Security Musings

Security Musings

Information Security Travel Guide

Stephen Northcutt, an Information Security Researcher, United Airlines 1k, Writer and Instructor, documents the struggles of the travel and hospitality industries as we all face continually increasing energy costs. He and his peers share their travel experiences and give you quick tips and short reviews of the companies they do business with as they travel. If you came across this article because of a Google search, what you want is probably here, just use find with your browser (CTRL - F), it is easier than reading from top to bottom; however, you may get some useful tips if you stick around and read. Each major cluster of trips is documented in a separate file.

Other Related Articles in Information Security Travel Guide


Information Security Travel Guide Edition 11 - Stephen Northcutt


By Stephen Northcutt, Google+
Stephen Northcutt, your infosec travel guide, begins edition 11 on Kauai. His next two travels are to San Antonio for an onsite, then he gets some downtime on Kauai and then on to Baltimore for SANSFIRE. Then after a week on Kauai, off to Denver, Tokyo and San Antonio. In the mean time he will try to share about information security, a bit about the potential pandemic and any travel news that comes his way.

Information Security Travel Guide Edition 11 - Stephen Northcutt

[Wednesday April 29, 2009] Musing about the pandemic and other things on Kauai.

Social Media Risk

The risk of text messages. "Known as sex, lies and text messages, an illicit affair between Kwame Kilpatrick and Christine Beatty revealed they covered up their extramarital affair and when an internal affairs officer Gary Brown discovered this and other wrong doing, he was fired from his duties. Kilpatrick and Beatty have both denied that Brown was fired for this reason. They contend he was relieved of his duties for insubordination. A jury sided with Brown awarding him close to $9 million in damages."

Kilpatrick was married, and not to Beatty, so:
"I'm madly in love with you," Kilpatrick wrote on Oct. 3, 2002.
"I hope you feel that way for a long time," Beatty answered. "In case you haven't noticed, I am madly in love with you, too!"

In 2007, SkyTel turned over thousands of messages from the paging device used by Kilpatrick's top aide, Christine Beatty, in response to a subpoena in a police whistle-blower lawsuit. Text messages were subsequently obtained by the Free Press, which broke news of the scandal last year. They showed the mayor and Beatty lied at the whistle-blower trial.

Kilpatrick ended up in jail for 99 days.

= = =
"Six-term Rep. Mark Foley (R-Fla.) resigned yesterday amid reports that he had sent sexually explicit Internet messages to at least one underage male former page."

= = =
"Court documents filed on Wednesday reveal that the founders of ConnectU, who claim that Facebook czar Mark Zuckerberg pilfered their business plan and code, are touting new "smoking-gun" evidence against the 24-year-old billionaire. Facebook settled ConnectU v. Facebook in April, but ConnectU founders Cameron Winklevoss, Tyler Winklevoss, and Divya Narendra say a search for related documents has produced some results. Forensic expert Jeff Parmet was commissioned by ConnectU to trawl through Facebook hard drives after a court order opened them up for discovery in September. Under an agreement that he would not discuss anything with ConnectU except developer code, Parmet produced a collection of documents to Massachusetts district court judge Douglas P. Woodlock that included the aforementioned instant-messaging logs."
Source: http://news.cnet.com/8301-13577_3-9961058-36.html
Facebook has agreed to pay ConnectU's founders cash and stock as part of the terms of the settlement, but the exact amounts have not been released.
http://news.cnet.com/8301-10784_3-9983222-7.html

There is a pattern here. Data can be retrieved and it can turn the tide in a court case. According to InsideCouncil, "If information is potentially relevant, then it’s also discoverable."

@billbrenner70 just tossed out this excellent link on 10 reasons I will not follow you on Twitter. Nice!

The first US Swine Flu Casualty


Joseph Shaw wrote in with this touching piece.

There have been some updates since I sent that e-mail. Apparently the boy had some preexisting health conditions that complicated matters. Also, he is a Mexican citizen from Mexico City and was visiting family in Brownsville, TX. It is believed that he contracted the disease in Mexico City. The time line, according to the latest media reports, is as follows:

April 4: He and his family flew from Mexico City, Mexico to Matamoros, Mexico, and from there crossed the border into Brownsville,TX to visit family there.
April 8: He became symptomatic.
April 13: Admitted to hospital in Brownsville, TX, and immediately transported to Texas Children's Hospital in Houston, TX for treatment via medical transport.
April 27: The little boy passed away.

http://www.chron.com/disp/story.mpl/front/6398202.html

My thoughts and prayers are with his family.

