Posted: May 24th, 2010 | Author: Matt | Filed under: adventure | Tags: a break, and my brain, from security | 1 Comment »
Allow me to take a break from the usual security stuff to regale you of my tale from yesterday. It is not a tail of woe (which is usually the case for me). It is a tail of adventure, great people, lots and lots of traffic and mostly about me being a complete moron.
So I decided after a recent trip through the neighbourhood to return to Soweto to see about getting into the old abandoned power station next to the Orlando Towers. This actually went fairly well. GPS man took me straight there and a quick walk around and a chat to the rather friendly security guard proved to be fruitful.
I grabbed the kit from my car and locked up, leaving my wallet and phone in the boot (probably not the best of ideas but it seemed the lesser of two evils at the time. This fact would come back to haunt me later.
I was walking around the old station in my happy place. I have a rather scary obsession with urban decay and the photography there of, so this was my nirvana. Having snapped through almost a third of the entire area I approached by a third security guard who wasn’t too keen on my wandering around the property which I can completely understand. I didn’t have the correct R5000 city permit you see. So, not wanting to cause grief for anyone (least of all myself) a wandered back to my car with the guy. As agreed upon prior to me wandering about I got the guards their cool drink as “payment” for letting me walk about, albeit for a short period. With this settled I enquired about being able to explore a little further into the monolith. They said all was well.
This excited me no end, there was a wealth in photographic opportunity within the old walls. So, I grabbed the kit from the boot of my car again and slammed the boot shut. I then patted my jeans to make sure I had my car keys on me. My pockets were empty. I patted again, this time a little harder, in case my first pat had not revealed my keys exact location within my jeans. Same result.
You know that feeling you get when you realize you have done something so incredibly dumb that you can’t really help but laugh at the fact ? I then realized that my keys were still on the lid of my boot over which I had just closed the little hatch. And it was locked. Tight.
<strong>Moron.</strong>
<strong>Idiot.</strong>
<strong>Complete and utter pudding.</strong>
I am now locked out of my car.
In the middle of Soweto.
With no money.
No phone.
And my house keys were also locked in the car….
Any normal mortal would at that point curl up into the fetal position as it is a well known fact that no one and nothing can hurt you in the fetal position. Not I. Said the wolf. I am not a wolf.
I overheard a guy chatting to a taxi driver (who has just dropped them off) about heading back to Bryanston to fetch his son. I live in Bryanston. Quick as a fiddle (I hear they’re quite zippy) I jumped in said taxi and was quickly wending my way back to Bryanston, not really knowing
<strong>a.</strong> how I was going to get back to my car
<strong>b.</strong> how I was going to get into my flat to fetch my spare key
<strong>c.</strong> what had happened to my usually present brain
We arrived back at my flat. I was let in the front gate with no issue (small victory #1). I then ran up the 2 flights of stairs to my door and knocked on my neighbours door. They were home (small victory #2). I then walked with confidence out to their balcony (2 stories up), jumped onto the dividing wall, did NOT soil myself (small victory #3) and scooched my rather terrified butt across to my balcony. I then waltzed in through my patio doors which I didn’t lock that morning (there is no need to lock doors dear people, this is Jozi). Having obtained my spare keys (flat and car) I ran back to the taxi. Oh happy day. Sharing carnal delights with Miss Johansson would not match the feeling of “thank the F&*#ing pope for that…
To cut a very long part of the story short, it took us 2.5 hours to get back from Bryanston to the Orlando Towers. Soweto was filled to the brim with Bulls supporters. It was quite a sight to see really. But that’s a story for another day.
I got back, unlocked the car, retrieved my keys, wallet and phone from the boot and slinked back the way I came. I didn’t find my dignity along the way back. I looked. Hard.
So.
Thank you very much random guys having a few drinks at Orlando Towers before the Bulls game.
Thanks James for being an awesome driver of said taxi.
Thanks for the offer of cold beers random son (and friends) of random guy having a few drinks at the Orlando Towers before the Bulls game. I sincerely hope you made the game.
What a day.
Oh pudding.
ps. I will be back to the Station in the very near future. Every crevice was not explored.
Posted: May 24th, 2010 | Author: Matt | Filed under: adventure | No Comments »
Allow me to take a break from the usual security stuff to regale you of my tale from yesterday. It is not a tail of woe (which is usually the case for me). It is a tail of adventure, great people, lots and lots of traffic and mostly about me being a complete moron.
So I decided after a recent trip through the neighbourhood to return to Soweto to see about getting into the old abandoned power station next to the Orlando Towers. This actually went fairly well. GPS man took me straight there and a quick walk around and a chat to the rather friendly security guard proved to be fruitful.
