Job Opportunity at the National Forensics Training Center

 Uncategorized  No Responses »
Jan 042011
 

We currently have a job opening at the National Forensics Training Center for a full-time instructor/research associate.  This is at our Jackson, MS location (the Cyber Crime Fusion Center), which is about 2 hours away from the Starkville location where I work.  You would be responsible for managing our lab at the Jackson location, conducting our training classes, and working closely with us on developing new material.

I’m advertising this here, as I imagine some of the readers of this website have the interest and experience that would make for a candidate that we’d really like to work with.

You can find more information about the job and how to apply over at the NFTC site here:

 Posted by wesley at 9:04 am

MSU CTF Final Scores

 CTF  4 Responses »
Nov 232010
 

Yesterday, with only hours to go, COPE and the Hash Puppies came to an agreement:  The Hash Puppies gave COPE all of the flags that they had captured that COPE already didn’t have, bringing COPE into a solid first place.  In return, COPE gave the Hash Puppies enough assistance to secure second place.  At first, I was skeptical that COPE would give the Hash Puppies good value for their trade, but it looks like it turned out well for both teams, to the dismay of SwaffleU, who held the lead prior to the deal.

The final scores are as follows:

  1. COPE – 30
  2. Hash Puppies – 27 (with a last submission time minutes prior to SwaffleU’s)
  3. SwaffleU – 27
  4. Wesley’s Unkempt Beard – 18
  5. BitBangers – 11
  6. Team 4 – 9

The game really came down to the wire, with the tie for second broken by time-of-last-submission.  This was probably the most competitive semester of CTF yet.

I had a blast running the game, and I hope that all of the participants had a good time too.  If you participated this semester, please email in any scripts/tools/notes that you wrote during the process of the game, so that we can review them in our post-mortem.  I already have copies of many of them, but I’d like to make sure that I have the final versions you had at the end of the game.

 Posted by wesley at 8:17 am

MSU CTF Final Day, Morning Update

 CTF  2 Responses »
Nov 222010
 

This is the last day of CTF for this semester.  At 3:30 PM, it’s all over but the crying.  We’ll have a countdown, likely set to “Eye of the Tiger”.

Yesterday when I arrived to make sure the VMs were still up and running, no teams were in the room.  I was feeling a bit mean, so I took this as an opportunity to power-cycle all of the attacker workstations in order to see how their scripts deal with a power blink.  I also used this moment as a chance to grab scripts and random files left laying around on the various workstations, locked and unlocked.  If you’re in the area, look forward to an upcoming talk: “Found Files of MSU CTF”.

SwaffleU has taken the lead, though COPE and Hash Puppies are not far behind.  It’s likely that one of the lower-ranked teams is quietly waiting for the last moments, as well.  The scores, as of 9AM:

  1. SwaffleU – 24
  2. COPE – 23
  3. Hash Puppies – 19
  4. Wesley’s Unkempt Beard – 9
  5. Team 4 – 8
  6. BitBangers – 7
 Posted by wesley at 9:04 am

MSU CTF 11AM Saturday Update

 CTF  4 Responses »
Nov 202010
 

I left early last night to have dinner and watch the new Harry Potter movie, so I neglected to post an update yesterday evening.  I normally make 8AM posts, but this is a Saturday, so you’ll just have to make do with an 11AM update.

COPE have taken the lead with 18 flags, and this represents the first time since the beginning of the game that the Hash Puppies have lost the lead.  I offered them the opportunity to post a flag before this update in order to take the lead back, but they declined.  The Hash Puppies seem to be quite happy in second place.

The best computer that I have seen in the competition so far is this 486, 66 MHz beast that a member of COPE set up:

It’s

  • missing a panel or two
  • has no branding whatsoever (the sticker on the bottom helpfully suggests that it’s a “Notebook Computer”)
  • has a broken keyboard (you can see the edge of the keyboard that’s plugged in on the left)
  • reports itself in some ancient version of Linux as having about 18 and a half megs of RAM (what?)

The current scores are:

  1. COPE – 18 (Last submission 8 hours and 22 minutes ahead of the Hash Puppies)
  2. Hash Puppies – 18
  3. SwaffleU – 10
  4. team4 – 8
  5. BitBangers – 7
  6. Wesley’s Unkempt Beard (previously known as Team 2) – 2

Flag: 4cbd40766a

 Posted by wesley at 11:31 am

MSU CTF 8AM Friday Update

 CTF, Uncategorized  1 Response »
Nov 192010
 

Last night, while my wife had a girl’s night out with some friends, I had the opportunity to hang out in the lab and observe CTF until nearly 10 PM.  Teams were busy in the lab, hacking away the entire time, and I hear that even after I left, there were people in there at 1 AM, and possibly later.  The scores have moved a bit:

  1. Hash Puppies – 15
  2. COPE – 10
  3. SwaffleU – 6
  4. Team 4 – 3
  5. BitBangers – 2
  6. Team 2 – 1

Teams discuss strategy for holding onto flag submissions until the last minute, but often it’s too much to bear to see your team fall down in the current rankings.  A few points placed on the board by one team will often result in points posted by other teams.  I suppose they want to look good on the blog updates ;) .