Also, patient zero now appears to be a 5 year old boy from La Gloria, Mexico named Édgar Enrique Hernández. He became symptomatic in late March. Many people from his village came down with an acute respiratory infection that left two children dead, but he was the only one in his village who later tested positive for swine flu. And in Texas the unfortunate school teacher that gave birth before she passed was the first US citizen to die and with summer coming may be the only US citizen to die at least until winter flu season.

Upcoming Events


I got a note from Mike Pilkington about his upcoming Mentor class in Houston, here is the info:
Here are the links to SANS’ pages for the 2 mentor classes I have scheduled (SEC 617 Wireless in May and SEC 503 Intrusion Detection in October):

http://www.sans.org/mentor/details.php?nid=17869
http://www.sans.org/mentor/details.php?nid=18863

Or, you can just link to his site which has all the details and links to SANS of course: http://securityscaper.com. If you know someone in the Houston area that needs training, pass the info along to them.

[Friday May 8, 2009] Last night on Kauai


The weather on Kauai has been wonderful, we sent swimming almost every day. It is changing tonight in a subtle way, the winds tried to blow, then they went still. The ocean is glowing as the near full moon ascends. Half packed, can't decide whether to throw the remainder of the Jarlsberg cheese in my bag, I don't think it will make it if I leave it. I keep thinking of the song "On the road again":
http://www.youtube.com/watch?v=cSICoacOT60

I am a little sad to leave again, but also excited to see Hunter in Richmond and to meet the folks at Fort Sam Houston. With God's grace we will be wheels down in Richmond VA Saturday, if you want to tweet up give me a shout.

[Sunday, May 10, 2009] Happy Mother's Day Richmond VA


It is a nice day, we are going to a comedy club tonight, if I didn't say Happy Mother's Day on Twitter/LinkedIn/Facebook, it was because everyone else did. Kathy and I will be in Richmond for about a week. Plan to attend a Mentor session, if you would like to Tweetup there, let me know.

Clouding around, I am trying to at least get conversant with the technology/concept

VPC, Virtual Private Cloud, think I like the idea, http://www.kavistechnology.com/blog/?p=957
Link to Dave Linthicum video, scroll down, http://www.kavistechnology.com/blog/?p=877
My dog is going to be bigger than your dog? (We will see in two years) http://www.kavistechnology.com/blog/?p=907

[Thursday, May 14, 2009] Working from Home in Richmond VA


Today is Googlefail day, you realize that you are addicted to easy search. Read a fairly interesting article about how journalist use twitter, I continue to be confounded by the 140 character limit of the tool, but believe of its many purposes, journalism is near the top. With Twitter, anyone with a cell phone at the scene of breaking news can be a journalist. Here is the article:
http://mashable.com/2009/05/14/twitter-journalism/


[Saturday, May 16, 2009] San Antonio TX, in position for onsite

Both jets I flew were United regionals, UA8001 from Richmond to Chicago and then UA6064 Chicago to San Antonio. A major storm system is tearing up the country, but we were early enough and it did not peak today so we landed fine. A rainy San Antonio, how odd, everything is green, so different from all of my previous visits. They have more restaurants per square inch than any other city I have ever visited, I think the supermarket business must be tough here. My TomTom GO 730 is having a little trouble here, it is often off by as much as 300 feet. If you are familiar with the loop system to get onto and off of a number of Texas highways, that does not work well. I upgraded the software and the maps tonight in hopes of better navigation. My ears did not clear properly. This happens sometimes, I still feel them if I yawn.

Kathy drove me to the Richmond Airport, gosh I miss her. I love it when we travel together, but with the swine flu outbreak (I know, it is H1N1 even though it comes from pigs), I did not want to risk both of us. I realize it sounds like it is under control now, but we had to make these decisions weeks ago. Kathy will go back to Kauai, which is probably for the best, one more house we need to put, or at least keep, in order.

