Security Musings

Security Musings

Information Security Travel Guide

Stephen Northcutt, an Information Security Researcher, United Airlines 1k, Writer and Instructor, documents the struggles of the travel and hospitality industries as we all face continually increasing energy costs. He and his peers share their travel experiences and give you quick tips and short reviews of the companies they do business with as they travel. If you came across this article because of a Google search, what you want is probably here, just use find with your browser (CTRL - F), it is easier than reading from top to bottom; however, you may get some useful tips if you stick around and read. Each major cluster of trips is documented in a separate file.

Other Related Articles in Information Security Travel Guide

Information Security Travel Guide Edition 14 - Stephen Northcutt

By Stephen Northcutt
Stephen and Kathy Northcutt, your faithful infosec tour guides will be headed for a college business meeting in Bethesda Maryland. down to Richmond VA, off to London for SANS London 09, back to Richmond, then up to Washington DC for our Cyber Defense Initiative conference. Along the way we will talk about the joys and difficulties of travel since the great recession has caused so many amenities to be removed, we will also mention the restaurants and hotels we visit, maybe throw in a recipe or two and of course a security tip here and there. At least that is the plan for Edition 14 of the Information Security Tour Guide.

[Monday, November 16, 2009] Hitting the books

We have been preparing the documentation for the College for years, but next week is crunch time. So, I am looking it over. Then I get bored and do something else, then I hit another chapter. Need to keep looking at it all this week. Sunday, I got to visit the Garden Island Range & Food Festival at the Luau Kalamaku tent on Kilohana Plantation. That was fun, chefs from all over the island cooked dishes primarily from local grass fed beef. The cost was $35.00 and it is a no alcohol event. I liked this much better than Taste of Hawaii.

Read an airline blog about United tonight. It looked like the usual million mile I am mad as heck and I am not going to take it. However, this is John Battelle as in @johnbattelle on Twitter with about 25 thousand followers. I work my tail off, fly a lot more than he does these days, but he is a million miler. Miles are one thing, but I have one gazillionth the media firepower of John Battelle. And here is the killer, on Twitter he posts "Hey @UnitedAirlines any chance you're as good on Twitter as @comcastcares is?" Sadly the answer is no. You see there is a UnitedAirlines employee that follows Twitter. I think it is a part time job, the posts seem to break into two groups, contests with questions I never know the answer to and fare specials to places I cannot go because I am a working man, and I am already going somewhere else for work. Though my favorite post from @UnitedAirlines was: "Today is the final voyage of our last 737 aircraft. After 40 years of service, the "guppy" will land for good later today at SFO!" That was cool, made me feel like a piece of history. Anyway, back to John Battelle; he did manage to get what he needed, but he did it on the phone, by asking for the supervisor. And, since my own destiny is so tied with United's, I found this one sentence from his blog sobering, "So thanks United, for making it that much more special! As you might imagine, I can't wait for Virgin, Southwest, or Jet Blue to start direct service between SF and Tucson. Because when they do, I won't think twice about switching. Until then, however, you've got my business. But if I were in your shoes, I'd be very, very nervous about the future of yours." @UnitedAirlines, I am a fan, we have flown a lot of time together, can't wait to see the new uniforms, just a suggestion, but if you want to be Web 2.0 and social media hip on Twitter, you might scan for cries for help to @UnitedAirlines and intervene from time to time. We do that on a regular basis with SANS. We read the evals, we respond, we try to make things right. And United, I know you do that as well. In my own Infosec Tour Guide blog there are stories of where you helped me. I tell those stories, I talk about when I get shafted, when I get saved and when I get treated special, but most people don't. Collect and post a few testimonials is my advice. Maybe I am wrong, maybe it is just my opinion, but I think you are getting the shaft more than the olive branch in the blogosphere. At the end of the day, this is going to translate to lost seats to an airline that has more positive comments. Feel free to contact me for a few ideas to get this started and I will work for seats on jets, what is not to like?

[Thursday, November 19, 2009] Getting ready to fly

Two more days on the island. Trying to get myself oriented. My blood pressure (hypertension) went up into what they call stage 2. I would like to avoid drugs so I did some Internet and other research. Avoid alcohol on a daily basis even one glass, minimize salt, get some exercise are the big rocks. Other things that can help manage hypertension include celery because it has Apigenin, they suggest 4 ribs per day. Increase potassium to manage salt buildup. A Mediterranean diet (which I pretty much have), avoid high fat foods. Helpful spices include garlic, ginger, nutmeg, cinnamon. A glass of non-fat milk and a bite of dark chocolate (hey, I am starting to like this), but you do not drink the milk and eat the chocolate at the same time or the milk can block the chocolate's flavonoids. Green tea instead of coffee. Oatmeal for breakfast several times a week, incorporate flax seed into your cooking (you can make an awesome cracker with flax and sun dried tomatoes). An hour before bedtime, a sleep herb capsule with Passion Flower, Valerian, and Melatonin. Who knows? And, will I be able to do such stuff on the road? May need to use drugs.

Had a great talk with Mikkel Winther from Secunia yesterday to see what we could do to spread awareness of their PSI product. I think it is one of the most useful products out there for securing an endpoint. I am still running it, Savant Protection and Microsoft Security Essentials (their anti-virus, not the SANS course of the same name) on the HP Netbook 110 and am really impressed at the amount of protection relative to the resources used. I just learned about White List tool from Faronics. Will try to get more info on that. Also, am in discussions with Ken Posey from CoreTrace to try to get some operational experience with Bouncer. Anyway, Savant proved its worth today. My Netbook came with a demo copy of Norton AV which I uninstalled. It left traces of itself, apparently an updater, which Savant caught. Is this a case of bad on you Symantec? You would think when someone uninstalls your product, it should completely go away. There is nothing in Program Files that I could find, can't see it with Control Panel Add/Remove programs. The first registry entry I found was Microsoft Direct Draw, the key is called NortonSystemInfo, OK, no harm, no foul there. Then in a key called ExecutablesToExclude, it lists C:\\\\program files/nortoninstaller. I am going to assume it really is uninstalled and this is all just compatibility stuff, but I will keep my eye out, on a atom processor, you don't want to be running additional processes.

