Entries by jd.mubix

 So there are all kinds of links that I find and queue up to look at but hate keeping them open in tabs, and they aren’t always in Google Reader and I don’t want to spam to twitter, so Mubix’s Links was born. I setup ScribeFire with a new blogspot account and now, no more tabs, it truely feels like an application of GTD. Plus it allows anyone who is interested to follow along via the blogspot feed. As edsmiley commented in IRC something to the effect of that he doesn’t need all the security blog feeds he just lets me do all the work. 

 Today I was in a brief / talk / meeting and I just wanted to share with you some of the things that I saw in this event that might better help you know what NOT to do while getting up in front of any size crowd.

• Death by bullets (Yes this is bulleted to be ironic). But seriously, this was a reoccuring theme throughout the meeting. Try and keep it to 3 or 5.
Simple = Better

• The slides should not be more important than the speaker. If your slides can be printed out and disbursed. Don’t waste the time of everyone attending by reading them or having us read them.
• If the audience takes more than 5 seconds to read a slide = FAIL

• If the speaker takes more than 2 seconds to read a slide = FAIL (this is only tolerable at the 2 second limit during long and information intense talks)

• If your text during slide creation is AUTOSIZING DOWN, you are in the process of FAIL

• Visio is a hand out development tool. Using it as a slide development tool = FAIL

• Holding items in your hands without the items being on topic = FAIL (do not figit with a book, or a pen or an award until it is time to use said object)

• Interrupting you co-speaker to enhance points = FAIL (this is NEVER a good thing) You are demeaning your co-speakers presence.

• Making it obvious that you were not paying attention to your co-speaker by stating that you don’t know something that was actually just presented by your co-speaker = MAJOR FAIL

I just wanted to get these off my chest as the speakers were not interested in input. I hope these help you become a better speaker.

I believe there is a fear in the security community about speaking. Most don’t believe they either have something important enough to say, or have some awesome ‘thing’ and are just too afraid of the stage. Here are some resources and videos that have helped me gain the confidence to speak.

Gary Vaynerchuck @ Web 2.0 Expo: http://www.youtube.com/watch?v=EhqZ0RU95d4
-- Specifically look at how he speaks. How he starts, how he finishes. Does he have slides?

Merlin Mann @ Google: http://www.youtube.com/watch?v=uOgHE5nEq04
-- Look at his slides, how does he flow through them? Moving from point to point continuously without stopping for the slide change. How does he get the people present to interact with the presentation.

Those are two dynamic (hate that word), and powerful speakers who know how to make IT (not eye-tee) interesting no matter what IT is.

Ok what about slides, well, basically SlideShare is the YouTube for presenters. You can post your slides, get them reviewed by some of the best in the biz, browse and see how the pros do it, etc..
http://www.slideshare.com

Here are some select slides that have made a difference in my presentation style:
http://www.slideshare.net/eduruiz8/death-by-power-point-presentation

http://www.slideshare.net/fabiancrabus/presentationzen

http://www.slideshare.net/tomdolly/better-presentations-322298

Also, Garr Reynolds, one of the masters of presenting can be found at http://www.presentationzen.com/.  You can find him on SlideShare at http://www.slideshare.net/garr/ .

Garr talking at Google: http://www.youtube.com/watch?v=DZ2vtQCESpk



Comments from some of the Security Catalyst members (Used with permission):
Are you a member? Want to be? Here is the link to the thread: http://www.securitycatalyst.org/forums/index.php?topic=1013.0

Andrew Hay from http://www.andrewhay.ca/ writes:

Great post Rob. I know quite a few people who list “public speaking” as their biggest fear. The only way to overcome that fear is to keep doing it and recording “webinars” (I hate that word) is a great way to get over those jitters.

Dave Hull from http://trustedsignal.com/ writes:

Rob thanks for starting the thread. I’ve been working to increase my face time with groups over the last year plus. I don’t consider myself an extrovert, but do enjoy presenting.

I’ve been studying presentation and teaching styles for the last few years -- http://www.presentationzen.com/ is a great site. All the presentations I’ve seen at http://www.ted.com are quite good.

