Awesome debate on fear and security

Bruce Schneier has a great piece on fear and logic and the nuclear industry.

The best part is the comments. In the comments, you can really see some of the interplay between fears based on facts and logical reasoning and fear based on raw emotions.

It is interesting to see how some commenters compare the risks to other things that we accept as "normal" or "reasonable" VS those commenters who try to support their comments with gut feeling and fear-mongering.



Metasploit Tutorials...

Offensive Security is hosting a series of tutorials related to using the Metasploit framework.

I haven't had the chance to take a look yet...but they sound promising.

These are being released in support of the Hackers for Charity project that Johnny Long is associated with...from the tutorial homepage:

"This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework."


Most common passwords

Good article on Wired.com about the results of an analysis of passwords used by Hotmail users...
Out of about 10,000 passwords that were studied, the most common was:
Some of the others showed signs of cultural bias, that reveal potential geolocational evidence...i.e. the large number of Spanish names.



Battle against the dark side...

One of my students made a very interesting comment the other day...about wanting to engage in battle against the dark side.

So what does it mean to engage in battle against the dark side? There are very direct and flamboyants ways to do so. Presuming you work for the government, you may have these exciting jobs:

  • hack the computers of the enemy to steal info and plant malware in case of cyber-warfare
  • monitor the behavior of the enemy as they attempt to hack your systems and find ways to shut them out
Presume you don't work for the government? There are other ways to combat the enemy and even though they do not sound as glamorous, they are none-the-less critically important to the safety and well-being of the nation.
  • keep your own systems safe from the bad guys so they can't be used as a springboard to launch other attacks
  • improve the tools and training used by others in the field so that collectively there is a greater impact on the infrastructure as a whole
  • educate the computer illiterate on safe computing
One interesting issue about the dark side...that all depends on your perspective:

When sponsored by a government, the exact same behaviors go from being illegal to being completely legal. For example: if a U.S. civilian hacks the U.S. Department of Defense, it is a crime. If a U.S. soldier, while under orders, hacks the Russian Ministry of Defence, it is simply good military strategy and perfectly legal in the eyes of the U.S. Government. But...the Russians might not find it so entertaining...