As any regular reader to this blog knows, I'm working on my Master's degree. I've been used to high tuition rates and have even come to expect them as I am in a graduate program. After I filed my tuition assistance paperwork and G.I.B. top-up to pay for the tuition bill, I hopped over to the on-line book store to get my books. As I logged in I froze momentarily. It was as if hundreds of voices all screamed out at once, and then where gone forever. No it wasn't mystical cry felt through the Force as some evil galactic empire showing off some new planet destroying weapon but rather my wallet and bank account screaming in abject terror at the price of books.
I'm taking two classes this semester and each class is requiring two books, that's four books total. Not usual at the graduate level, but I'm expecting the average cost of each book to be around $40 may be $50. No such luck. the total cost for this semester's books over $350.00 and that's finding them on sale via Amazon.com rather then from the school book store. (BTW not to plug the site but if you are a college student and have to buy books, you really need to check them out!)
Having to pay tuition is one thing I understand this but getting further raked over the coals via needing a special book?
But wait the coal raking continues. I've convinced a co-worker to go back to school and get his Master's as well (same major/program). He start's this semester and is taking one of the classes this fall that I took in the spring. We did some figuring and it looks like he would be one semester behind me the whole way through the program. Since we're both low payed NCOs made what we though would be a smart economical gentleman's agreement that if I didn't want any book from the current semester, I would be careful and not mark up the books much and sell them to him at half the book store price. (It's just a little more than what the book store would give me but less then he could buy the for.) Great sound like a very great plan for both of us right? And you would be correct except for one minor problem, they decided to change books between semesters, so no such luck.
As I sit here seething, since there is not much I can do about this issue since well I like my school for the most part and really want to get my Master's, all I can do is help publicize the Open Text Book Project.
Well till next time,
Ish
P.S. in case you haven't heard the MBTA's motion's have been denied and the MIT students have been cleared. If I get the time I'll expand on this topic later, in case you don't want to wait check out Groklaw . Here's a link to the PJ's article containing the decision: Judge Lifts Restraining Order: MIT Students Win - Updated. The short of it according to the EFF is:
"The judge today correctly found that it was unlikely that the CFAA would apply to security researchers giving an academic talk," said EFF Staff Attorney Marcia Hofmann. "A presentation at a security conference is not some sort of computer intrusion. It's protected speech and vital to the free flow of information about computer security vulnerabilities. Silencing researchers does not improve security -- the vulnerability was there before the students discovered it and would remain in place regardless of whether the students publicly discussed it or not." Judge Lifts Unconstitutional Gag Order Against MIT Students
Friday, August 22, 2008
Saturday, August 16, 2008
MBTA vs MIT Students
A lot has already been written about this subject so I'll try not to repeat it.
My only real bone on contention with the decision by the Judge to grant the TRO. A little background is in order, the TRO motion was filed on Aug 8th and granted on Aug 9th. The students in this case were set to present on Aug 10th. All seems okay right? Here's my bone of contention: Defcon pre-registration began on Aug 7th about noon.
Why is this important? For those that have never attended Defcon, when you pay your fee, you get this year's badge, a schedule, and a CD containing: most of the presentations slides, some music samples, some art work, some of the tools/source code being released, and some other tidbits.
This year, the Defcon folks ordered about 8,000 badges and they ran out of them! That means Defcon had over 8,000 people in attendance this year, WOW, but I digress. (NOTE this figure is probably very conservative since I saw plenty of folks walking around with paper badges, and this figure doesn't include Goons, staff, press, and vendors.) While there was a slight hick-up with the badges (yes besides them not having enough for every one, and some bugs in the code), there was no shortage of CDs.
