing errors on start about nl80211 not being a known driver. I had to build hostapd from source, which needed to have libssl-dev and libnl-1.1 installed, to get hostpad to build right. Then I needed to copy my built version into the right place.
I also had problems with isc-dhcp-server and tor starting. It looks like wlan0 isn’t starting properly. I’ll have to troubleshoot it more later. Adafruit has a comment about disabling wpa_supplicant. I don’t know if that will fix the problem though. I’ll follow up after.
Haven’t written in a while. I’m still waiting to hear back on a project, before I can write about it here.
This term I’m taking Ethical Hacking, Network Forensics, and Elementary Statistics.
Each of those deserve a post on their own. Because of Ethical Hacking, I got the latest version of “The Basics of Penetration Testing and Hacking”:. Turns out I had half the books for Network Forensics already (the other one was on my wishlist), so that’s a bonus too.
We won’t talk about Stats, I have nothing nice to say about it.
If all goes right, I should be done with undergrad in December.
I picked up “On Writing Well” by William Zinsser (Amazon affiliate link), a little over two years ago. The book came up as something worth reading by a professor. It’s been one of those books I always meant to get to, but could never find the time.
A while back I grabbed copies of both Practical Anonymity — link goes to my review — and the Incognito Toolkit (Amazon affiliate link), I think the former should have been more like the latter. The biggest complaint I had about Incognito was that it was self published. It showed in the writing.
I got a copy of Practical Anonymity by Peter Loshin a while back via O’Reilly, had a sell on it. I finished it about two weeks ago. For what it sounded like it would be, I’m disappointed. I was expecting something more along the lines of “How to be Invisible”. For what it was, it was pretty good.
The news wires reported General Keith Alexander moved in to the private sector, and offering his services to finance companies for a million dollars a month. This is the person that took control as the director of the National Security Agency on August 1, 2005 and left in October 2013 (Wikipedia). Remember, that was after the Edward Snowden leaks came out.
Which really leads one to wonder were those really leaks, or was that a case of we know this is compromised lets make it public knowledge so we can hide the real data. Here is an interesting thought, is Snowden really still working for the U.S. Government?
If you’ve read the Cryptonomicon or seen the Sherlock episode “A Scandal in Belgravia“, you probably know what I mean. For those that need a quick refresher – let assets of lower value go, to hide the assets of higher value. Blow up planes with dead people on them, instead of letting real passenger jets get blown up. Let a German U-Boat sink a freighter or get past the blockade to keep them from realizing that the codes are broken.
The C-Levels at banks should be asking some hard questions if Gen. Alexander is showing up offering them service. Like what really happened on the Snowden watch. How does that failure make his people qualified for the private sector’s needs? Yes while Gen. Alexander may have some Government related attack sources, we already have that in the private sector with Infragard, and the different breach reports.