After work, we took a walk to the Kukui Heiau and on the way we saw a monk seal on the beach. That is so very special. There are less than 1,400 of them. About six months ago some moron shot one. Last night, I read about the mutation of H1N1, updated the World Pandemic Watch, and Kathy and I will try again to get vaccinations for H1N1, figure it can't totally mutate.

[Friday, November 20, 2009] Last full day on Kauai

Have you ever noticed that when you are getting ready to leave on a long trip, all kinds of things jump out at you? Today was insane. More email than usual with a lot of please approves. I had hoped to pack and then take a hike for a couple hours in the mid to late afternoon. Instead we did end up getting our H1N1 vaccinations. We didn't feel great afterwards, but it was not too bad. The house cleaners came (we always splurge when we leave and just when we come back because living so close to the shore, salt gets on everything.) Right after they finished, the handyman that is helping me remodel my painting studio showed up and started cutting holes. And, we have a whole house tour tonight. Oh well. I did get a walk, went north this time and saw two monk seals, an adult male sleeping on the rocks and a young one cavorting in the water; I feel truly blessed.

Some friends took us to dinner at Lemongrass Grill tonight. They have really worked on their food since I was last there. I had the catch of the day (Mahi Mahi) with a passion fruit glaze, I was skeptical, but it worked. Most everyone liked their food, Pam was a bit disappointed with the stuffed shrimp, service was excellent.

The Best #SANSCDI Tweeter Contest Version 1.0

It seems good to SANS to commission a contest at #SANSCDI to practice using social media to inform others of important breaking news. The idea is to reward the person that best captures SANS CDI 09 with fame and fortune.

Let's do fortune first. I will assemble two gift packages, one for the judge, the other for the best tweeter on Twitter. I will not spend less than $100 each and that does not include shipping, which will also be on my nickel. The package will include alaea sea salt, Kona coffee ( I would love to do all Kauai, but Kona coffee is better than ours), and some Aunty Lilikoi condiments, and the rest is a surprise, but it will be a taste of Hawaii for sure. Due to the incredible volume of shipping and the fact there is a limited amount of transport capability to and from Hawaii during the Christmas season, we will not be able to ship the winner and the judge their parcels till January 10, 2010 or so and you should expect 5 - 7 days travel time if you live on the mainland and who knows, if you live internationally. Sorry, them's the breaks. Why is this "fortune" if it is a gift basket? It includes salt, which was the most valuable of substances in ancient days before they invented high blood pressure.

The winner will be notified by January 4, 2010.

Fame? The winner will be highlighted in a future edition of SANS ExecuBytes in the Social Media section.

The rules, version 1.0, they are subject to change, but changes will be posted here.
The contest covers tweets between 0600 December 11, 2009 and 0000 December 18, 2009 East Coast Time.
Judge is Craig Duerr whose word is final.

The contest is cumulative, and each tweet is a chance to earn points. If you tweet about SANS CDI 09 with hashtag #SANSCDI, the judge, whose word is final, will score your post as a value between 1 and 3 where:
1 = Not helpful, not informative or inaccurate
2 = Useful tip, easily available elsewhere
3 = Useful information for the community that gives a sense of the SANS conference

Tweets can be insights from courses, from evening talks, BOFs, discussions in the halls, etc.

This base value will be multiplied by the number of followers you have and kept on a tally sheet. Example: John Doe has 1,000 followers and posts a tweet rated at 3, the resulting value is 3,000.

Score Modifiers

Profane, inaccurate, fraudulent, abusive quotes are grounds for disqualification from contest or nullification of that particular tweet and any subsequent retweets. Keep it clean guys and girls, action is judge's discretion.

Retweets will be evaluated as a 1 multiplied by the number of followers. Example:

Example: John Doe has 1,000 followers and posts a tweet rated at 3, the resulting value is 3,000. However John Brown has 500 followers and retweets, John Doe's post. John's post now has a value of 3,500. And if John Brown is in the contest, he adds 500 to his tally sheet.

As you can imagine this could get complicated mathematically, the judge has the right to ask participants to evaluate the data and share their analysis or to make a best guess when it takes too much time to track by equations. If this year's contest is a success we can look at automated scoring to make the judge's life easier in the future.

[Saturday, November 21, 2009] Fly day

Got to sleep late, 0800 wake up, actually I was awake before that, but just stayed in bed and watched the clouds go by through the skylight. Kathy and I had a cup of coffee at the beach to celebrate our last day on island. I came into the office just to check for critical emails since we have the college site visit coming. I noticed an email from the Democratic Party asking for money to combat Sarah Palin. I know you are thinking, oh no, Stephen is going to get political, but I will try to avoid that. This is a study in social media and a potential future groundswell.