The gravity of the whole two house thing is becoming more apparent to me. With the Bush and Obama administrations both printing a trillion dollars, inflation is a high probability. Real property is a bit of a hedge. More importantly, we have family in Richmond VA. As I said to Kathy, no matter how much money you have in your checking account, you will never be able to buy one more day with your mother. So this make sense. But, there are all the things associated with house ownership, cutting the grass, insurance, etc., and they all take their toll. I thought I had the lawn part taken care of, but when we arrived, the grass in the back yard was literally two feet high. I ended up taking a day of paid time off. Each day in Richmond I would take on one of the labor tasks; mowing, weed wacking, bush trimming, even planting a cherry tree. Why didn't I do it after work? That time was already booked. The funny thing is, in Hawaii we had been swimming every day, I wondered how I would get my exercise in Richmond. I wonder no longer. Got plenty of exercise in Richmond.

Part of our plan with the Richmond house was to be able to anchor into a mother's-in-law apartment. That way, when Hunter gets married, etc., he would have a way of starting out in the rest of the house. We made a LOT of progress in that department on this trip. When Kathy flies home, we will essentially be in the apartment. Options and flexibility are worth a lot when you are dealing with family.

Continuing to book with Enterprise Rental. Found them at their limits today. It was raining and apparently I arrived at a peak time. I was first on the shuttle, but did not attempt to get first in line. It was fine, even when they are stressed they treat you better than Hertz on their best days. However, we paid for a full size and I am driving a PT Cruiser. Hmmm, not that I mind, the PT, of course, is the ultimate chick magnet, cough cough. Not sure I should be paying full size rates for a PT, but I have wheels. The problem is that they drive fast and aggressively in San Antonio and PT Cruiser's do not perform well, and,hopefully no one will take my picture in the driver's seat. Staying in the Hyatt Place by the airport. It was clean, the room was certainly friendly in terms of size and layout. I am only one person, but a family of four could fit into this space. It even has a fridge, good thing, I ordered food from Chicago Pizzeria; they seem to be a bit grey market, but I ordered from 210-222-2110 and it is, no joke, the best "meat lover's" I have ever had, plus I have a half gallon of milk for the morning if required.

[ Sunday May 24, 2009 ] Back on Kauai

The onsite went well. I have only one restaurant experience to report from San Antonio. I ate Tuesday night at the Barbecue Station. Amazing, when you walk inside there is the smell of smoked meat that has clearly been accumulating for twenty years. Supposedly it was an Exxon Station at one point and then converted to a restaurant. The price was more than fair. The atmosphere, totally authentic with concrete floors and old highway signs, plus a great Southern vinegar style sauce (not as good as Ollies, but very serviceable.) I took two orders home and ate those the next two nights in my room. When you have experienced the best, don't keep looking. Good decision because Wednesday, I hit the wall; I was giving everything I had teaching, traffic was insane getting home, I got my critical email done though typing was like swimming through cotton candy; ate out of the fridge, sat on the sofa in the suite and did my best vegetable impressions. I woke up at nine P.M., apparently I was doing a crooked neck squash, because my neck was just a bit stiff as my head had fallen to one side. Set two alarms and called the hotel for a 5:30 A.M. wakeup, and then I collapsed into bed.

Taking the rental car back on Saturday was a bit of a trip, there is no rental car return sign at the Airport (that I saw anyway ) for Enterprise. But, I called them and they talked me in; I think they get a lot of practice. As I found the street they are on, there was another PT Cruiser in front of me so I accelerated to follow that car, since it almost had to be an Enterprise rental. It turned in ahead of me. We both stopped and would you believe it, it was Charles Hamby, GIAC Deputy Director. He had been training at a military school and was on his way back and we were both on flight 369 to Denver. It was great catching up. My flights back on United went well, the big jump was flight 218 on 23 May Denver to Lihue, six and a half hours in the air. There were three movies, Mall Cop, barely passable, I read my book; Bride Wars, a bit better, but it was a chick flick and if I had been with Kathy I would have made the effort; and Inkheart, (I would not buy this movie, but consider renting it, purely fantasy, reminds me of Peter Pan more than anything else), but it certainly was the best of the lot. Service on flight 369 was fine and flight 218 even better, very attentive flight attendants. Out flight attendant on 218, was a bit ditsy forgetting things, but she always made good and apparently makes legendary Mai Tais according to my seat mates. After hearing the acclaim I had the second Mai Tai of my life - I still don't get it, she says her secret is a bit of cranberry juice. According to this web site, the Mai Tai was invented on the mudflats of San Francisco's East Bay in 1944, by a legendary California restaurateur, the late Vic Bergeron of Trader Vic's fame.