I recently attended a pretty bad presentation. The slides were typical PPT -- title, too many bullets with too many words after each bullet. The presenter never moved, was factually wrong on several counts and when he tried to get the audience to participate he flat out insulted one person who mispronounced Ethereal. It was awful, but I learned more about what not to do.

I’d like to start submitting talks to conferences. My problem is a form of writer’s block -- what to talk about. But I know from having attended numerous talks where I didn’t learn anything new, that having a brilliant new idea is not a prerequisite to giving a talk. There’s always going to be folks in the audience who know more and less than you do.

I was fortunate to be invited to speak at my local ISSA and HTCIA chapter meetings this month. It was a last minute invitation due to cancellations of previously scheduled speakers. Both groups needed to hear back right away and when I asked my employer about it, I was told I would have to get the approval of the Ethics Committee. Since that process was going to take some time, I had to decline the invitations. However, I did finally get standing approval for future engagements. Lesson learned, make sure you check with your employer and get your ducks in a row.

I recently checked out the Stand And Deliver audiobook from my local library. It’s not revolutionary, but it’s worth a listen/read for anyone who is interested in public speaking.

Thanks again for the links and the thread.

  Security4all from http://security4all.blogspot.com/ writes:

A favorite topic of mine.
Don’t forget the excellent blog Slide:ology from Nancy Duarte who worked on the book with Gar and now has her own book. http://slideology.com/
I have yet to buy and read her book myself (due to lack of time).

You might also want to have a look at my own blog for some pointers here and there. I still have a lot to learn and practice but you might find some useful info in there:
http://blog.security4all.be/search/label/presentations

Also, have a look at my Slideshare favorites. Sometimes because of the slides, sometimes because of the topic
http://www.slideshare.net/security4all/favorites

Wim Remes from http://domdingelom.blogspot.com/ writes:

Ain’t that the truth.

I am an introvert, no doubt about that.
If there is one thing that helps to get over ‘the fear’, it’s dry-runs, and lots of them. There’s no substitute
for training your public speaking skills in front of an audience of people that you know and trust. People that
you know will be honest with you and push you forward. 

I think most of the sites have already been mentioned PZ, Slideology, TED, Google Video (Authors@google are good sometimes too),
Youtube, at this moment I can’t think of any other.

Didier Stevens from https://didierstevens.com/ writes:

Quote:
Most don’t believe they either have something important enough to say

I believe this idea is also enforced because of the extra media attention one type of IT security speakers get: “The Sky Is Falling” speakers.
It’s not because you’ve not broken something, or you have no prediction of impending doom, that you’ve nothing valuable to say. To the contrary.

Another hint to help you overcome your fear of speaking in public, is to start with a subject you’re passionate about (or at least interested).
Your passion/subject-expertise will help you gain confidence.

Analyze your fear of speaking in public. Try to identify which particular aspects of speaking in public cause you to fear it.
Are you afraid to
- draw a blank?
- get audience questions?
- look unprepared?
- speak to ranking officers?
- speak to a large public?
- ...

If you can identify precisely what worries you, you can start to work on that specific point to gain confidence.
Example: afraid to draw a blank? Rehearse! Use notes, bullet points, mindmaps, ...

Kevin Riggins from http://infosecramblings.wordpress.com/ writes:

The suggestions and resources offered so far on this thread are excellent. I would like to add Toastmasters.  I believe it is one of the best venues available for developing your speaking skills.

As alluded to previously, several studies have shown that the most common fear people have is speaking in public. Toastmasters helps overcome this fear or at least be able to perform in spite of it in the following ways:
-Speaking often - you have the opportunity to speak frequently. As the saying goes, practice makes perfect.
-Trusted audience - the people you are speaking to are supportive and understand exactly what you are dealing with.
-Constructive feedback - your audience is expected and in essence required to provide you with feedback. However, it is not rah rah session. I have gotten many helpful tips. Plus there is a designated evaluator for each of your speeches with very focused feedback.
-Great materials - the training materials are great for helping you learn how to develop good speeches and how to deliver them effectively.