Sarah Palin - Going Rogue, 2012 election, my predictions

Recall, that whether or not you support President Obama, you cannot debate that he made better use of social media than McCain, and many analysts feel that was a factor in his victory. And, we all know McCain chose Sarah Palin as his running mate, and we can debate whether that was brilliant or a mistake till the cows come home, but I do not think anyone actually knows. In fact, I think most political analysts get Sarah Palin wrong most of the time. Let me share a single fact that I know to be true; my 82 year old mother loves her and believes in her. You could ask my mother to consider a thousand facts, but she will not listen. First, she knows most of the facts presented by media related to politics are slanted at best, and outright untrue at worst, and that applies to Democrats and Republicans alike. So the rich question is, can Sarah Palin create a groundswell? That is all that matters. The biggest chess piece on the table right now is her book, Going Rogue. I know I have to read the book because it is going to be an important part of the American culture. Doesn't matter if I agree or disagree with her thoughts are not. What do I predict is going to happen? I think she is going to try to run for president. I think that is currently a tough pill for the Republican Party to swallow, though some are coming around and there is time. She could also try going independent, but that lowers her odds of victory and probably hands the election to the Democrats. The book is great for her purposes for now, but it will not be enough because it will be old news by 2012. I think this run is going to be one of the most interesting in U.S. history and will be won or lost using social media. Right now Ms. Palin has about 26k followers on Twitter, that is not enough, but she has over a million supporters on Facebook and that seems to be more of her focus. In terms of strategy, I think five of her primary cards will be: Ronald Reaganism, Lower Taxes, Faith in God, Underdog status, everyone is against me. I think her primary weaknesses are lack of honesty and lack of judgment/temper, and those will be used as the primary weapons against her. Recall, truth was used effectively against Al Gore, even if unfairly. People will also try to show Palin is extremist and that her positions do not represent mainstream America. However, no matter how many facts they come up with, that is not going to stick; she is clearly populist, just look at her pictures. Back in July, I blogged, "Palin is no lightweight", I just did a Google search for "Sarah Palin", 22.8M hits, "Mike Huckabee" 2.5M hits, by that measure, Sarah Palin has ten times the social media exposure of Huckabee. Polls show Huckabee is ahead right now in terms of Republican support, but she is second and I bet he can feel her hot breath on the back of his neck. Huckabee is first for now, yet Democrats are not raising funds to attack Huckabee, they want to attack Palin. The Democrats would be wise to remember the ancient adage, "I don't care what the newspapers say about me as long as they spell my name right." So there you have it, that is my take. As I said most political analysts get Sarah Palin wrong, let's see how I did as we approach 2012.

Going Rogue An American Life Book Review

I know, I know, what the world really needs is another book review of "Going Rogue." However, I am not extremely to the Left with a motivation to trash the book and call Palin a liar, nor am I fundamentalist Right and have the motivation behind my review to explain why we need to support her; I am just going to review the book. The short answer is that it is a good read. I am sure she had help getting the book done, but the voicing is consistent. The book is touching, I really didn't know very much about Palin, though I think it is important to turn that around; she grants us a view into her life and family.

Should you read the book? Yes, if she is not a candidate for the next presidency, she will have some say into who the candidates are. In the same way, it is important to read the Barack Obama books if you haven't yet; we should know our current and prospective leaders.

In chapter one, The Last Frontier, she shares a bit about her family, her roots, growing up. I had no idea she was a basketball fiend. And we learn, and will learn again and again, this lady values hard work. By page five we learn this lady hates GOP leaders Ruedrich and Murkowski. This is a very important insight into Palin's character, she makes enemies. I hope in the years to come, she can master some of that "Teflon" that her role model, Ronald Reagan developed. The flip side of this, you really do not want to be Palin's enemy, she will tell the world about you ten times over. It is also pretty clear by page five, Sarah Palin will go independent in a heartbeat. She is only sort of Republican. The way she tells it, it is all the entrenched stuff that she does not like about the Republican Party; my sense is it will have to be the Palin party for her to really be comfortable. We learn she loves and admires her parents and that hunting and fishing stuff, it is not an act for the press, she gets the concept of harvest food as well as anyone I have ever met. When President Obama had won the election, he had a web site and you could type in suggestions. I suggested that President Obama encourage people to garden, get some exercise, import a bit less, have a bit more independence; if Sarah Palin is President, I think she is going to suggest we all plant a victory garden. She didn't watch much TV growing up, Kathy and I have not watched TV in 25 years. Sarah Palin appears to be conflicted on the feminist thing. She mentions several times she is a product of Title IX, but runs shy of the feminist point of view. She at least believes woman are equal to men and hints superior a couple of times. Todd Palin shows up on page 33 and the picture Sarah paints of him is somewhere in the super dude category, I do not think I can measure up to Todd and I have a few reasons to be satisfied with my life. They were both born again Christians before they were married. She did the beauty pageant thing to help pay for school and there really is such a thing as Miss Congeniality. It took her five years to get through school because she had to earn tuition. When she and Todd got married they were poor and worked hard. Her first child was born in 1989 and she loves being a mom. Todd loves kids too and they give their kids odd names like Track, Bristol (Todd beat her to the punch), Willow, Piper and Trig. And, the Exxon Valdez thing: the Palins and much of Alaska still bear a grudge, I knew it was awful, but didn't realize it was that awful; if you are Exxon, you want to contribute a lot of money to the Democratic ticket in 2012, because she will have your hide.

Chapter two is titled Kitchen-Table Politics. Turns out Sarah Palin is as good of an example of the power of grass roots as President Obama. Now I understand why he is concerned about her. She went from city council to mayor and ended up replacing most of the Wasilla appointees. She made enemies of a few people in Wasilla that came back to haunt her in her run for Vice President. She made enemies of many entrenched politicians and slams Ruedrich and Murkowski a few more times. She ran for Lieutenant Governor and lost, was appointed to the Oil and Gas Commission. In chapter 2, her sister Molly marries Mike Wooten, as in "Troopergate". Molly and Mike get divorced in two paragraphs and we learn what a scoundrel he is.