It is a rainy Sunday afternoon on Kauai and what a delicious rain it is, usually just a light sprinkle, winds out of the North and we have just put some plants in the ground for a cooking and healing herb garden in the front of the house, so this is perfect. The sprinkle got so light at one point, we went swimming. The ocean on East side is a contradiction, flat as a pancake, yet the swells get quite challenging as they break near the shore. Since I have not been in the ocean or in fins since I flew,we elected to swim at Lydgate since it is safe; if you haven't been in fins for a while, you risk cramps, or at least that has been my experience.

Planning to sleep late tomorrow morning, I have been getting up before the sun since May 16 and tomorrow, Memorial Day, I hope to be decadent and sleep to 7 A.M. or even 7:30!

[Tuesday May 26, 2009] Back to work


Monday, Memorial Day was glorious, finished the herb garden for Kathy, got to go swimming and still remembered the fallen. According to this blog, the history of Memorial Day dates back to shortly after the Civil War. Upon the conclusion of this war, several communities set aside a day to honor the soldiers who had given their lives during the war. I realize it is for all fallen in war, but I always remember WWII the most; there are still stories like this one, as this generation passes into the night, "Despite earning a Purple Heart and other accolades for his participation in the Battle of the Bulge during World War II, Russ Layton isn't fully comfortable when people call him a war hero. "The real heroes are the men who aren't with us today. ... There were 198 of us in my unit, and I was one of only 10 to survive that mission," the Kalamazoo resident said Monday. "I should have been dead 20 times over. But for some reason that I still try to figure out to this day, God must've been on my side."

Straight out of science fiction, using just your brain to Tweet on Twitter, "Just 23 characters long, his message, "using EEG to send tweet," demonstrates a natural, manageable way in which "locked-in" patients can couple brain-computer interface technologies with modern communication tools."
http://www.physorg.com/news159453062.html

Think they are kidding, nope! They are starting to work on "synthetic telephony": “Such a system would require extensive training for anyone using it to send and receive messages,” D’Zmura says. “Initially, communication would be based on a limited set of words or phrases that are recognized by the system; it would involve more complex language and speech as the technology is developed further.”
http://www.physorg.com/news137863959.html


[Thursday May 28, 2009] Sotomayor


I recevied an email this morning from Vice President Biden asking me to support Sotomayor, but I don't know anything about her views. So here are some links harvested from Twitter:
CNN Who is Sonia Sotomayor http://www.cnn.com/2009/POLITICS/05/26/sotomayor.bio/index.html
Marketing of Sotomayor http://features.csmonitor.com/politics/2009/05/28/the-marketing-of-sonia-sotomayor/
NY Times snippets on her notable decisions, read this if you only want to read one link: http://www.nytimes.com/interactive/2009/05/26/us/0526-scotus.html
Ricci reverse discrimination http://blogs.wsj.com/washwire/2009/05/29/sotomayor-tape-reveals-views-on-ricci-v-destefano-discrimination-case/ http://online.wsj.com/article/SB124354041637563491.html
Diabetes http://workingwithchronicillness.com/2009/05/28/sotomayer-has-proven-by-her-record-that-diabetes-is-not-a-factor-in-her-performance/
Abortion: http://news.yahoo.com/s/ap/20090528/ap_on_go_pr_wh/sotomayor_abortion http://www.latimes.com/news/nationworld/nation/la-na-sotomayor-abortion28-2009may28,0,830246.story
Second Amendment: http://www.cnsnews.com/public/content/article.aspx?RsrcID=48718 http://www.foxnews.com/politics/2009/05/28/sotomayors-gun-control-positions-prompt-conservative-backlash/
Douchebag ruling: http://www.nbcconnecticut.com/news/local/Critics-unhappy-with-Sotomayors-role-in-CT-free-speech-case.html
Copyright protection http://www.wired.com/threatlevel/2009/06/high-court-nominee-adopts-riaa-stance/
Complained once at Yale http://www.chicagotribune.com/news/chi-090528-sonia-sotomayor-apology,0,7448455.story
Member of La Raza (Hispanic rights) http://www.worldnetdaily.com/index.php?fa=PAGE.view&pageId=99420
Pioneer in legal profession http://www.abanet.org/publiced/hispanic_s.html
YouTube video "Courts are where policy is made" http://www.youtube.com/watch?v=ug-qUvI6WFo http://blogs.wsj.com/washwire/2009/05/26/white-house-defends-sotomayor-after-youtube-video-surfaces/
And of course, the infamous 32 words: "I would hope that a wise Latina woman, with the richness of her experiences, would more often than not reach a better conclusion than a white male who hasn't lived that life," she said October 26, 2001." http://www.cnn.com/2009/POLITICS/05/28/sotomayor.latina.remark.reax/index.html
Apology for ill chosen "white male" word http://news.yahoo.com/s/ap/20090529/ap_on_go_pr_wh/us_obama_sotomayor