This year's Black Hat Briefings attendance is estimated to have been around 4 to 5 thousand people all of whom received free tickets to Defcon. Even assuming only people from Black Hat took advantage of pre-registration and only half of which did so. This would mean that on Thursday Aug 7th about 2.5 thousand people (me included), pre-registered at Defcon and received CDs. Lets say that half to three fourths of the rest of the Defcon attendees registered on the 8th.(about 2.75 to 4.125 thousand people) Adding these two figures together you have probably a very conservative estimate of the number of people who received a Defcon CD by midnight Aug 8th. This would mean that: before the motion was even filed about 2.5 thousand people had Defcon offical CDs and about 5.25 to 6.625 thousand people had them before the Judge ruled in the case. (Note this doesn't take into account all the copies being made and sent out to friends, colleagues, etc.)
Why is all this important information and just where am I going this with this line of thinking you ask? I'll tell you: As mentioned previously the Decfcon CDs contain most of presentation slides, and a quick look at the CD by even the average noob/computer user, 5th grader, etc, that the slides from the MIT students WERE one of the presentations included. So, before the TRO motion was brought the court about 2.5 thousand people already had most of the information the MBTA sought to suppress and about 5.25 to 6.625 people had it, before the Judge was able to rule.
To summarize: before any TRO motion was filed, about 2.5 thousand of the very people the MBTA didn't want to have the information contained in the MIT students slides, had it and about 5.25 to 6.625 thousand people had it before the Judge OK'ed the suppression.
Talk about trying to close the barn door after the horses have been already escaped.
(We won't even get into the rapid speed these slides would have been copied, sent out, and posted to as many people/web sites as possible, by pretty much every Defcon attendee, once word got out that someone was trying to suppress the information).
Till next time.
Ish
My only real bone on contention with the decision by the Judge to grant the TRO. A little background is in order, the TRO motion was filed on Aug 8th and granted on Aug 9th. The students in this case were set to present on Aug 10th. All seems okay right? Here's my bone of contention: Defcon pre-registration began on Aug 7th about noon.
Why is this important? For those that have never attended Defcon, when you pay your fee, you get this year's badge, a schedule, and a CD containing: most of the presentations slides, some music samples, some art work, some of the tools/source code being released, and some other tidbits.
This year, the Defcon folks ordered about 8,000 badges and they ran out of them! That means Defcon had over 8,000 people in attendance this year, WOW, but I digress. (NOTE this figure is probably very conservative since I saw plenty of folks walking around with paper badges, and this figure doesn't include Goons, staff, press, and vendors.) While there was a slight hick-up with the badges (yes besides them not having enough for every one, and some bugs in the code), there was no shortage of CDs.
This year's Black Hat Briefings attendance is estimated to have been around 4 to 5 thousand people all of whom received free tickets to Defcon. Even assuming only people from Black Hat took advantage of pre-registration and only half of which did so. This would mean that on Thursday Aug 7th about 2.5 thousand people (me included), pre-registered at Defcon and received CDs. Lets say that half to three fourths of the rest of the Defcon attendees registered on the 8th.(about 2.75 to 4.125 thousand people) Adding these two figures together you have probably a very conservative estimate of the number of people who received a Defcon CD by midnight Aug 8th. This would mean that: before the motion was even filed about 2.5 thousand people had Defcon offical CDs and about 5.25 to 6.625 thousand people had them before the Judge ruled in the case. (Note this doesn't take into account all the copies being made and sent out to friends, colleagues, etc.)
Why is all this important information and just where am I going this with this line of thinking you ask? I'll tell you: As mentioned previously the Decfcon CDs contain most of presentation slides, and a quick look at the CD by even the average noob/computer user, 5th grader, etc, that the slides from the MIT students WERE one of the presentations included. So, before the TRO motion was brought the court about 2.5 thousand people already had most of the information the MBTA sought to suppress and about 5.25 to 6.625 people had it, before the Judge was able to rule.
To summarize: before any TRO motion was filed, about 2.5 thousand of the very people the MBTA didn't want to have the information contained in the MIT students slides, had it and about 5.25 to 6.625 thousand people had it before the Judge OK'ed the suppression.
Talk about trying to close the barn door after the horses have been already escaped.
