Podcast #35 w/ Thomas Ptacek / Matasano Security

31 Mar , 2007  

podcast microphoneWith all my travels talking about UNP during the week, Alan covered for me and interviewed Thomas Ptacek from Matasano Security. This is a rare opportunity to gain insight into someone who works in vulnerability research as a passion and avocation.

Alan’s interview with Thomas covers a broad set of topics. I think in this interview we get a good picture of Thomas and how he approaches his important role in the security ecosystem. In the interview Alan and Thomas cover:

  1. His career in information security, including how he discovered a vulnerability that broke almost every IDS out there, working security a large ISP, then Arbor Networks and now starting Matasano
  2. What Matasano does, how they do it and who uses it, as well as who doesn’t
  3. ITSecurity.com’s list of influential IT Security people and how you can’t believe everything you read, even if it is on the Internet.
  4. Security elitists, do they have a right to be better than you?

The interview with Thomas is the majority of the podcast so we forgo the usual The Converging Minute and This Week In Security segments. Well, now we know what happens when I’m not there to keep Alan in check; a long interview! lol. We’ll return with those in our next podcast.

Thanks for listening. We’ve got an exciting lineup of interviews coming up. I think you’ll enjoy the podcasts we have planned very much. Please keep the cards and letters coming, so be sure to send us any feedback, ideas or questions to podcast@stillsecure.com. Thanks!

Icon_enclosure_music_7mp3 file


UNP roadtrip – Thursday; the secret to flying

30 Mar , 2007  

The knack of flying is learning how to throw yourself at the ground and miss. – Hitchhiker’s Guide to the Galaxy

I’ve always like that quote from the book, but today was testament to learning how to fly.

I spent the better part of the day (6 hours) waiting for a plane out of JFK. Then spent 2 hours in the plan stuck on the ground waiting to get approval from traffic control to take off. That was today. Yesterday coming into JFK, after landing we waited out between runways for 20 minutes and then spent another 25 minutes waiting for someone to move a fuel truck that was parked less than a foot away from the wing of our airplane.

Fire trucks, airplanes, driving in Manhattan… NYC is a great place but it does bring along some challenges once in a while. Still, I do love to travel to NYC for fun or for work. While I was there this week I even had a chance to spend some time looking around on Long Island in Garden City (where I worked) and Mineola (where I lived) and stop by and see some places, like our first apartment, in the area. I hadn’t been back to that part of the island since moving away quite some time ago.

More success on the UNP road trip today. It’s interesting the reactions I get. Most really get excited about the idea. Occasionally someone will take a little while to warm up to it and then the light bulb pops. It probably depends on if you view UNP from the standpoint of a user, a business, a partner or another role.

I’ve been working really hard lately, along with the team at StillSecure, to get as much work done on UNP as possible. Very soon I’ll be able to share a lot more details about way we are doing, and that will allow me to be more specific about some of the results from this week’s trip.

Friday I’m back in Denver for a number of briefings and calls. Thanks for following along.


UNP roadtrip – Wed. part 2;”tested by fire”

29 Mar , 2007  

Upon returning to my hotel tonight in Westbury, NY, there was the smell of smoke in the air of the hotel lobby. Next, I saw the hotel desk operator heading out the back door with a fire extinguisher. Not to miss any of the action, I headed out the back door with her to see what was going on. A fire had started in landscaping shrubs just outside the building. Most likely someone threw a cigarette butt into the shrubs newly packed with very dry peat moss.

The fire extinguisher put the fire out but there were still embers. Upon returning to the hotel lobby, I listened to the desk clerk argue with the manager (I assume) on the phone about whether to call the fire department. My guess is that the Westbury Red Roof Inn manager was more concerned about scaring away guests than making sure the fire was out and we were all safe. That’s the only thing I can conclude given their behavior in the situation. I told the clerk to call the fire department or I would. There still may be embers lit down there and the high winds could whip a fire at anytime. I wasn’t comfortable going up stairs to my room until I knew that fire is completely gone. Guess what happened next.

Yep, I picked up the phone at the front desk and called 911. The clerk looked relieved since she wanted to do that same thing but whoever was on the phone wasn’t having any of it. I talked to the 911 staff, told them what had happened and they said the fire department would be right here.

The Westbury Fire Department was Johnny on the spot and got there within a couple of minutes. The fire had not flared back up yet but they were glad I called. They hosed down the area where the fire had burned, digging up the area with a long pole to make sure no embers were hiding down there. 20 minutes later they were all done and rolling up the hose so they could head off to wherever they were going. Needless to say that made everyone who knew about the fire much more comfortable about the situation.