Second hand Sotomayor smoke:

Unloved by Limbaugh http://wnd.com/index.php?fa=PAGE.view&pageId=99256 http://tpmdc.talkingpointsmemo.com/2009/05/limbaugh-compares-sotomayor-nomination-to-picking-david-duke.php
Will follow law on abortion http://www.nydailynews.com/news/politics/2009/05/29/2009-05-29_supreme_court.html
Mom supports her http://www.nydailynews.com/news/us_world/2009/05/27/2009-05-27_sotomayor_mother_tells_news_overcoming_odds.html
Schumer in her court http://www.nydailynews.com/news/politics/2009/05/27/2009-05-27_chuck_will_be_by_her_side_in_dc.html
Not a radical http://www.nydailynews.com/opinions/2009/05/28/2009-05-28_those_labeling_sotomayor_a_radical_dont_know_her_at_all.html
Break from the bench http://www.nydailynews.com/news/politics/2009/05/29/2009-05-29_sotomayor_getting_a_break_from_bench.html
More marketing Sotomayor http://www.30or60.com/2009/05/29/sotomayor-fever/
G Gordon Liddy and the menstruating comment http://thinkprogress.org/2009/05/29/liddy-sotoyamor-menstruating/ http://www.youtube.com/watch?v=9temHOTjVF0

[Thursday June 11, 2009] Last day on Kauai, looking forward to #sansfire09


It has been the most awesome last few days on Kauai, working hard, but also swimming, boating, and even got to ride by bike to the end of the bike path. I fly to Baltimore tomorrow and will miss Kauai, but looking forward to catching up with everyone.

[Sunday June 14, 2009] Baltimore MD for #SANSFIRE 09


Microsoft just crashed my computer without warning to install updates so this is the second time I type this information in, thanks Microsoft, when you are no longer king of the hill because someone sells a decent consumer operating system please do not ask the federal government for a bailout, because you do not deserve one!

United flight 66 from Kauai left pretty much on time and was oversold. They ended up putting people in first class, but didn't fully treat them as first class, for instance they all were served the chicken wrap sandwich United sells for nine dollars, two classes of first class, interesting. Flight 99 LAX to IAD was late, equipment change. When the Airbus 320 arrived from San Francisco, what a surprise, it was all new leather seats. They are not more comfortable then the older ones, but feel a lot cleaner. We were late probably an hour late, but we did not have a connection.

The conference/hotel sent a car for us to go from IAD to the Hilton Baltimore, a huge hotel that is next to Oriole Park (Camden). The area right around the hotel is OK, but two blocks uphill starts to get iffy. This is a dangerous hotel to run conferences in unless you are a huge event, because there are so many hotels in the area, a Marriott across the street as well as a huge Holiday Inn, I can see smaller events losing their shorts due to attrition because people stay in alternate venues. Anyway, nice physical facility, they need to train their people though, they feel too much like a convention center on the services side of the business. Oh well, builds character for my staff.

The neighborhood right around the hotel is OK, but even a couple blocks uphill starts to get iffy. The Oriole baseball park was right outside my window and there was a game last night Orioles 8, Atlanta Braves 4, but there was no noise, I have no idea how they pulled that off. I am teaching Management 421 Leadership Competencies in less than an hour, so best get to it!