(We won't even get into the rapid speed these slides would have been copied, sent out, and posted to as many people/web sites as possible, by pretty much every Defcon attendee, once word got out that someone was trying to suppress the information).
Till next time.
Ish
Wednesday, August 13, 2008
Defcon 16 Days 1-3
As mentioned previosuly I'll be posting information concerning specific talks later as I get the time. I would like to mention however for more information about the legal events surrounding the MIT students and the injunction on their Defcon talk go to Groklaw. (Funnest part about this whole affair is that the geniuses over at the Mass Bay Transit Authority, in their zealous attempt to stifle the free speech of some college students, released way more details about the vulnerabilities in open court, which made their way on to Pacer, than the students intended. Again to get the full 411 go to Groklaw, also support the EFF!!!!)
The badges this year were pretty cool: TV turn off with limited file transfer/receive capability. Also of note according to a few people I talked too over 8,000 badges were ordered and despite a hang up in customs, they still ran out! WOW! Only real items of note for me was that I was introduced to Major Majfunction, DT, and Priest by a friend. Despite the Federal injunction this years Defcon seemed to run pretty smoothly. I defiantly like the Riv better than the AP.
Lets see other items of note... Saturday the stillsecure and IO Active Freakshow at the top of the Riv was pretty cool. We left there early and headed to the Edgeos party. Again I played DD and had water most of the evening, not drinking so others
could :) This party was pretty cool except it got crowded quick. We quickly took over a booth in one of the back corners and just chilled out most drinking lots of free drinks. Some noob was snapping pictures with out asking till we schooled him other wise. Word to the wise, if/when you attend Defcon, proper etiquette (yes even at Defcon there is etiquette)states that you ALWAYS ask before taking pictures, EVEN if you are holding a Press badge. The guy was pretty cool about the whole affair and even let us screen the pictures he had taken to delete any we objected to. We called it an early night and on the way out said hi to Major Malfunction as he and a few others were arriving. Sunday was spent going to more talks and simply chilling, packing and getting ready to head home.
Take care and check back in later because over the next few days/weeks I'll be posting more in depth information about the talks from both Black Hat and Defcon that felt were especially interesting.
Ish.
The badges this year were pretty cool: TV turn off with limited file transfer/receive capability. Also of note according to a few people I talked too over 8,000 badges were ordered and despite a hang up in customs, they still ran out! WOW! Only real items of note for me was that I was introduced to Major Majfunction, DT, and Priest by a friend. Despite the Federal injunction this years Defcon seemed to run pretty smoothly. I defiantly like the Riv better than the AP.
Lets see other items of note... Saturday the stillsecure and IO Active Freakshow at the top of the Riv was pretty cool. We left there early and headed to the Edgeos party. Again I played DD and had water most of the evening, not drinking so others
could :) This party was pretty cool except it got crowded quick. We quickly took over a booth in one of the back corners and just chilled out most drinking lots of free drinks. Some noob was snapping pictures with out asking till we schooled him other wise. Word to the wise, if/when you attend Defcon, proper etiquette (yes even at Defcon there is etiquette)states that you ALWAYS ask before taking pictures, EVEN if you are holding a Press badge. The guy was pretty cool about the whole affair and even let us screen the pictures he had taken to delete any we objected to. We called it an early night and on the way out said hi to Major Malfunction as he and a few others were arriving. Sunday was spent going to more talks and simply chilling, packing and getting ready to head home.
Take care and check back in later because over the next few days/weeks I'll be posting more in depth information about the talks from both Black Hat and Defcon that felt were especially interesting.
Ish.
Black Hat Days 5-6
Yes I know the lights have been turned off and even Defcon has come and gone but I was busy and my Internet access limited. I'll summarize the major happenings and post info about specific talks after spending more time reviewing my notes and going through the slides/white papers.