So, what was the reason for the Red Roof Inn manager’s hesitation for calling the FD? Was it their lack of understanding what had really happened here? What it the possible loss of revenue for the evening? Was it just stupidity? Why did the front desk clerk call their manager before calling the FD? I can guess but I don’t have the answers to these questions.

My feelings are that customers safety took a backseat today at the hotel. The clerk was a pretty young person, and while there is nothing wrong with youth, it was clear she was relying on what her manager told her to do, rather than using common sense and make sure the fire was out. I just don’t understand why this wasn’t a bigger deal than they way it was treated. Obviously, the Westbury Red Roof Inn, even though it’s new and a nice little hotel, isn’t someplace I’ll be staying at again.

My motto; better to be safe than sorry, when it comes to customers and their safety. I wish that attitude was more prevalent in this situation.


UNP roadtrip – Wednesday – part 1

28 Mar , 2007  

Well, it was a different kind of day today with a lot of twists and turns on the road talking about UNP. First let me say that I wrapped up some great meetings in the Boston area. More positive feedback about UNP and some great questions.

Probably the most interesting was why have UNP as an open platform rather than something proprietary we could sell, sort of the traditional business software model. UNP represents a new approach to network and security for several reasons. Certainly its modularity and flexibility are key aspects of that. But, making it an open platform is something I believe that would really strengthen UNP in many ways. An open platform means that so many more people will be exposed to UNP, experiment with it, customize and change it to fit their needs, and they will get involved in it’s development. That fosters innovation as well. I believe there is much more opportunity for UNP because it’s open rather than closed like most platforms today in networking and security. (Linux and other open source tools excepted… which is why they are so widely adopted.

While in town, I had a particularly interesting lunch with Doug Barney, editorial director at Redmond Media Group. We talked a lot about new forms of media and how the tech industry print media has changed over the years. Doug was particularly interested in how I keep up to date on the information I need. One of his questions was; “As a CTO, what are the magazine sites you frequently visit or have as your browser home page?”

I really had to think about that question because, in fact, Google is my home page. At various times I’ve had several different magazine sites as my home page, but I’ve always ended up going to Google. I actually don’t go visit most magazine online sites. I find most of them too confusing to find what I’m interested in or what I’m looking for. What do I rely on? Well, one of the most important tools I use is Google Alerts. Between the alerts set up at StillSecure (shared amongst various interested parties) and my own alerts, I probably have 80-100 different phrases I get alerts on. I keep refining them and new phrases as I add them. There are of course other tools and information I use but maybe that will be for a future blog post.

Next I hopped on a flight to New York and after checking into the hotel (more on that later) I enjoyed a fantastic Italian dinner at La Parma in Mineola, NY. I actually lived in Mineola right out of college (from Nebraska if you can believe that) but Alan recommend this restaurant to me. Fantastic food – I just can describe who good it was. You haven’t had Italian until you’ve enjoyed some great NY food. Great food like this makes me miss living in New York.


Found: Data At Rest

28 Mar , 2007  

With all the interest in data leakage prevention, data encryption, data in motion and data at rest, I thought I should do some investigation into the topic myself.

Thanks to Google’s new “data mining” tools, I’ve located data at rest or DAR. DAR is alive and well, living is seclusion on a small private island in US Virgin Islands. See photo below for more details.


Report from the UNP road – Tuesday

28 Mar , 2007  

Another great day on the road (as great days traveling go anyway). I’m headed out the hotel room door for another round of meetings so just a quick update.

Several discussions during the day about unified network platform. Particularly interesting conversations with some industry experts who track the kinds and quantities of appliance boxes shipped in the network and security markets. UNP can be a great enabler for both appliances as well as off the shelf hardware. Wouldn’t you like your appliance to be an open platform rather than a fixed, proprietary device (that probably runs open source underneath the hood anyway?) Interesting discussions.

I wrapped up the day by having dinner with Chris Harrington. We picked right up where we left off at the RSA blogger’s meeting. Chris is a very sharp guy, and has some great perspectives on the industry. He’s also hooking me up with some people he thinks would be interested in UNP.

I’ve got to jet so that’s all until later this evening. Let me know if you are in NYC or San Fran and want to get together.

Be safe, and secure!


The cost of free

27 Mar , 2007  

Rob Newby at IT Security, the view from here commented recently on the unified network platform whitepaper and some of his ideas about whether free software is really free.