[Thursday June 25, 2009] Miami Embassy Suites Airport Hotel


Jeepers life has been a blur. Kathy and I never did get to eat in a restaurant together in Baltimore, our schedules were so hectic. Eric Cole and I did get a meal in the hotel restaurant, The Diamond Tavern. It was good, the service was friendly and not that expensive. Eric had the New York Strip and I had the Crab Cakes. The United flight to Miami left late and arrived early, flight was just under three hours. We picked up a rental car at Enterprise and drove up to Fort Lauderdale and stayed at the Marriott Harbor Drive on the beach. That night we ate at Kelley's Landing, a New England style seafood restaurant. As you know, many people in Southern Florida live up North part of the year and from their accents there were a bunch of them in the totally full restaurant. Kathy had the Lobster, classic New England style with bib and butter, I had the mixed grill. We really enjoyed the experience. For Father's Day, we ate at the Marriott and enjoyed their brunch, make sure to get a reservation, we didn't but we were lucky that we arrived ten minutes before they opened and got one of the last tables available. It was your classic bottomless champagne brunch with king crab, peel shrimp, eggs benedict, custom omelets, prime rib, pork ribs and so very much more. Classic. Paul Henry had suggested Shooters and Taverna Ota, but my host Peter Nicoletti did an override with Charley's Crab ( not actually a crab house, upscale seafood and steak). Excellent restaurant, I had the grouper, Kathy had the salmon. A real highlight though was Greek Islands Taverna, we actually went there twice. I had the lamb and the grouper, Kathy put a couple appertisers together one night and the salmon, everything was excellent. Between you and me, the Marriott Harbor Drive is not quite worth the price. They were doing construction, didn't have warm water for the shower one morning and the water was brown, no matter how long you run the faucet. They offered me a $100 resort credit for the construction going on outside my room, but were in denial about water temperature and color. On the plus side, the valet service for cars was excellent, I never had to wait for my car once, unheard of. The beach is right there with plenty to do. The pool is a classic resort pool. The staff are all very professional and friendly. So, I like the hotel, but the need a new maintenance director.

I was in Fort Lauderdale to visit Terremark and speak at the South Florida ISSA. It was great to observe the sense of community and the number of really excited competent people. Also, SANS has never done so well in South America, but Southern Florida is a gateway to Latin America so who knows. There might be opportunity there.

Lunch today was some Colombia restaurant in Miami, total bust; I ate some of the sweet plantains and left the rest of the food. We turned our rental car into Enterprise and settled into the airport hotel, the Miami International Airport Embassy Suites and tried to catch up on business, email and blogging. We ate supper in the hotel restaurant, they call it the Barcelona Steakhouse. It was OK, the onion bread is awesome. they mixed up our steaks, Kathy had the fillet and crab cake and I had the sirloin and shrimp. They undercooked Kathy's steak and overcooked mine, but they were gracious about giving Kathy's some more heat and did a redo on mine and swiftly as well. The second time was perfect medium rare. The hotel also has a bit of a mold problem, our room is musty. It is not as bad as our experience at the Holiday Inn Select in Richmond, and it is only for one night. It is very humid in Miami and I can see how this happens easily. The pool was fun though, we went for a swim, tons of pretty college age girls running around getting their orientation before travel abroad, but I really did swim and my goggles were foggy, I am just telling it like it is. The hotel price is right and it is convenient. Their wireless network is totally hosed, goes up and down like a basketball, I bet some other wireless is on the same channel and they are doing deassociate wars, I am on my Verizon EVDO mobile hotspot, which is awesome, so no worries. Tomorrow, if all goes well, we will be back on Kauai.

[Friday July 3, 2009] On Kauai


Weather has been great, we have been sailing, swiming making the best of the island. This is a holiday, but they did not tell me one of my courses was due until yesterday, so I spent a lot of Friday and will have to invest some of Saturday updating Management 421.

[Sunday/Monday July 5 and 6, 2009] Travel to Denver

Flight 68 from Lihue to Los Angeles July 5 was a waste and I even got upgraded to first class. The flight attendants served the snack and came through one time with water on the whole trip. That does not build loyalty. We did get to LAX before 4:30 AM which was a plus. Ate at McDonalds, it opened promptly at 4:30, what an amazing amount of business they do. At one point, the line was over 100 persons deep. United flight 18 from LAX to Denver on July 6 was about 30 minutes late leaving, they said it was a mechanical, but no problem.

I had forgotten just how big the Denver airport is, headed for baggage claim rode to the A gates, got off there instead of baggage claim and the next two trains were too full for me to get on. Still beat my bags at baggage claim, but it shows people are traveling still despite what we read in the newspaper. My hotel is the Grand Hyatt, first impressions are excellent, the room was mostly clean, there was a piece of plastic missed on the counter of the bathroom, but other than that the room passes my cleanliness test. The staff work very hard to be friendly and each person has their own extension and they encourage you to communicate with them directly.