Chapter three, Drill, Baby, Drill tells us everyone in politics is corrupt except her and her close contacts. She makes an enemy of Andree McLeod which will come back to haunt her in her Vice Presidential run. She ran for governor, grass roots style and won. If you work hard and follow Ronald Reagan's principles, you can govern well. We also learn how important it is to drill more in Alaska, we will hear that again and again. She gets pregnant and the child has Down Syndrome. I believe she does a masterful job of giving us a bit of insight into raising Trig. She writes a letter to her family as if it was from God, telling them about the child; this is later used against her in politics. Todd has won the Iron Doggers contest twice and it sounds brutal. She started contractions with Trig and flew home to have the baby. She got home, gave a speech, and then left for the hospital.

Chapter four is Going Rogue, we get a look into the McCain campaign. I appreciate the picture of John and Cindy McCain that she paints. They select her as the Vice Presidential candidate, the campaign is run by a bunch of people that don't have a clue, she makes more enemies and a few friends. The campaign was not fun, though it had some positive moments, she loves shaking hands. She did her speech without a teleprompter, because it went jiggy. Some of the people she made enemies of start taking shots at her. She talks about the Katie Couric interview and possibly takes some of the responsibility. We also learn Couric does not have a proper sense of geography because she does not realize Alaska is in the USA; if you think I am kidding, check out the map on the inside front cover. The media is unfair with her. Before Palin, McCain rallys were getting three thousand, after Palin, fifteen thousand or more. I really enjoyed the description of the debate with Biden. Geraldine Ferraro appreciated the fact that Sarah mentioned her as a female candidate for Vice President, no one else had.

Chapter five, The Thumpin', was the most important chapter for me. Why did she resign as Governor? The world was against her, the media was trashing her and people were filing frivolous ethics suits and freedom of information requests left and right. If you do not like Sarah Palin, you will probably think this is overdone. It isn't. There is a destructive side to grass roots politics. Just last week I got a letter from the Democratic Party to raise money to take Palin out. But there is more to the story, though she paints it all as right and wrong, she would be wise to realize you reap what you sow. She has been making enemies for four chapters, some three hundred and twenty pages. Anyway, this chapter helped me a lot, I understand why she resigned and tend to agree that she did not have a choice.

The book begins to close with a small chapter titled The Way Forward. She is already working on her talking points against President Obama, he put the nation on track to double the deficit. We have rewarded a few greedy firms for fiscal irresponsibility, too big to fail was a huge mistake. It was also something done on Bush's watch, but never confuse the voting public with the facts. Ronald Reagan faced a grim recession and he found the way forward. The most important thing we need to do is drill for more oil in Alaska. We need a stronger military. We won, they lost, any questions?

The final chapter is Epilogue. She talks about family a bit more, her son Track who was deployed to Iraq. She ends with an email from Deyey Whetsell which, among other things is, a profession of faith.

Some random thoughts: I think the book is well written, poignant, I cried more than once. Sarah shares a lot about herself, thank you Ms. Palin. I must admit that I, like many Americans, tuned in on that lipstick speech, one of the rare exceptions to my policy of not watching TV. After the speech was over, I looked at Kathy, "Who is this person?" And as the "facts" came in, Troopergate, the pregnant daughter, Trig with Down Syndrome, the ethics bit about using state facilities to take her kids around, and I got more and more confused. I didn't invest too much time because I had already decided I was not going to vote for the McCain/Palin ticket. For me, it was the McCain debate with Joe the plumber. It looked dumb to me and with all the damage to America's image I was scared to vote for a guy that looked dumb on TV even though I know he is smart, gritty, and a true American hero. Now, because of the book, I feel I know Sarah Palin better. Sure, some of the things in the book may not be true, in fact, my bet is that some things will be provably false. That isn't going to really bother me. I have been a manager for a long time and have observed when people are in an argument, the things they say are not so much right and wrong, true or false, they are more assertions. People in an argument have convinced themselves of something and they are rarely bothered with the facts and Sarah Palin has her share of arguments.

My biggest complaint about Going Rogue is it really does not give me a clue of what Sarah Palin is going to do next. She says she is headed back for the kitchen table, her word for grass roots politics. She has spoken ill of both the Democrats and the Republicans. We learn she is going to bake a cake and show Piper how to use a road map if he wanted to attempt to drive from Alaska to Michigan. After reading the book, I went back to my predictions for 2012; most analysts get Sarah Palin wrong, but nothing I read makes me want to change a word or swap out a link. That does not mean that I am correct, but the book does not change my analysis.

The biggest surprise for me was the book's position in the bookstore I bought it from. I thought this was a big, big seller, but when I walked into the B. Dalton bookstore at Dulles Airport to buy it, I could not find it. It was not on the best seller table, it was on the bottom shelf, middle of the store. Are the sales numbers inflated? I am in London right now and Internet is very expensive and my 24 hours ran out a few hours ago, so I am not going to spend $30 USD to find the Amazon sales rank. Maybe a clerk or the store manager at the Dulles B. Dalton store does not like Palin, who knows, but I am going to start looking for it when I walk into book stores to see Going Rogue's position.

I am going to close with two pieces of advice. I realize how pompous it might sound for me to give advice to the Republican Party and also to Sarah Palin. But, we need a two party system in America and they are both poised to muck that up:

Republican Party. You do not know me, but I am your demographic by virtue of race, gender, economic position and education and while I live in Hawaii, I lived in Virginia longer and am only in the islands 40% of the year. I did not vote for your presidential candidate in the last election; throw the bums out pretty much sums up how I felt. I am not sure that I can vote for Sarah Palin in the next election, but I am certain that I cannot vote for some old white guy that only speaks for people like me. And I promise to be an educated voter, I will study the history of your candidate as I will the Democrat's candidate, who will most likely be Barack Obama. My advice to you is to be nice to the girl. From reading her book, it seems like you have gone out of your way to exclude Sarah Palin from the Republican Party. Republican Party, you need Sarah Palin more than she needs you. Our country has done best with a two party system. Which is more important, your egos or your country? Nuff said.