I grabbed the kit from my car and locked up, leaving my wallet and phone in the boot (probably not the best of ideas but it seemed the lesser of two evils at the time. This fact would come back to haunt me later.
I was walking around the old station in my happy place. I have a rather scary obsession with urban decay and the photography there of, so this was my nirvana. Having snapped through almost a third of the entire area I approached by a third security guard who wasn’t too keen on my wandering around the property which I can completely understand. I didn’t have the correct R5000 city permit you see. So, not wanting to cause grief for anyone (least of all myself) a wandered back to my car with the guy. As agreed upon prior to me wandering about I got the guards their cool drink as “payment” for letting me walk about, albeit for a short period. With this settled I enquired about being able to explore a little further into the monolith. They said all was well.
This excited me no end, there was a wealth in photographic opportunity within the old walls. So, I grabbed the kit from the boot of my car again and slammed the boot shut. I then patted my jeans to make sure I had my car keys on me. My pockets were empty. I patted again, this time a little harder, in case my first pat had not revealed my keys exact location within my jeans. Same result.
You know that feeling you get when you realize you have done something so incredibly dumb that you can’t really help but laugh at the fact ? I then realized that my keys were still on the lid of my boot over which I had just closed the little hatch. And it was locked. Tight.
<strong>Moron.</strong>
<strong>Idiot.</strong>
<strong>Complete and utter pudding.</strong>
I am now locked out of my car.
In the middle of Soweto.
With no money.
No phone.
And my house keys were also locked in the car….
Any normal mortal would at that point curl up into the fetal position as it is a well known fact that no one and nothing can hurt you in the fetal position. Not I. Said the wolf. I am not a wolf.
I overheard a guy chatting to a taxi driver (who has just dropped them off) about heading back to Bryanston to fetch his son. I live in Bryanston. Quick as a fiddle (I hear they’re quite zippy) I jumped in said taxi and was quickly wending my way back to Bryanston, not really knowing
<strong>a.</strong> how I was going to get back to my car
<strong>b.</strong> how I was going to get into my flat to fetch my spare key
<strong>c.</strong> what had happened to my usually present brain
We arrived back at my flat. I was let in the front gate with no issue (small victory #1). I then ran up the 2 flights of stairs to my door and knocked on my neighbours door. They were home (small victory #2). I then walked with confidence out to their balcony (2 stories up), jumped onto the dividing wall, did NOT soil myself (small victory #3) and scooched my rather terrified butt across to my balcony. I then waltzed in through my patio doors which I didn’t lock that morning (there is no need to lock doors dear people, this is Jozi). Having obtained my spare keys (flat and car) I ran back to the taxi. Oh happy day. Sharing carnal delights with Miss Johansson would not match the feeling of “thank the F&*#ing pope for that…
To cut a very long part of the story short, it took us 2.5 hours to get back from Bryanston to the Orlando Towers. Soweto was filled to the brim with Bulls supporters. It was quite a sight to see really. But that’s a story for another day.
I got back, unlocked the car, retrieved my keys, wallet and phone from the boot and slinked back the way I came. I didn’t find my dignity along the way back. I looked. Hard.
So.
Thank you very much random guys having a few drinks at Orlando Towers before the Bulls game.
Thanks James for being an awesome driver of said taxi.
Thanks for the offer of cold beers random son (and friends) of random guy having a few drinks at the Orlando Towers before the Bulls game. I sincerely hope you made the game.
What a day.
Oh pudding.
ps. I will be back to the Station in the very near future. Every crevice was not explored.
Posted: April 10th, 2010 | Author: Matt | Filed under: Brain Dump, InfoSec | Tags: back to basics, InfoSec, passwords, query | 1 Comment »
Recently there has been a spate of Gmail accounts being compromised by what sounds like poor passwords. This begs the question what are we doing wrong ? I’ve come to the following conclusions:
- We’re choosing poor passwords to begin with.
– We’re using shady third party providers for some reason.
– We’re using insecure methods to check mail.
– Someone somewhere knows something we don’t
I know I’m stating the obvious here, but for the sake of my sanity I’m going to go through my process for choosing a password. As much as I really like this post, I don’t believe it’s really enough. When choosing a password I’ll take a favourite phrase, generally something obscure that only I will know. And yes, some of the time it’s related to the site I am saving a password for. Instead of rambling on about some obscure phrase only I know let’s take an example.