For supper July 6, I slipped into Bayou Bob's near the 16th street mall and the hotel. Made my own cajun sampler with the sides and cups on the back, crawfish cakes, gumbo, jambalaya, etoufee, but my mouth was burning just right. Preparing to teach tomorrow. I can't say it is the best cajun I have had, but it beats no gumbo! Also ate at the Apaloosa Grill, once again the food is OK, but not off the charts.

[Saturday/Sunday July 11/12] Travel to Tokyo


Hotel sent a car at 0600 and first flight was United 0377, can't tell you much about it, slept the whole way. One hour layover in San Francisco before boarding United 837. I scored business class with the new lay flat seats, I am just a bit too tall to enjoy them, but I love having my own decent size screen and movie selection. Food was decent, I went with the Japanese menu, might as well embrace Tokyo. The service was terrible. The flight attendants literally ignore you if you come up to get water or a snack. I know how United can save some money, fire unfriendly flight attendants. Landed and cleared customs with no problem. I did not arrange my car in advance and that was a big mistake, I got a ticket on the bus ( Friendly Airport Limousine ), but it was a two hour wait. What do you do in a crowded airport after you have picked up your bags, you have to take them with you where ever you go like the bathroom. Saw a guy with the same blue bamboo Costco aloha shirt as mine and we chatted for a while. He was with a group that does sonar, underwater acoustics and they were headed out, but we had a beer from a vending machine and watched each other's stuff. Hotel Nikko is awesome, gives me a whole new perspective on Tokyo. Great service, great restaurants, my hosts got me a balcony room facing the water with downtown Tokyo in the distance. The bathooom has a soaking tub with a window so you can lay in the bath and look at Tokyo; water is far too precious here for me to do such a thing, but it is a nice touch. I have stayed in five or six high end hotels in Tokyo and this is my favorite. This website has a picture of the famous robot with my hotel in the backdrop.

[Sunday July 19 ] Return from Tokyo to San Antonio


Both of my United flights ran late, but I got here. United 838, starting on Saturday was a good flight crew, I dozed in and out of consciousness and when I would wake up, there was water on my table so I stayed hydrated. The Red Carpet Club in SFO was a nice place to hang out and check my mail which was merciful since it was a Saturday. United 6252 boarded on time, but we sat there for an hour working our on route. That messed me up, I had hoped for a quick tweetup at the airport with someone going outbound, there was no phone on the plane to call them and let them know since it was a United Express ( smaller regional jet ). I am staying in the Hyatt Place Airport Hotel. I have been here before and once the week starts it should be OK, during the weekend it is a zoo. Saturday night I ate at Applebees by the Airport. It was about 9 PM and the place was hopping. There was one open table. I looked around and I was the only single in the joint. I don't mind my life, but it does have moments of lonliness and that was certainly one of them. Today, Sunday, I hope to do some writing and maybe get out and do something in San Antonio as well. Then on the way back I stopped at the Walmart on Jones Maltsberger Road, it was packed, I guess the big thing to do is go to Walmart, but got some fairly healthy snacks, came back updated my TomTom 730 GPS, it will be interesting to see if the latest map ( inclucing my addition) enables it to find the hotel.

[Saturday July 25] San Antonio headed for Kauai

It is 7AM San Antonio time and I am stilling in the San Antonio Airport waiting to go home. It has been three weeks without seeing Kathy which is entirely too long, but it has been a productive trip. Taught MGT 512 Security Leadership Essentials in Denver and San Antonio and also gave some technical talks and did some business development in Tokyo.

From a technology standpoint, this was a very challenging trip. My laptop started crashing, it has quit doing that ( thank goodness), but I ordered another box. Not what I wanted to do, I wanted to wait till System 7 was shipping, but I think I will coordinate with the NOC to switch after it ships. I do not really want to play with the pre-release, but plan to switch to it as my primary OS after it ships. When you depend on an OS, you tend to learn it pretty fast. Skype lost its device driver for the microphone, we reloaded, no joy. My iPhone crashed hard, it showed no service where ever I was ( thank you for the button reset tip @roblee, I did try it). I reloaded 3.0 and got service, but when I loaded by backup data, it lost service again. I tried this twice more and finally went forward without my contacts, the second time, I have lost all my data. Finally, I wanted to go to the Barbecue Station and was programming my TomTom 730 GPS, there were two NE Loop 410s, so I called them to ask which zip code they were, the told me the wrong one and there was no way to delete or correct. So, I had to delete all destinations, some of which I am going to need on my next trip, grrr, Perils of Penelope this week, but I have a decent attitude and enough about my troubles.


