Thursday, December 31, 2009

Looking forward to the new year

I don't usually prognosticate or give thoughts about plans for the new year. I don't make New Years resolutions. However, since I have some time today, I thought I would organize some thoughts for the new year. They're not necessarily in any order, just the order that I thought of them.

1. I'd really like to grow my business. Especially in the forensics arena. It's what I love. I like the IR side, but I want to to grow the forensics business.

2. I think I'll be busy with the government side of work. I like it; and I've embraced the DoD, and I think I'm finally figuring out all the DoD regs. Whatever that means, I can count on the regs changing. I have a great boss there, and I work with a great team. But, I'd be lying if I said I wouldn't want to work in a federal capacity doing forensics. Something like the FBI. But, it would take a lot to move me in that direction.

3. I suspect I'm going to have to take the CISSP. I really don't have anything against it, it's just not a cert that I'm really thrilled to get.

4. I don't think the threatscape will change, I suspect it will only get "worse." And in that regard, I suspect that all of us, as IT Security warriors will stay busy and challenged through out the year.

Happy New Year!

Tuesday, December 22, 2009

Nostalgic, yet sad

My credit card was caught up in this hack. That was a long time ago, and I think I've since dropped that credit card company. I remember thinking I would never do business with Egghead again. Then, they went under. Now, they're NewEgg. And I've bought items from them recently.

I can't remember how I came across that link, it must have been linked in a story in my news reader. 2000....seems like a long time ago.

Thursday, December 17, 2009

SANS GCFA certified!

I sat for and passed the GCFA exam today! All the studying was worth it, as I passed with an 88%. I was shooting for over a 90, but I'll take it. The exam was definitely challenging, but if you study the books (and know where the information is in the books) you'll do ok. That, and it helps if you are passionate and really like the material.

I'll probably take the rest of this year off from studying, but it will be back to the grind after New Years. It looks like the next cert to go after will be the CISSP.

Friday, December 11, 2009

More required reading...

I'm not currently working in a cubicle, but I've put in my time working in numerous cube farms. (I don't have a problem with cubes, I'm just fortunate to have an office this time around.) But, I have guys in this office that are heavily armed with Nerf guns. While I don't have a Nerf gun at the moment, this book may just help me out. I think it's awesome that the author has cataloged great weapons that can be easily hacked together.

So, I've put this book on the reading list.

Thursday, December 10, 2009


By sheer coincidence, my cell phone plan was up just a couple of weeks ago. I've been using a Motorola Q for the past two years, and it has been "ok." I was never a real fan of the Windows OS, and I saw that Motorola had discontinued the Q line. In looking around, I thought about getting a Motorola Droid. What cinched the deal was the fact that I could get the Motorola Droid and the HTC Eris (for my wife) for only $99. That's both phones for $99. Sweet deal. The only real expense would be in ponying up for two data plans.

So, do I like it? Heck yeah. It's a cool phone that does much. Sure, the keyboard takes some getting used to, but I'm almost there. The screen is awesome, and I don't have it at full brightness. One thing I need to get used to is that I can't have the phone vibrate when I get a text, it has an audible tone. The setting must be there, I just have to find it. I haven't had a chance to fool around with the GPS yet, and I haven't installed anything from the app store yet, either. I'm trying to casually look around so as to query the privacy/security settings on it. Yes, I know it has been rooted already, but I don't think I'm going to take that road yet.

I would defintely recommend the phone. Call clarity has been great, and no dropped calls (not that I really had any with Verizon.) I was never a big fan of the "blackberry-type" phone as I didn't use the phone for business or business apps. And, while the Moto Droid is considered a "smartphone," I consider it more of a social "smartphone." I'll add another post after I've played around with it for a bit.

edit: I found the setting for vibrating on texts. I'm probably going to get in trouble with this phone as it does so much.

Monday, December 7, 2009

Impending System of Fail

I just got word of a system I'm probably going to be testing.

Sun Solaris 2.8
Oracle 9i
Windows 2000 Professional, SP3
IE 5.5
MS SQL Server 7 (With the latest patches) <---their comment
Oracle 8i client
And workstations comprised of NT and Windows 95

Do I really need to go, I could probably start writing this up now.

Saturday, December 5, 2009

At least the incident plan worked....

I was out testing this past week, at a great site. Unfortunately, it was very difficult to work in the office that we were allotted. The building was undergoing massive renovation, and our office seemed like the hub of network activity. When the workers were not stringing CAT 6 cable, there was constant drilling; putting dust everywhere. And, if that wasn't enough, the fire alarm went off in the middle of running some tests. There's nothing like a high ranking officer kicking you out of the building, into the cold, with active tests running.

Moments later, the fire department gave us the all-clear to return.