Day 5 well sucked, the reason food poisoning. Not sure where I caught it but I did. The parties last night went by just fine. Me and a few others started at the Secure University get together, where they gave out a free test. We then headed to the Qualys party in the Absolute suit. It started off decently. We then headed out to a third party. At this unnamed third party much silliness ensued. One friend earned a new handle of H1ghh33lz after someone dared him to walk around the party with in them. Not wanting to back down the friend promptly set out to find a pair to borrow, he found a pair and completed the dare. But wait there is more, the person he borrowed the heels from happens to be an editor at a well know magazine.
Waking up with food poisoning sucked. Now many would say it was a hangover, I on the other hand have medical proof other wise. (yes I broke down and went in to a clinic). I spent the rest of the day taking it easy. While I hung out at some other get togethers (the Cisco one was very nice BTW), I simply drank lots of water and played DD.
Day 6: I woke up feeling much better. The talks to day were interesting and I'll post some highlights later. To day was also the final day at Black Hat. The vendor parties were okay, I started out at the Core meet and greet and soon moved on to the IO Active one after the Core one became too crowded. After the IO Active meet and greet me and a few others went over to the Shadow Bar where H1ghh33lz put the nail in his coffin about avoiding the new handle, when him and another friend jokingly walked around the Shadow Bar in another pair of Highheels. The shoes in question were provided by a weeding party that had broken and looking to spend the rest of the night out on the town. Only difference is that this time not only did we get pictures of the event (well the weeding party did and will hopefully be sending them on) but H1ghh33lz kept the shoes.
Finally on to Defcon. As with the rest of Black Hat I'll summarize the major events and expand on specific talks/topics as time permits.
Ish
Day 5 well sucked, the reason food poisoning. Not sure where I caught it but I did. The parties last night went by just fine. Me and a few others started at the Secure University get together, where they gave out a free test. We then headed to the Qualys party in the Absolute suit. It started off decently. We then headed out to a third party. At this unnamed third party much silliness ensued. One friend earned a new handle of H1ghh33lz after someone dared him to walk around the party with in them. Not wanting to back down the friend promptly set out to find a pair to borrow, he found a pair and completed the dare. But wait there is more, the person he borrowed the heels from happens to be an editor at a well know magazine.
Waking up with food poisoning sucked. Now many would say it was a hangover, I on the other hand have medical proof other wise. (yes I broke down and went in to a clinic). I spent the rest of the day taking it easy. While I hung out at some other get togethers (the Cisco one was very nice BTW), I simply drank lots of water and played DD.
Day 6: I woke up feeling much better. The talks to day were interesting and I'll post some highlights later. To day was also the final day at Black Hat. The vendor parties were okay, I started out at the Core meet and greet and soon moved on to the IO Active one after the Core one became too crowded. After the IO Active meet and greet me and a few others went over to the Shadow Bar where H1ghh33lz put the nail in his coffin about avoiding the new handle, when him and another friend jokingly walked around the Shadow Bar in another pair of Highheels. The shoes in question were provided by a weeding party that had broken and looking to spend the rest of the night out on the town. Only difference is that this time not only did we get pictures of the event (well the weeding party did and will hopefully be sending them on) but H1ghh33lz kept the shoes.
Finally on to Defcon. As with the rest of Black Hat I'll summarize the major events and expand on specific talks/topics as time permits.
Ish
Tuesday, August 5, 2008
Black Hat Day 4
Today started slow, but things picked up around 10 when I got a call that a bud had a line on a few extra invites to the Cisco party and wanted to know if I wanted to go,. responded with a resounding YES, so hopefully he was able to get the names in, in time. The class I've been taking for the most has been pretty cool, it was the Advance Malware Deobfuscation class, my one biggest complaint with this class is a lack of good step by steps for the student exercises, so we can go back later and re-work through the exercises if we want. I don't know about any of you but after taking two heavily compressed and very technical IT courses, followed by 5 days of in-depth technical briefings, and various Vendor parties, I'm going to need a few days to decompress and the ability to re-run through the course materials when I'm more well rested. I'm probably not alone in this so.....