Sarah Palin. An ancient koan says, "He who lives by the sword dies by the sword." My Bible says, "Blessed are the peacemakers." A wise old gentleman once pointed out to me, "If you have a problem with almost everyone, maybe the problem is with you". Right now, I cannot vote for you. I agree we need to reduce the debt, Ronald Reagan is a hero of mine as well. I gave up a year of my life to public service with an offer on the table to be the CTO in a privately held company that would and did IPO, because I felt my country needed me and missile defense was the point of the spear. So, it is not ideology that separates us. I respect and admire you. However, as the Oracle said in The Matrix I, "You are not the one". You pick too many fights, you make too many enemies; it is a problem I know all too well. You can't indulge in such behavior as the Chief Executive. In raising your family, you picked your battles. With your gay marriage/partner benefits decision in Alaska, you also demonstrated wisdom. You need to do a lot more consensus building. Unless you are willing to try to be more African American than President Obama and more Hispanic than Justice Sotamayor, you have a tough road to hoe. There is a phrase President Obama used more than once. It was one of the reasons I decided to support his candadicy, he said, "I think we can all agree that . . . " We the people are very diverse today. If you make a choice to be divisive, my best guess is your slice of the pie will be big enough to get lots of media coverage, possibly be big enough for you to throw some votes to someone else who is a better fit for the American people, but I think divide and conquer will only achieve the first goal; divide.

Enough politics. I just realized SANS New Orleans is at the same time as the International Boat Show. I am definitely going to try to keep my evenings clear. The boat show is Jan 6 - 10 and we are Jan 10 - 18, so maybe I can come in a few days early. This link shows the LinkedIn people coming. I went ahead and made an event for SANS on LinkedIn. I just updated my travel tips file, good thing too, I had forgotten to pack a plastic clothes hanger to wash clothes on the road, important when you are going out for 30 days. Based on the poor performance of rayon aloha shirts on my last trip, I am not going to bring one this time. Took my last walk before flying, no monk seals, but hey, two days in a row, who can complain. Tried to find some healthy snacks for the trip, the quality of food on the road is brutal.

United Airlines flight 68 Delayed and other United news.

Not sure what is wrong, but the plane is now scheduled to fly 2.5 hours later than originally scheduled. My new connection is United 966, so I will arrive a couple hours later than originally planned, but as it is, it will still be early enough to accomplish my mission and attend the meeting on Monday in Bethesda. We will see what happens. Fortunately, I scored a spot in the waiting room with power for my laptop and my mighty Mini Verizon wireless access point, so life is good. I read a web based Chicago Tribune story that says United is working on their customer service. According to the story, "As turbulence has buffeted the airline industry, customer satisfaction has dropped for every major carrier except Continental Airlines and Southwest Airlines, researchers at the University of Michigan have found. But satisfaction rates have fallen furthest for United, which ranked last among the largest airlines over two of the last three years as measured by the school's American Customer Satisfaction Index." There may be more to this story, I read a blog post by Kevin Gibbons that claimed the famous United Breaks Guitars YouTube video cost United Airlines a 10 per cent stock drop. Turns out, he was just echoing a post from Chris Ayres from the Times Online. In fact even the Economist posted this as fact. How can one validate such a claim, I looked up United's stock UAUA and there is in fact a drop in the June/July time frame. Dave Carroll posted his story on July 7, 2009. But the drop from five something to three something began in late May, early June. Turns out I am late to the party and other bloggers have pointed out the video cannot be the root cause of the stock drop. However, this is a good time to remind ourselves of the 6 year old rehashed news story taken as fact that literally trashed United's stock. According to Wired, "A worker at a Miami investment advisory firm called Income Securities Advisors, which publishes news alerts that get distributed through the Bloomberg News Service, did a Google search on bankruptcies this morning and got back search results that included a six-year-old story published in the South Florida Sun Sentinel about the 2002 bankruptcy filing by United Airlines.

The employee mistook the news for a current story — despite the date clearly marked on it (see update below) and other information in the article “that would clearly lead a reader to the conclusion that it was related to events in 2002″ — and included it in a subscription newsletter that was distributed through Bloomberg." What was the reporter looking for? According to LA Times, "Richard Lehmann, who publishes the Income Securities Advisors newsletter, said his firm focuses in part on bonds of troubled companies. One of his reporters routinely searches the Web for news under "bankruptcy 2008," he said. That search on Monday morning found the UAL story on a Sun-Sentinel news page with a Sept. 6, 2008, date. And, some people got badly hurt; the stock dropped from about 12 to 3. All good reminders to be careful believing what you read on the Internet, and think seriously about setting stop loss triggers if you hold individual stocks.

In other news, a United Airbus made an emergency landing this morning according to the Denver Post. And, finally, according to Hapi, "Beginning this week, on trans-Atlantic and trans-Pacific flights, as well as those to and from Brazil and Argentina, customers seated in United Business will receive kits containing Murad Skin Perfecting Lotion, while customers seated in United First will also receive Soothing Skin and Lip Care and Pomegranate Body Lotion." Gosh, I am flying to London the day after Thanksgiving, I will let you know if the lotion makes my skin perfect! Business Travel Guru reports United has inked a deal with ExpressJet for a bunch of the United Express flights.