 Posted by wesley at 8:23 am

MSU CTF 5PM Thursday Update

 CTF  No Responses »
Nov 182010
 

Today has seen a lot of activity from SwaffleU, the Hash Puppies, and COPE (previously known as Team 5), though not a lot of movement in the points.  It remains to be seen how many of those 13 points the Hash Puppies put on the board were sniffed off the wire by other teams that are waiting for a safer opportunity to submit.  The scores, as of 5PM:

  1. Hash Puppies – 13
  2. COPE (formerly Team 5) – 6
  3. Team 4 – 3  (last submission time 1’27″ before SwaffleU)
  4. SwaffleU – 3
  5. BitBangers – 2
  6. Team 2 – 1

On the scoring server, I can see the table of submissions, and can verify that most of the flags submitted represent the “low hanging fruit” of the game.  It’s definitely the right thing to do, to go after these first, since the points are equal for all flags regardless of difficulty.  Hopefully soon though, we’ll see the teams get around to some of the more challenging flags.

Next update will be around 8AM tomorrow morning, or later tonight if something interesting happens.

 Posted by wesley at 5:14 pm

MSU CTF 8AM Thursday Update

 CTF  2 Responses »
Nov 182010
 

I arrived this morning to find the VMs responsive on the network, however the console of the VM server was locked hard.  If you’re one of the participants, and you had something running on any of the VMs, or any sort of persistent connection, you may have to put it back up the next time you go in.

This morning I heard a gripe about the completely hubbed and sniffable nature of the CTF network.  This player was concerned about his hard work being sniffed and resubmitted by another team.  I do like the need to be creative about your communications though.  We have many teams generating cover traffic, and simultaneously writing scripts and filters to try to make sense of all the traffic on the network.  It’s an interesting arms race, and I think it adds a fun meta-game for the top-tier students who are already doing well capturing flags.  There are some downsides to focusing on sniffing as well.  Imagine a situation where you pull an all-nighter trying to get a certain flag, only to find out when you submit it that you already have that one from the wire.  Time wasted :)

Here are the scores, as of this morning:

  1. Hash Puppies – 13
  2. Team 5 – 5
  3. Team 4 – 3
  4. SwaffleU – 1
  5. BitBangers – 0
  6. Team 2 – 0

Teams that have not decided on a name by this evening (Looking at you, 5, 4, and 2.) will likely have a name of my choice assigned to them by me.  This is probably not something they want.

 Posted by wesley at 8:23 am

Fall 2010 MSU CTF

 CTF  3 Responses »
Nov 172010
 

Today, right after the Information and Computer Security class, teams of students began hacking on the capstone exercise for the class: Capture the Flag.  As in past semesters, the students are let loose on an isolated network, and are to scan for vulnerable machines, exploit them, and collect flags that are scattered around the network in the form of 10-digit hexadecimal strings.  These flag strings are then submitted to a scoring server, which also must be located by the students, in order to bump their score.

For the past few semesters, I’ve posted updates throughout the game to this blog, and I’ll try to keep you updated with commentary this time as well.  The game just started about an hour ago, and the scores are currently:

  1. Hash Puppies – 4
  2. SwaffleU – 1
  3. BitBangers – 0
  4. team2 – 0
  5. team4 – 0
  6. team5 – 0

The Hash Puppies took some initiative to submit a handful of flags quickly, trying to get them in before the other teams had set up sniffing programs to intercept.

The game will run until Monday at the beginning of class (3:30 PM Central).  The plan is to have a morning update on the blog and an update in the afternoon/evening of each day, though this schedule may vary a bit over the weekend.

Best of luck to all the teams.  Here’s a free flag for following along on here: 9c09c9cc1d

 Posted by wesley at 9:04 am

SANS Network Security 2010

 training  No Responses »
Sep 162010
 

If any readers are in Vegas next week for SANS Network Security 2010, get in touch.  I will be in town from Sunday to Sunday, and I’ll be taking SEC 709: Developing Exploits for Penetration Testers and Security Researchers, which I am very much looking forward to.  This is being advertised as the most advanced of SANS classes, and I’m looking forward to the challenge.  Chris Mohan, of Security for a Day, will be in the same class.

Even if you’re not in the same class, get in touch with me by email or twitter and maybe we’ll run into each other somewhere at Caesars.

 Posted by wesley at 12:48 pm

(More) (Massive) Plagiarism in Security Books

 book review  6 Responses »
Aug 192010
 

A while back, I was intrigued by the then-impending release of Gregory Evans’ book, How To Become the World’s No. 1 Hacker. I realized that, even as a self-published book, it would get a lot of attention from people getting started in security, if for no other reason than it’s “extreme” (and promising!) title. I put in a request for a review copy so that I could give some sort of recommendation one way or the other to students taking security classes here, and others that might stumble across this blog.