To say lunch sucked would be giving it a compliment, it was that bad. Of course this just means I'm going to be "forced" to grab something quick from the Caesars snack area before the Qualys get together, then again that might be what Caesars had in mind in the first place.
Last break of the day found us attendees rushing to grab our delegate bags. This year they had multiple colors not just the typical Red/Black bag (three to be exact: Red/Black, Orange/Black, and Blue/Black are the three bag color combos that I can see.). I'm not sure what if any difference there will be between the bags but I did notice a larger number of Red/Black bags than the other two. While standing in line I over hear one of the people near the front ask for a specific color, the guy handing them out said they couldn't do that and they we had to take what we got. Well as I reached the front I notice a nice Blue/Black bag after the typical Red/Black I was a bout to receive... thinking quick I turn to the guy behind me and say go ahead man. He buys it, steps right up and gets the Red/Black bag. I then smile as I step up for the nice Blue/Black bag. The guy handing them out just smiles back and says: thats the sweetest hack I've seen today, that's getting it done! So now I have a nice Blue/Black bag. As I look through the bag I notice not only have the goodies improved over years past the number has have increased a little (guess they found out they save lots of weight and money by not printing out the big red books).
Besides the usual program/schedule, conf DVD there is a rather nice, hard cover flip up book journal (kind of like a steno pad but hard bound and much better looking, an especially welcomed for this southpaw), a highlighter that also includes a two color ball point pen, and a nice new PayPal/ebay Security Key fob. Again not sure how this differs from the other colored bags, but I'll do some schmoozing and find out.
Well class is over so it a quick call to the other half, a snack and then the Qualys!
Ish
To say lunch sucked would be giving it a compliment, it was that bad. Of course this just means I'm going to be "forced" to grab something quick from the Caesars snack area before the Qualys get together, then again that might be what Caesars had in mind in the first place.
Last break of the day found us attendees rushing to grab our delegate bags. This year they had multiple colors not just the typical Red/Black bag (three to be exact: Red/Black, Orange/Black, and Blue/Black are the three bag color combos that I can see.). I'm not sure what if any difference there will be between the bags but I did notice a larger number of Red/Black bags than the other two. While standing in line I over hear one of the people near the front ask for a specific color, the guy handing them out said they couldn't do that and they we had to take what we got. Well as I reached the front I notice a nice Blue/Black bag after the typical Red/Black I was a bout to receive... thinking quick I turn to the guy behind me and say go ahead man.
Besides the usual program/schedule, conf DVD there is a rather nice, hard cover flip up book journal (kind of like a steno pad but hard bound and much better looking, an especially welcomed for this southpaw), a highlighter that also includes a two color ball point pen, and a nice new PayPal/ebay Security Key fob. Again not sure how this differs from the other colored bags, but I'll do some schmoozing and find out.
Well class is over so it a quick call to the other half, a snack and then the Qualys!
Ish
Black Hat Dat 3 post 2.
The after noon class went a little slower then the morning portion did, mainly because many people in class were not already familure with OllyDbg. Once we got passed the intro to OllyDbg the class picked up a little more as we explored how to find the original entry point in a program. Day three ended early for me, by legs and back were ache from the uncomfortable chairs and since Monday is one of the most dead nights in Vegas I figured I'd just spend a quiet night watching a little Mythbusters and reviewing the days exercises. Besides tomorrow starts the real fun... Vendor parities :)
Ish
Ish
Monday, August 4, 2008
Black Hat Day 3 (up to lunch anyway)
At breakfast this morning we had a Jackalope sighting. For those not in the know, DJ Jackalope is probably one of the best spiners/mixers who are regulary asked to play Defcon. She has mad skills with the turn table and can crank out the tunes.