Back to our trip: United rebooked us, since UA 68 was late, and we would miss our connection to UA 966 , but it was onto a plane that we had no possibility of catching. Because of the Verizon MiFi, I was able to get online and use United's own 1K help desk. Apparently United had realized we could not make the connection, so they rebooked us when we checked in. Except the plane they rebooked us on had no chance of making the connection either. So, I pulled up the United Airline Status tool for my original flight and the new flight which showed we landed an hour after the flight they rebooked us on would take off. So, they put us on UA 946. They were able to honor our previous upgrade to first class, but we were put in the bulkhead seats (1A and 1B). Kathy has a 37" inseam, so she is not big on bulkhead seats, but we made it. The flight crew was very nice. I think it is true that United Airlines is trying to improve their customer service. I read notes from time to time; "United sucks", "United has lost my business," and so forth. In most cases I can match your horror story with an equal or better one. But they want to try. All I can tell you is that if you fly United and you see someone trying, thank them, blog about it. The flight crew in First Class kept my water glass full, just like I was at a top quality restaurant. I know about the recession, flew several hundred thousand miles during the cutbacks, but I choose to be optimistic that United's new focus on customer service will make life just a bit easier.

Kathy and I had to split up when we landed. She is going to Amtrak and I have to zip up to Bethesda for my meetings. We took the SuperShuttle. As I explained to Kathy, a Taxi is quicker, but they are often fairly crazy drivers. My experience with SuperShuttle is you trade 30 minutes more travel time for a safer feeling experience. Well . . . things got interesting when the Svobodas showed up on my shuttle (Dean Svoboda is a key player in the SANS Technology Institute ). The conversations were quite stimulating, one guy was a courier for bone marrow, it is a volunteer position, but they pay your flight and hotel and such; and a lady was also in the medical profession and a global traveler, so we talked about the Far East, the Middle East, Europe and adventure. It had been almost 24 hours of airport /airplane food, so when then dropped me off at the Doubletree Bethesda, and I finished checking in, I reported for duty at Guapos, my favorite Mexican Restaurant chain; I munched down a quail fajitas, ate half the spicy pepper, although it took two Negra Modelos to accomplish the task, and went back to the room to crash in a deep, deep sleep. I set multiple alarms, that was my last conscious act, since it will be a new time zone for me in the morning.

[Tuesday, November 24, 2009] Bethesda Maryland

We have been holding our meeting in the Bethesda Doubletree and I must say, this is a great meeting hotel. They have fantastic facilities for small groups, the price is reasonable, what is not to like. The rooms were very clean, the breakfast ( included for meetings ) was continental, but well done. The lunch they supplied was basic sandwich stuff, but they were creative about that; for instance, mini Reubens with the sauerkraut optional. The meetings have gone well I think. They have an interesting way of concluding, the team lead reads the report, then everybody stands up, shakes hands with one another and leaves, no discussion on the report happens. Suddenly, I am sitting in an empty room, it is three hours before my train, a bit too early to go to Union Station, so I hit the email Inbox for a short time.

The taxi from the Bethesda Doubletree was $30.00; I would have taken the Metro because they are both on the Red Line, if I recall, but I am packing very heavy. This is a 30 day trip and I wanted to bring my long sleeve t-shirts from Hawaii, where I never wear them, to Virginia, where they are a blessing in the colder weather. Kathy had warned me that I would not be able to check my bag on the Amtrak, but I just did not believe it since I had a business class seat. Kathy was right. Had to wander around the train station with three very heavy bags, but I tied my carry on to the suiter and it worked. I found a gap in the Sbarro restaurant barrier large enough to stick one suitcase through and dragged the others through the restaurant to meet it. I had a spinach filled pasta that was a bit bland, but I hit it with some garlic powder and it worked out. Across the way was an older African American woman sitting on her bags and asleep. Her hat had fallen off and was in the hallway, so I picked it up and set it on her suitcase. I don't know why, but I felt moved to put a $20 dollar bill in it and said a quick prayer for the lady. When I was done, they still had not posted gate information even though the train was only a half hour out, so I piled into Union Station Shoe Shine with my fall bag collection.

I bought a pair of Skechers pull on, pull off boots a while back. They were unfinished leather, but I was thinking about outside tasks. My contractor Luis was doing maintenance on our storm shutters and he ended up soaking my boots and they mildewed. I figured that was it for the boots and was going to toss 'em. He found out, took them home and polished them, so I tried wearing them on the flight from Hawaii. They are pretty comfortable and easy to get on and off, no laces, which is great for the airport. So, I thought it would be fun to get them cleaned up. The guy at the shoe shine stand was very personable and did a fantastic job. I do not know how this will end, my experience is that once leather mildews you cannot save it, but I am styling tonight.

The train #85 Regional was on time. It was pretty crazy getting my bag collection down the train station, but a conductor helped me lift them up. If I can get them into the station at Richmond, I am home free, Kathy will pick me up. I like the pace of the train, it is slow, but there is power for your laptop and for much of the way, my Verizon MIFI can get online. Make no mistake about it, those Verizon TV commercials about so much coverage are not entirely correct.