I have just created a Twitter account for @leethaX0r69 which I am going to use as a C&C page for my …wait…er..plans for world domination should not be published. Regardless. I’ll take that account and come up with something like “Leet HaX0r is now on Twitter”. From that phrase I’ll take the first letter of each word and get “LHinoT” which is pretty good (not really). Now let’s add a little spice into the mix and get “LH1n0T” which is marginally better. Finally, some padding to get this “&LH1n0T%”. That’s not too bad now is it. Eight characters, upper and lower case with some special characters for good measure. And it’s not based on anything in a dictionary.
There are a number of trains of thought on the topic of a good password. Some think that having a standard pass{word,phrase} with a slight change depending on what site you are using is fine. I’d disagree with that simply because I don’t like the idea of sharing a common password among sites, even if there are slight changes in it.
This brings me to password managers. I’ve been using 1Password for a while now and it’s awesome. No, they don’t sponsor this blog, nor do I receive any kick backs from them. The basic idea is that I have one password to get into my 1Password database and I am then free to use extremely complex passwords for all my online stuff. Very neat. Yes, I am up a certain creek without a certain paddle if I’m stuck without my laptop but that’s what 1Password for the iPhone is for. Alas my iPhone died a horrible death and is now about to be taken apart with a screwdriver just because I can….
What do you do for passwords ?
Am I crazy doing what I’m doing ?
Let me know what you think…
And no…my password for Twitter is NOT &LH1n0T%
Or is it…
Posted: April 10th, 2010 | Author: Matt | Filed under: Brain Dump, InfoSec | Tags: community, help a brother out, rant, war | 1 Comment »
I guess there would have to be communication between parties to begin with…
I’m not talking about writing on your best friends Facebook wall or flirting with that gorgeous 18 year old on Mixit (mostly because she’s probably a creepy 37 year old man living at home with mom). I’m talking about getting a decent conversation going with your peers. Perhaps it’s because I am still very naive and not yet jaded about the industry I work in but I firmly believe that we need to talk more. A whole bunch more. We are all in this together, we just choose to be on different fronts. Like it or not, if you’re in the Information Security game you’re fighting a battle. And the other team has more money, bigger guns and they don’t clock in or out. Ever. And if the stats are to be believed, they’re winning. Yes, we may win the odd battle every now and again and I am certainly not trying to take anything away from anyone on my side, but yeah, it’s a little rough out there at the moment.
My biggest issue really is that we suck at getting new guys in. It’s something that Dave Shackleford got across very well in a couple of blog posts and something that locally was dealt with very well by ZaCon/zacon/ZACON/zAcOn/etc.etc.etc. But essentially at the end of the day there still seems to be that feeling of “oh you’re new here, just sit in the corner and shut up”. Or perhaps that’s just me and I’m hanging around in the wrong circles. I have been faced with this problem a couple of times. I am not afraid to pick up a book or read the fine print on the best of occasion but it would be great every now and again to not have to worry about “oh god, I’ll look like an idiot if I ask this so I’m not gonna”. A couple of times while in Durban I was approached by guys wanting to get into the game and get their Security careers started but at the same time they complained about how difficult it was to find help. To me this paints a fairly bleak picture for our future. Or perhaps I’ve grown too cynical during the course of this article ?
So what’s the solution ? I always get told that if you’re going to point out a fault or issue with something, you best come with a solution or a bottle of very good whiskey. I prefer whiskey most of the time but here’s my solution. And unfortunately for me, my solution is going to be “state the obvious”. Not because it’s the easy way out because at the end of the day it’s not. The solution is to give the “leet” thing a rest and help someone out. If you can see someone battling with an idea, concept, piece of code or some such hurdle, give the guy a hand. If you can’t help him out, point him in the direction of someone/something that can. I had a case recently where I was tasked to do something which I didn’t even have the foggiest clue about where to begin. No, I don’t want to be spoon fed but if you expect me to build the aeroplane we’re going to use to fly over that smoking volcano, at least point me in the direction of the toolbox. Because if push comes to shove and I’ve missed a bolt somewhere for some silly reason, we’re all screwed.
To be honest, I’m not entirely sure where I wanted to go with this. Mostly it was probably a small rant I needed to get off my chest for whatever reason. Anyway, I suck at crypto so I’m going to play with OpenSSL until I understand it a little better. Probably because someone said it was a good place to start.
Posted: March 24th, 2010 | Author: Matt | Filed under: Uncategorized | Tags: alive, random | No Comments »
I am still alive I promise. Moved about the country and busy with adjusting to a new life.
I will be back as soon as I have something worth saying.
“If I’m not back in five minutes, just wait longer…”