ISSA Milwaukee June 2011 Meeting

Yesterday afternoon I attended the June 2011 general meeting of the Milwaukee Chapter of the ISSA. The meeting was held at the New Berlin Ale House and was well attended by approximately 30-35 people.

The guest speaker for the meeting was Robert Clark, Eastern US Channel Manager for TriGeo Network Security, and the topic was, “What Can a SIEM do for You?” “SIEM,” of course, stands for “Security Information & Event Management.” Mr. Clark’s talk was relatively quick and not very technical, but he did bring up some useful questions to ask your SIEM vendor, including:

  • What does the solution have to offer out of the box and does it require several modules to meet your requirements?
  • Are there any ongoing professional services and what are the costs?
  • Will you need to provide the hardware?
  • Is the data evaluated in real-time or is it primarily a forensics solution?
  • Does the correlation engine process events in memory or query the database?
  • How intuitive is the interface? Can you easily build or customize rules, filters, etc.?
  • How long is the implementation process and does it require on-site technicians?

Two of the attendees explained how they evaluated SIEM solutions. Their advice was to commit to developing an in-house expert; otherwise professional service fees will eat your budget and you’ll never get a proper ROI on a SIEM solution. One person suggested this might be a valid reason for some organizations to consider a Managed Security Services (MSS) solution.

One attendee also suggested following Anton Chuvakin’s Blog, as he frequently blogs about SIEM.

In all, it was another successful ISSA Milwaukee chapter meeting and a great opportunity to network with other information security professionals in the area.

Lock Found, Lock Picked

Today while driving, I spotted a large Master Lock laying in the middle of the road. I stopped and picked it up. It appeared to be a locked Master Lock No. 5DLFPF. I took it home and picked it within three minutes! Thinking I was all bad and stuff, I did a little research to find out it is only a 4-pin lock and very easy to open using shims. Still, it was fun to find a lock and be able to pick it so quickly. I guess my practicing since learning to pick at DEFCON 18 has paid off.

OWASP Chicago Meeting

Yesterday afternoon I drove from Milwaukee to Chicago for my first OWASP Chicago meeting. The meeting was hosted by Morningstar and held in one of their spacious auditoriums. This particular meeting was conducted in the ‘lightening talk’ format with six speakers each talking for 10-20 minutes. The Master of Ceremonies for the event was Mike Tracy of Matasano, who is one of the leaders of the OWASP Chicago chapter. Mike did a great job of keeping the meeting on track and on time.

The first speaker was Tom Brennan of Trustwave and a member of the OWASP Board of Directors. Tom’s talk, “OWASP – Where We Are and Where We Are Going” gave the big picture perspective and talked about the achievements of OWASP to date and plans for the future. Unfortunately, due to traffic, I arrived a bit late and only caught the end of his talk.

Next up was Peter Morgan, also of Matasano, who gave a quick introduction to Buby, a “mashup” of the popular Burp Suite from PortSwigger and JRuby. Peter talked about installation, useful libraries, and extending functionality with modules.

Dan Crowley (@dan_crowley), also of Trustwave, gave an interesting talk titled, “Jack of All Formats.” He talked about how multiple files can be put into a single file by manipulating extensions, headers, start and stop markers, etc. Dan also gave a few examples of the security implications. His talk was so interesting Mike Tracy suggested he come back soon to give his talk in a full-feature format (instead of being limited to 10-20 minutes).

Next, Greg Ose (@gose1)talked about Exploiting Cross-Subdomain Cookie Setting Session Fixation (XSDCSSF), and Jacob Kitchel talked about “Code Auditing by a Dummy.” Jacob’s approach to his presentation was unique in that he described his attempt to solve a SpotTheVuln challenge as a movie plot.

Last up was the ever-popular Rafal Los (@wh1t3rabbit and @rafallos) of HP. Rafal’s talk, “Software Security Reality” spoke about the three pillars of software quality: functionality, performance, and security. His final slide talked about four keys to software security: process, education, automation, and governance.

In all, it was an excellent meeting and the lightening talk format kept it interesting. Kudos to the speakers, to Mike for organizing the event, and to Morningstar for hosting it!



I’ve created an About.Me page. It’s at

No, I don’t want to fight you … I just want to defend and protect sensitive information and critical systems :-)

The About.Me splash pages are an interesting idea and maybe that’s why AOL just purchased them.

But, I don’t see the longevity in it. If it catches on, won’t most blogging software just add splash pages as a feature?

And, how is AOL going to make money on About.Me? Who’s going to want advertising on their splash page? Who’s going to want a link to AOL on their splash page?

Defining Information Security Risk

Years ago I wrote a definition of Information Security Risk that still seems to work well for me. Here it is:

Information Security Risk is a function of (a) the likelihood of a specific threat-source exploiting a specific vulnerability in a specific information system and (b) the resulting impact of that event on confidentiality, integrity, and availability.

Do you have a different definition of Information Security Risk? Please add it as a comment!

Dell Keyboard Troubleshooting

A few days back someone spilled a small amount of ice tea onto one of our Dell L100 keyboards. This was a relatively inexpensive keyboard that came with a Dell Inspiron home computer.

The Dell L100 Keyboard

After drying the keyboard as much as possible, I let it sit for a day or two to dry even more. But, when I tried it on a working system, every key worked except the “Space” bar. Being an occasional hardware hacker, I wanted to see if I could fix it. My first step was to take the keyboard apart to see if there were any obvious problems. Here’s the inside:

Bottom half of keyboard with top cover and keys removed.

Considering how simple the switches were, I figured it must be something more complex, like the small circuit board:

Internal "logic" board.

In order to figure out which pins on the connector represented the Space bar, I had to follow the conductive traces around the clear plastic “circuit boards” inside the keyboard. Thats when I found it … a small area where the ice tea must have eaten away at the conductive traces making the Space bar inoperative:

The conductive traces (to the right of my thumb) had been eaten away by ice tea spilled on the keyboard!

To confirm the traces were broken, I used a multimeter. I tried to repair the conductive traces using a pen with “metallic” ink, but the traces were too small and pen was too wide.

At this point it was clear the keyboard could not be repaired.

Having served its final purpose – reminding me that I still have useful hardware troubleshooting skills – I tossed the keyboard the trash and turned my attention to buying a new one online.