Today's class defiantly seems a lot better that my weekend class. We started off straight into how executable Windows binaries look in a hex editor then started from the beginning and stepped through what things mean inside that binary. Next we stepped through the PE header information and how to find certain items in side the header. So far this class looks to be a new must attend for any one interested in getting into Reverse Engineering or binary analysis. It's lunch so I don't have much time left.
More Later
Ish
Today's class defiantly seems a lot better that my weekend class. We started off straight into how executable Windows binaries look in a hex editor then started from the beginning and stepped through what things mean inside that binary. Next we stepped through the PE header information and how to find certain items in side the header. So far this class looks to be a new must attend for any one interested in getting into Reverse Engineering or binary analysis. It's lunch so I don't have much time left.
More Later
Ish
Black Hat Day 2
I'm taking back something I said yesterday, Responder is cool but what really sets it apart is the wicked graphing feature that allows you to pull items on to the graph, as well as set layer colors (much like in adobe photo shop or Gimp graphics editing). You can turn off and on the layers so you can focus on a few items at a time. The graph also has a handy feature that allows you to "grow up" and "grow down" from an item on the graph. This means that you can add new items in the graph by following the associated function calls.
Tonight found a few us trying to answer the age old question: "Whats for dinner?". So we walked of Caesars and took a right and stated walking down the Strip towards the Luxor. After much indecision we finally wound up at the Hawaiian Tropic Zone at Planet Hollywood's Miracle Mile stores. We had passed over the place because of the price but finally decided to stop in because we acquired a buy one get one free entree. While higher priced the food was GREAT and it wasn't little portions either, they were huge! After dinner we were kinda wiped so we headed back to Caesars so we could slpit off and enter into food commas.
Ish
Tonight found a few us trying to answer the age old question: "Whats for dinner?". So we walked of Caesars and took a right and stated walking down the Strip towards the Luxor. After much indecision we finally wound up at the Hawaiian Tropic Zone at Planet Hollywood's Miracle Mile stores. We had passed over the place because of the price but finally decided to stop in because we acquired a buy one get one free entree. While higher priced the food was GREAT and it wasn't little portions either, they were huge! After dinner we were kinda wiped so we headed back to Caesars so we could slpit off and enter into food commas.
Ish
Black Hat Day 1
First things first, while my Internet access will be a little spotty, I'm going to be keeping a running journal of the events as the happen or soon after they happen, but I may not always be able to post to the blog on any given day or at any set time. I will post in order of occurrence but this means that some days there may be no postings, some there may be multiple (one for each day) and others may have multiple postings are continuations of the same day. Training today was okay wasn't exactly was I was expecting from the class description but by the end of the day it had picked up some. While Hogland and Cummings are very smart, the class was more geared tword using HBGary Responder for things rather then hard core rootkit reversing. One item of note they did present something they call Malware Analysis Factors (MAFs). These MAFs break down program functions into six categories. While these MAFs are cool and all, it remains to be seen if the rest of the class will improve. Don't get me wrong Responder is a cool tool and all its just I was expecting a little more from one of the founders of rootkits.org.
Dinner tonight was very disappointing, it was over priced and just kinda of anh. After dinner found me a few others at the Seahorse lounge in Caesars near the Pure night club. A few years ago it was a pretty good spot for people watching and reasonably priced for drinks. My how things have changed, they updated the part out side of Pure so that now they have the "Pussycat Dolls Casino" basically a just a small card table pit with a roulette wheel and craps table. While still a good place to people watch they jacked up the prices by almost triple so we probably won't be going back.
Ish
Dinner tonight was very disappointing, it was over priced and just kinda of anh. After dinner found me a few others at the Seahorse lounge in Caesars near the Pure night club. A few years ago it was a pretty good spot for people watching and reasonably priced for drinks. My how things have changed, they updated the part out side of Pure so that now they have the "Pussycat Dolls Casino" basically a just a small card table pit with a roulette wheel and craps table. While still a good place to people watch they jacked up the prices by almost triple so we probably won't be going back.
Ish
Subscribe to:
Posts (Atom)