First I’m flattered than Rob and others have taken the time to read the UNP whitepaper and shared their ideas, questions and comments about it. That’s what is so great about this open online forum.

Rob has a good point; free software, including open source software, isn’t 100% free. There’s a cost with everything and open source or free software means traditional processes, such as support, are delivered differently than, say, commercial software. But open source software is something many organizations have used in some capacity. Many (maybe most) organizations have come to understand the value and use of open source whether for experimentation, casual use or something is utilized in a production network. Too many find the value and cost benefit of open source too compelling to ignore and that’s why we see so much of it in widespread use.

Keep in mind here that open source software is often hidden from view too. That appliances (like the one in the YouTube video I posted about earlier) is very like running open source software and a lot of it. It’s just been package along with a support or maintenance agreement. Alan joked in our most recent podcast about companies that just GUI-ize existing open source, and called it the “view source” business model. (As in, if you want to see their intellectual property, all you have to do is select View source in your web browser. lol.)

The ideas of an open platform embodied in UNP seem to be catching on pretty quickly. We should be entering beta very soon with not only some additional functionality but more of the open platform for creating unique functionality and user customization.

Thanks again to Rob for commenting about UNP.


UTM Media Center Edition

27 Mar , 2007  

I know it’s been blogged about before (Alan specifically a day or so ago) but I couldn’t pass up pointing out an example of appliance hardware based on general purpose hardware. Network World Blogbuzz also has a story about this video.

Check Point’s UTM-1 product is demonstrated in this YouTube video running Windows XP playing videos of The Family Guy. All it took was adding a video card, CD-ROM drive, keyboard and swapped out the hard drive. (I suspect they replaced the hard drive to retain the original Check Point software on it. The drive that shipped with the UTM-1 was a 7200rpm drive.)

Point being, general purpose hardware is showing up more and more in appliances, as I’ve said before, and here’s a real live demonstration.

I have a better idea of what to run on that appliance; UNP software! More to come on that topic soon.

Here’s the video. (The sound is kind of loud so you might want to turn down the volume.)


Report from the UNP road – Monday

27 Mar , 2007  

It was a very busy day yesterday, full of meetings discussing the unified network platform. Martin was with me and then he will be heading back west today.

Some really great discussions about UNP. I’m pretty overwhelmed by the positive reaction of what we are doing. And there’s good discussions about synergies we have with high end UTMs, virtualization, etc.. A good question came up about desktops and UNP. I think the focus on the network is the right place to be with UNP. Basically from my view point, every endpoint device should be considered untrusted. And UNP should be part of ensuring the network builds trust relationships with devices rather than assuming trust.

Let Microsoft, Symantec, McAfee and others secure endpoint and worry about how big or thick the agent software gets with agents managing other agents. That game is not a really interesting one to play. I think a role for UNP to play on the desktop is via the network and working with NAC technology – authenticating devices and users to the network, performing security checks, doing post-connect quarantining and such. That way the network is resilient from any type of device.

More meetings today about UNP and I anticipate some really great discussions. I hope to meet up with Chris Harrington tonight for dinner. If anyone else is in the Boston area today or Wednesday, NYC on Thursday or San Francisco on Friday, please drop me a line and maybe we can arrange to get together for lunch, dinner or drinks.

Hardware, Podcasts, Security

Podcast #34 – from the road

27 Mar , 2007  

podcast microphoneAlan and I finally got our busy schedules to collide and managed to record a podcast on Monday. This one’s from the road for me and I believe Alan actually got to do this from home for a change back in sunny FL.

In The Converging Minute segment I discuss the concept of a software appliance, related to my earlier post describing it as “just add hardware”. This is something I’m building into UNP (pdf) and we’ve also used in all the products StillSecure produces. Asterisk just announced they are doing something similar with their open source IP PBX product, and rPath has actually create a business out of supplying software appliance technology to vendors. (Correction: I think I said Astaro was doing this in the podcast but later corrected it to Asterisk – just so there’s no confusion.)

During our This Week In Security extended segment, Alan and discuss:
1. The “fighting 59 list” and security blogging elitism
2. Maturing of the NAC market – enduring over hype by the market
3. High performance teams
4. Symantec – Still relevant in the AV market, or just what are they now?

After making the “fighting 59” influencers lists, our egos are sufficiently overinflated so we elected not to have a guest this week. (It’s actually because of our crazy schedules, but that’s for another blog post.)

Join us for the podcast and as always we look forward to hearing from you. Send us cards, letters, thoughts, ideas, comments, etc. to podcast@stillsecure.com.

Icon_enclosure_music_7mp3 file