Toastmasters is an international organization, so you can find clubs all over the world.

Ron Woerner writes:

How ironic.  (ISC)2 has an article in their winter magazine on speaking (http://tinyurl.com/63tyvp).  
It’s cool to see the message is getting across.

Although, it’s like golf; the only way to get better is to (a) practice and (b) get qualified feedback.  You can read all you want about it, but that won’t make you a good presenter.
Get out there and do it.  Then ask a trusted friend what you can do better.
(Of course, Toastmasters provides this)

Anyways, I hope this helps. From pro to n00b, the day we stop improving is the day we start dying, As for not having anything good to say, stop fooling yourself.
 

Rob
http://www.slideshare.net/mubix/ -- No posted slides yet, mine will be in que for http://informer.ihackstuff.com/ -- Johnny Long’s brilliant idea for raising money for charity by having people release to people early based on subscriptions, all proceeds go to children in need.

This is an untested theory, but I don’t see why it wouldn’t work. Anyone who wants to prove it either way is very welcome to comment on the matter below.

Ok. Say you have the following exerpt from an /etc/shadow file:

root:awac7eQv2CT0g:12685:0:10000::::

or billybob:$7$b1XHzqR5$RJxOyHRAix2rVmtXyHkLikmnod.z94P6vSL1h8ZeUdY/urvOvkvJjg2hn/J0r90YAdAA8HedGIPR2D7.zIzJS0:14438:0:99999:7:::
 

Both passwords in clear text are “uncrackable”. Here is where the trick comes into it. We use the weakness in LM hashes to crack the password (as long as it’s under 15 characters of course). We do this by slamming the password into our system, installing SAMBA, and telling it to use our UNIX users/pass combos for authenitcation. Then we use the LM cracking method of choice, and you get the clear text password.

Using one cracking method to crack other encryptions. Again, just a theory as I haven’t tested it, but I don’t see why this wont work. I would say it’s about time for you to start using 15+ character passwords if you haven’t already.

Merry Christmas!

BSODomizer Review

Alright you all have heard of some of the annoying items that make ThinkGeek a one stop shop for cube warfare, such as the Annoy-a-tron and the Phantom Keystroker. Well nothing can hold a candle to the BSODomizer. Along the lines of the Annoy-a-tron and the Phantom Keystroker, this device is hardware and messes with your target on a timer based method. But what gets added to the mix is the fact that it has an IR reciever as well, so while you are giggling in your cube trying not to bust up laughing, you can actually use any Universal Remote set to the Sony TV code, a TV-B-Gone (Mitch Altman’s awesome invention), or even a computer that it set to send that signal from it’s IR port. There are a bunch of settings on the BSODomizer, including the NSFW option that spawned it’s name. It has both Windows and Mac blue screens and a multitude of timings. It also works with VGA to DVI converter and rumors have been heard of a two port and / or a DVI based one. I liked this thing so much I ventured into making my first video (which I begged Darren Kitchen to help edit, and he graciously did). 

Joe Grand of Kingpin Empire and Zoz released the BSODomzier on the world this year at DefCon 16.  Here is what they they say about it on their site:

BSODomizer is a small, battery-powered, mischievous electronic gadget that interfaces between a laptop or desktop and VGA monitor and flashes a fake BSOD (Blue Screen of Death) onto the monitor at random time intervals or when triggered by an infrared remote control. This will cause the user to become confused and turn off or reset his or her machine. You can also choose to pop up a much more sinister BGOD (Blue Goatse of Death) after the BSOD has been visible for a few seconds. The BSODomizer will automatically detect when the computer has been turned off or restarted and will revert to the harmless video pass-through mode, leaving the user unaware of any wrongdoing. Legitimate uses of the BSODomizer include monitor/projector/video calibration or as a simple timer to remind the user to take a break from sitting in front of the computer. Various configuration settings are selected via on-board DIP switches.

Check out the Manual for all of the possible options and the site for details on how to make one for your self or buy a pre-built.