[Friday, November 27, 2009] Headed for London

We are sitting in the Richmond VA airport (RIC). I started to use the airport's free wireless, but NoScript was going nuts. Google's certificate was invalid, hmmm, somebody needs to check that network out for some man in the middle action; my current security setting go ballistic in a proxy environment. The driver from James River Limo, Terry, had a "I will never fly United Airlines again story" which he shared after I told him which airline I was flying. He was flying business class and the flight attendant would not help him hang his suitbag. He was trying to do it in the closet and his arms were full and it was hard and he didn't want to drop anything on the floor and the line backed up and people yelled at him. I hate to hear stories like that. And the crazy thing, he claims he now has a million miles on Delta, ouch United, remember, every employee is a potential ambassador. Had the turkey burger in the airport at Cheeburger Cheeburger, surprisingly good. Flight UA7994 was on time, some clouds and showers, but isolated, great day to fly. We holed up in the Red Carpet lounge at Dulles (IAD), got online and started answering email, don't want to be behind before a long flight, but the good news is that tomorrow is Saturday and the world slows down a bit. We were unable to get an upgrade and I am not sure what the food situation is, so Kathy and I will head to the Subway in Concourse D and carry something onto the plane.

We got Subway sandwiches and took them on the plane. They serve food, but I wanted an alternative in case it was pretty bad. At the Red Carpet lounge, I asked if we had any chance of an upgrade to Business Class. They said no, we did not pay enough for our ticket on this particular leg, not that we were warned when buying the ticket and ALL the other legs are upgradeable. So I asked if I could pay more and upgrade the class of ticket. The lady in the Red Carpet Lounge said yes, she thought it would be about $300 per ticket. That is a lot of money, but I was really tired and creaky that day, my back was very stiff, and I thought, "What the heck, I'll splurge". But then when she brought in the fare experts in Chicago, they wanted $1,400 per ticket for that one leg. That is because it is an "outbound leg and there are fare rules". And, guess what. The entire middle section of business class was empty. I kid you not, they sold the window and aisle seats, but the entire middle section of a 777 was empty and I would have paid $600 for those two seats. I understand that you need business logic, that an airline has to have rules; I get that. On the other hand, the people in your Red Carpet Lounges tend to be dealing with United's better customers. They called the specialist office, here are two 1K fliers traveling together and Business Class is near empty. Don't be stupid United, don't trash your best customers while leaving money on the table at the same time. That is exactly how you go back into bankruptcy and then I am holding the bag with 330k miles accumulated that can never be used for upgrades. Have I mentioned that every employee is a potential ambassador? I hate the survey site, they ask too many questions, but think I had best invest the time because I doubt United reads my blog; otherwise, United will never know, and if they do not know, they cannot improve. Sigh. Flight (UA 918) was OK, the crew did bring water, but I think without my own water bottle I would have been hurting. The seats (Economy Plus, 21A and B) were OK, but got a bit small on a seven hour flight, thankfully we had a tail wind. The movies were terrible, I do not blame United for that, the entire crop of movies out there right now is pretty bad. We bought the movie package in our room in London since I am buying in-room Internet anyway, and it wasn't much more to add the movies. So, I read a book on the flight, Sarah Palin's Going Rogue; I will blog a book report later, but the book reads well enough and certainly helped pass the time.

[Sunday, November 29, 2009] Rainy day in London

Saturday in London was a nice day. We did not sleep on the overnight trip from the States so we crashed in the hotel and slept a few hours; we got up at noon, hooked up with Suzy and went to London Bridge and Tower of London. Then, Suzy wanted to have lunch in a pub, so we tried The Artful Dodger, but they only have sandwiches, so they recommended The Brown Bear, 139 Leman Street, London, E1 8EY. The Brown Bear serves classic pub food, but they specialize in Thai food. Suzy and Kathy both ordered spicy dishes; Kathy got the red curry and Suzy got something off the charts. They both liked their dishes, Kathy ended up needing half my beer to finish her curry and Suzy only drank half of her Strongbow cider. I ordered the Thai fried rice and that is forgettable, get the curry. Then Kathy and I headed back to the hotel, Suzy continued the adventure. We are staying in the Crowne Plaza London Docklands. I like the hotel, they have a pool, and workout room, it is close to the Excel Centre and the Custom House light rail stop. Breakfast is included in the rate, and they do a good job. The room is incredibly large by London standards. There is some airplane noise from the nearby London airport, I think that is Gatwick. By the way, if you are going to London, I found this incredible web site for getting around the city, found it using Google images. At night we used our movie package, the only new movie we had any interest in was The Public Enemy, but neither of us finished it. We watched The Great Gatsby before that. So much for cheery movies.

Sunday, we got up and London looks more like London, cold and rainy. Just as well, my primary focus for the day is writing, and nothing motivates a writer more than rain.

[Wednesday, December 02, 2009] More rain and cold

Tuesday, during the day was sunny and cold, but the wind was still, then it turned wet and cold as evening came. There was even a brief moment of snow. Eric Cole and I ate at China Palace. Good, but frightfully expensive. I had their special fried rice, Eric had the steamed sea bass. The service was perfect, plenty of room between tables, nice understated serviceware. Tonight was SANS Community Night and I got to meet some great people. In particular, I enjoyed the talk with Gerry O'Neill and Ian Glover. Gerry is the CEO of The Institute of Information Security Professionals. Their focus is on professionalism in information security so I wish them the very best, and if I can help them get a toehold in the US, I would like to do that. Ian Glover is the President of the Council of Registered Ethical Security Testers and again, I like what I am hearing; not only do they validate a pen tester's skill, but they also have high ethical expectations. I would like to see them operate in the USA as well.

[Friday, December 04, 2009] Sunny day in London

Today was the last day of class, I think it went well. After class I caught up on email for a while. Teaching at SANS is a privilege and I need to try to keep my business responsibilities in order. However, Kathy and I were lucky enough to slip out for a bit to visit Taste of Christmas. We sampled some lovely cheeses. I wasn't interested in any alcohol, but we did stop by Fentimans LTD and tried a couple of their botanically brewed beverages and spoke with their representative Kirsten Salter. These are old school style sodas, quite good, and other than the sugar, good for you. They are going to be marketing their product in the USA, so keep an eye out. Then I met with Maury Shenk, he was teaching the legal day in Security 508 Forensics. We had a wonderful chat and a less wonderful warm chicken salad at the Fox Excel. Finally I went back to the Excel Centre to say goodby to the London conference team, Andrew, Terry, Garreth and Barbara, what a great crew. Finally, we setttled into our room at the Crowne Plaza for our last night. I am fading fast so I packed tonight, and I am going to veg out.