We took a page out of the Fort Lauderdale play book, we did a COINS ( community of interest in network security) tweetup. Eight people showed up including John Pirc, Security Product Manager for IBM ( he lives in Austin). It was good to get reconnected to Mike Runnels, he is in higher education and has a heart for the security community. The bill was less than $100 so this is FAR more economical than doing one of these in a hotel. I am not sure how I feel about Dave and Busters though, it seems like a training ground to teach kids to love casinos when they grow up, but we are on the right basic path I think.
http://www.sans.org/coins/


Be sure an monitor your credit card bills closely for the next few months, Network Solutions at a half million breach:
http://voices.washingtonpost.com/securityfix/2009/07/network_solutions_hack_comprom.html?wprss=securityfix


Spent some time pondering the Strengthening the Federal Security Workforce document. It seems like there are some key points missing like an action plan. Anyway, here is the section that got my attention the most:

“A CISO at one major government department reported that “we have 18 full-time employees and probably 70 contractors.”
Margaret Graves, the acting CIO at the Department of Homeland Security, told a House Oversight and Government Reform subcommittee on May 19, 2009, that one-third of approximately 600 major systems in use in the department reside in contractor facilities.

The inspector general of DHS reported in September 2008 that contactors accounted for 83 percent of the total staff of the department’s office of the CIO. ”

http://www.ourpublicservice.org/OPS/publications/download.php?id=135

We are going to be announcing our program to help in this respect in the next week or so hopefully. We would like to offer a program to prepare cyberwarriors. I realize that sounds odd, but if you think about it for a second, we have the defensive or blue side fairly well covered with courses like Security 504 Incident Handling and Hacker Techniques, Security 503 Intrusion Analysis, Security 508 Forensics, but in the past year or two we have been rolling red or offensive type training forward with Security 560 Penetration Testing, Security 542 Web Penetration Testing, and of course Security 709 which teaches you to develop your own exploits. If you have any advice for us, I would love to hear from you.

Also, along the lines of providing support for the Government, I notice the Critical Controls project run by John Gilligan seems to be gaining some momentum. I noticed this press release from Prism Microsystems:
http://www.streetinsider.com/Press+Releases/Prism+Microsystems+Announces+Support+for+the+Consensus+Audit+Guidelines+%28CAG%29+to+Protect+Federal+Information+Systems+from+the+Most+Damaging+Cyber+Attacks/4817054.html
And here is a copy of the specification:
http://www.sans.org/cag/

A couple of reports ago, I asked for help from bloggers to conduct an experiment. Someone posted a negative statement about a person associated with SANS so six bloggers posted the same name, the word they used and something positive about the individual. The experiment failed, the attack remained the top hit on Google. That was certainly educational, search engine optimization gets trickier every week it seems.

Now, if may I ask for your help on a couple of things? The number of people that are staying in the conference hotel is dropping. If we cannot turn this around, it will severely limit our ability to serve as many parts of the country and world as we do with large and medium size events. We can still run Community SANS where we pay flat room rental. If you have attended a SANS event and stayed in a hotel other than the conference hotel, if you would be willing to share two things:
- Why you stay in hotels other than the SANS conference hotel
- What would make you change your mind and stay in the conference hotel
Go ahead and be blunt, I need to learn.

Network Security is coming up! If you have an opportunity to tell someone about it, blog it, mention a particular class, tweet it, etc, that would be awesome, I think it will be a great show and this is one of my favorite hotels, located right in the Gas Lamp area of San Diego:
http://www.sans.org/ns2009/


Looking ahead, I will be spending a short week in Hawaii and then off to Boston, Athens, Richmond VA, VA Beach, this time Kathy and I will be together. I will document that in the Information Security Travel Guide edition 12. Hopefully we are doing tweetups in most of these cities, if you want to be a part of this, please drop me a note.