The review copy arrived, and I immediately got the same feeling as I got when I took a careful look at the original revision of Dissecting the Hack: that the listed authors of the book did not create the content they were presenting as their own. Googling random samples of the text throughout the book confirmed my suspicions. I switched gears and began documenting all the instances of plagiarism, much as I did for Dissecting.

A few chapters in, I was rescued from this drudgery (and no small amount of drama) by Ben Rothke, who wrote a short series of excellent posts exposing the plagiarism in Gregory’s book. He did a great job of documenting it, and hopefully it will inform potential purchasers/readers.

Ben has now done it again with a review of Ali Jahangiri’s The Security Policy Cookbook: A Guide for IT and Security Professionals.  His post is titled Is 2010 the year of the plagiarized security book?, and Ben not only exposes the large amount of unattributed material in this book, but also explains the problems with copy-and-paste security policy design.

With three books in the past year having a significant amount of plagiarism, I figured this would be a good time to share a little bit of my own commentary on the situation. This is a collection of thoughts, observations, and opinions that I’ve expressed in other formats (Twitter, email, in person) with various members of the security community, gathered up into this one post.

What is plagiarism?

Plagiarism is the act of representing another’s work as your own, without attribution to the original source. This sounds very simple, but once one accuses the other of it, the excuses and arguments get twisted very quickly. The litmus test should be: would a reader be reasonable in assuming that the listed author wrote this material? The only place where this gets sticky is in the case of legitimate (and more importantly, willing) ghost writers, which is not really an issue in any of these security books (though it was claimed for one).

Plagiarism is, on the surface, related to legal issues of copyright, intellectual property, and fair use. It is, however, a different issue. One may be within the boundaries of the law in the case of public domain and other very-loosely-licensed material, and yet still be deceptive and dishonest towards the readers who shell out money and time on a book.

This is not a matter of “standing on the shoulders of giants”, basing your work off of others’ and expanding upon it with your own commentary and research. This is about the wholesale copying, pasting, and laying claim to others’ work.

Why is this a problem?

I touched on this a bit in the previous question. The victims of plagiarism are the readers, who are being deceived by the plagiarists, and the original content creators, who get no credit for their original work.

Readers purchase books with the intention of getting the author’s take, or presentation, of a subject.  A reader might decide that it’s okay to buy a book that contains material from another book (legit example: No Tech Hacking), or that contains material that’s freely available online.   If your book presents its material as being created by the listed author, but it wasn’t, then you’ve robbed the reader of being able to make that decision.

The purpose of a book is not only to provide information and/or entertainment to the reader, but also to serve as a testament to the author’s expertise, ability to communicate, and respect in their chosen field. Even those who don’t read the books will be able to verify that an individual is at least well-versed enough on a subject to have written a book on it. This helps a lot with self-promotion and recognition. It’s easy to see that book authors are held in high esteem in the security community. A plagiarist cheats their way into this position by assuming the title of “author” without putting in the effort normally needed to create the content. At the same time, the original author of the content is not seeing this esteem or status that would normally be associated with having their work in print.

Is this a serious problem with security books?

Good question. The three examples discussed above are the only ones that I am aware of. They’re huge, egregious examples, but it’s possible that smaller instances exist and haven’t been noticed. Has anyone else noticed more?

The motive is there. Name recognition is very important/sought-after in the security community. It’s tempting to take the shortcut.

Opportunity? Two out of the three above examples are self-published, in which case: who’s going to stop them from trying. Dissecting was from an actual publisher, Syngress, though it revealed a failure in the editing process that is unlikely to happen again, now that they have been burned once.

After the community’s negative reaction to Gregory Evans’ book, it would seem that most would think twice about pulling the same stunt. Then again, many that would are likely new to security or not connected to the community of twitterers, bloggers, conference attendees, etc. While Evans was on some folk’s radar prior to these events, he wasn’t as widely known before as he is now. It may be the case that some people underestimate the ability of the community to identify and react to misrepresentation. As with Evans, this appears to be the case with Ali Jahangiri.

Who is Responsible?

In at least two of the prior cases of plagiarism in security books, blame was passed along to other people responsible for the content.  Regardless of who committed the act, those who have their name on the book and see/approve it before it goes to print or the shelves are ultimately the ones who are responsible for the content.  The editors and publishers (if there are any) are also responsible.

Conclusion

As a reader, keep a critical and skeptical eye when reading a book if it seems suspicious. Investigate and document what you find. Expose what you feel is not right. If you want to avoid getting duped, try to find reviews from sources you trust before buying.

As an content creator, do what you can, or at least can afford, to protect your material. Legal action may be expensive in both time and money, but you can at least request that your material be pulled or attributed (and document that correspondence). It will also deflate the plagiarist’s excuses if you come forward and publicly state that you never consented to that use of your material.

I’m not sure how much of a problem it will be going forward, but it’s definitely something to keep an eye on.

The Security Policy Cookbook: A Guide for IT and Security Professionals

 Posted by wesley at 2:10 pm
 Older Entries  Newer Entries
© 2012 McGrew Security Suffusion theme by Sayontan Sinha