[Saturday, December 05, 2009] An unfortunate day to fly

Everything started off well. The Crowne Plaza had us on the master account (people who checked out earlier than us had to sort that out). The car we hired was on time, traffic was very merciful for London and it was a good price. We found our way to the Star Alliance Lounge and the Internet worked. I will say the gates at London Heathrow leave something to be desired; for instance, no bathrooms and insufficient seats for people, but I like standing up anyway, long plane flights involve a lot of sitting. Kathy and I got upgraded on United, yayyyy. You have to burn your systemwide upgrades to do it, each 1K ( 100 thousand mile flyer ) gets 2 for a year. Long flights are much better in business class. The food was so so, I had the filet with merlot reduction because it is so easy for chicken to be totally dry. Until I ran out of merlot reduction sauce it was edible, but after that I wiped out my green beans and left the rest of the beef. The bread was like cardboard, so I got up and got a seond helping of nuts. I read for four hours, or half the flight, and then turned on the movies and watched Inglouris Basterds, a historical revision piece about Paris in the Nazi German occupation. It helped pass the time, keeps you on the edge of your seat. I also saw part of some strange alien movie called District 9 where a guy grew an alien hand that let him use alien weapons. I no idea what the movie was called, but when I tuned in there was a lot of shooting going on which passed the time; after it was over I had time to watch the beginning, so I watched the movie backwards and saw most of it. It is different, I have to hand you that; I actually think I would watch it again. I love the irony related to the prejudice at the beginning of the movie.

And then we landed . . . in snow. We got off the 777 and had to clear Customs, there was a huge line. Then we had to get our bags and recheck them. United took forever, as in over an hour, to get the bags to the bag check. I do not blame them, the snow was apparently making a mess of things. While we were there, we called the United 1K desk and found out our next flight to Richmond was canceled, and then the lady hung up on Kathy. So I called back, it is really hard to get through to the reservations robot at United in a noisy area because they want you to say your frequent flyer number and the robot cannot understand you over the background noise. Worse, it couldn't understand when I punched it in with the keypad - that REALLY needs to get fixed. Anyway, I got a reservations person that confirmed our flight to Richmond was canceled ( third time this year a Richmond flight has been canceled ) due to "extreme" weather. I asked if we could be rebooked and she put me on hold, then returned and told me no. After an hour our bags came and then we had to stand in an even longer line to recheck our bags and then go through security to get into the airport even though we were not going to be able to fly. Then we stood in an even longer line to get a $250 dollar cab ride to Richmond Virginia. We landed at IAD at 3:30 P.M. and got in a taxi at 7:45 P.M.; the rest of the time was standing in line.

Taxi drive went fine, traffic was light, the driver spoke English well and had a few stories. He was born in Lebanon and is an Arab Christian so we listened to Christmas carols on his radio as we headed south. We got in a bit before 10 P.M. Fortunately, I had stashed a nice bottle of red wine and some pre-cooked rice from Trader Joes before we flew, and we had eggs in the fridge and frozen veggies so we had a simple, but welcome dinner of fried rice. Then I set up my computer and put my cell phone on charge and called the United Airlines 1K desk. Even though they canceled the flight, I know if I do not show up for the flight they rebook me on, they will cancel the rest of my reservation ( the part that evenutally gets us back to Kauai ) and this close to Christmas, having that happen would be a disaster. Next, I tried to explain about my bags that they made me stand in line to recheck. Sharon of the 1K baggage desk tried to tell me that they do not file reports for weather related events, meaning apparently, that I have to go to whereever United puts my bags and pick them up. But, she called Dulles and they agreed to file a report. She told me that the earliest flight the bags could arrive on was noon the next day, but at 6 AM Kathy's cell phone was ringing and a lady was in our driveway in Richmond with the bags.

The bottom line, for Kathy and I, things worked out OK. Since they dropped that leg of our flights, the refund will cover at least half of the taxi ride. However, I have a strong sense that for many travelers, Saturday was an unfortunate day to fly; and on Sunday, I suspect there are a lot of people trying to get out of Dulles on standby.

[Wednesday, December 09, 2009] On the train to #SANSCDI

The days in Richmond were good. I drove up to the SANS East Coast Network Operations Center on Monday. What a great crew of folks. The biggest issue is trying to get the next generation data center started. Lots of phone meetings and then at night, time with family. I haven't posted a recipe in a while so here is a great one that is easy. Sign up for the sweet potatoes for the holidays and they will love you for it!

Sweet potato and fennel
Take five sweet potatoes or yams, peel, cut in slices, microwave for ten minutes or until partly soft
Cup of water in a pan, medium high heat
Dice a fennel bulb, toss in water, add sweet potatoes to pan
Add a pinch of ginger
You could stop right there, but a small amount of sea salt can help
You can also add some vanilla, but be modest, very modest

We are riding the Amtrak to Washington, had more trouble with the Verizon MiFi than usual, but we are online a lot of the time. Feels good to keep getting work done. We are headed for the Marriott Wardman Park, one of my favorite hotels, and I stay in a lot of hotels. We had to pack to make sure we will have the clothes we need for New Orleans in January at SANS Security East, so coming in a bit heavy, but not as heavy as I was going down to Richmond.