My DDoS presentation at DojoCon on Sunday.  A big thanks to Marcus J Carey for organizing the con and Adrian Crenshaw for doing the recording.

• DojoCon 2009 Presentation
• Barcode Hacking
• DDoS and Elections
• Massively Scaled Security Solutions for Massively Scaled IT
• DDoS Planning: Business Continuity with a Twist

Inspired by Anonymous, Operation Payback, and the “DDoS attacks as a legitimate form of protest?” article at ZDNet

• Conflicker ala IKANHAZFIZMA
• Noms and IKANHAZFIZMA
• IKANHAZFIZMA Finds Caution Tape
• Training the Apache Killers
• #RefRef the Vaporware DoS Tool

Nope, we’re not going to talk about ego trips, hidden agendas, or complete irresponsible transparency.  This blog post is about some of the fallout inside the Government security teams.

The powers that be would like to remind you that downloading classified documents off the Intertubez does not make them unclassified.  An anonymous source that I talked to last week gave me the info that they were busy tracking their users’ browsing behaviors so that if you (the hypothetical you) went to WikiLeaks and downloaded a classified document, the InfoSec goon squad would show up outside your cubicle to shred your hard drive because you had just been responsible for a classified spillage–ie, your unclassified desktop now has classified material on it and as per procedure the only way to deal with the situation is to overwrite your hard drive and reimage it.  I have a couple thoughts about this:

• Where were the InfoSec goons when their users were getting drive-by malware from questionable sites?
• If it’s on TV, it’s not a “secret” anymore.
• Don’t our InfoSec teams have something better they can spend their time doing other than being the WikiLeaks monitor?

And then there’s the Ambulance Chasing Department.  According to a different anonymous source, the vendors have descended upon the State Department hawking their security solutions, including this gem of a webinar.  Not quite sure what the webinar is on, except that they’re targeting you to sell something.

From: Prism Microsystems

Sent: Wednesday, December 01, 2010 10:01 AM

To: user@state.gov

Subject: Webinar: Prevent “WikiLeaks-type” Data Loss

Webinar:  How to Prevent “WikiLeaks-type” Data Loss in Government Networks

Following the most recent publication of classified documents by WikiLeaks, government agencies are reviewing current provisions for protecting classified and top secret data – they are also researching best practices and alternative methods to monitor, prevent, and document data loss.

Attend this webinar to learn:

• how the leaks happened
• telltale signs of a leak
• what you can do to prevent them

Leak picture by jillallyn.

• Transparency in Government: Just Give us the Data!
• Workin’ for the ‘Counters: an Analysis of my Love-Hate Relationship with the CPAs
• When Standards Aren’t Good Enough
• Preliminary Findings on Cybersecurity Review Now Out
• Federated Vulnerability Management