Rant

 So there are all kinds of links that I find and queue up to look at but hate keeping them open in tabs, and they aren’t always in Google Reader and I don’t want to spam to twitter, so Mubix’s Links was born. I setup ScribeFire with a new blogspot account and now, no more tabs, it truely feels like an application of GTD. Plus it allows anyone who is interested to follow along via the blogspot feed. As edsmiley commented in IRC something to the effect of that he doesn’t need all the security blog feeds he just lets me do all the work. 

 Today I was in a brief / talk / meeting and I just wanted to share with you some of the things that I saw in this event that might better help you know what NOT to do while getting up in front of any size crowd.

• Death by bullets (Yes this is bulleted to be ironic). But seriously, this was a reoccuring theme throughout the meeting. Try and keep it to 3 or 5.
Simple = Better

• The slides should not be more important than the speaker. If your slides can be printed out and disbursed. Don’t waste the time of everyone attending by reading them or having us read them.
• If the audience takes more than 5 seconds to read a slide = FAIL

• If the speaker takes more than 2 seconds to read a slide = FAIL (this is only tolerable at the 2 second limit during long and information intense talks)

• If your text during slide creation is AUTOSIZING DOWN, you are in the process of FAIL

• Visio is a hand out development tool. Using it as a slide development tool = FAIL

• Holding items in your hands without the items being on topic = FAIL (do not figit with a book, or a pen or an award until it is time to use said object)

• Interrupting you co-speaker to enhance points = FAIL (this is NEVER a good thing) You are demeaning your co-speakers presence.

• Making it obvious that you were not paying attention to your co-speaker by stating that you don’t know something that was actually just presented by your co-speaker = MAJOR FAIL

I just wanted to get these off my chest as the speakers were not interested in input. I hope these help you become a better speaker.

I have had this rant on Twitter (if they had threading I would link to it). I have also had it in person a half dozen times at CSI Annual. And a piece of it was touched on a piece of the puzzle by Jack Daniel on his blog posting “The Fallacy of Penetration Testing”. 

We as “Security Professionals” have a big problem. We usually don’t have the power to make change. This has been a fight that every one of us has gone to bat for and usually lost. We are basically security guards without guns. We don’t have the ability to shoot that intruder if he trys to step up. Now, that is an over simplification, but you understand what I mean.

So we all want the power, but are we ready for the consequences that such power brings? Are you ready to loose your job or go to jail if someone breaks into your network? Again, an over simplification, and I understand there are things outside the control of all of us, but if you implement security policyes, and products, and they fail, why do we just go ‘oh well, lets mitigate and try to catch them the next time’. I don’t think that the security community as a whole is ready for such power or the consequences it brings. I know this is going to be a very controversial issue, so fell free to post your comments. Tell me why you think we are ready for the guns.   

I use gmail. Not really a big admission nor, very hard to find out. But the reason I use it is becasuse of it’s theading and archiving. For me those two abilities are unmatched anywhere else, both Outlook and Thunderbird fail horribly at this.

More to the point, I have reached a certain level of ‘zen’ with my GTD methods on gmail. I am in a constant battle for “Inbox Zero” and have “Starring” extremely useless for me. My problem lies in the fact that I have email threads that I am waiting on people to reply or I simply want to reply later. While keeping them in my Inbox is alright, it is a mental block in my quest for Inbox Zero to have to go to the next page of emails and work from there due to the first page being full of followups.

So, I thunked on the problem and came up with the idea of a snooze button. I would like a snooze button in gmail where I can click a email thread, and it asks me for a date and time period and possibly a note to tag along with it. And then, on that date or elapsed period of time OR a new email enters the thread, the thread reappears in my Inbox. I realize that you can Star, then archive, and then check your stars, but that doesn’t work for me, it is simply like making a second inbox to manage.

If anyone has any ideas on how to make this happen or a contact at google that would be willing to listen to the idea, please leave a comment or shoot me an email.

Koala image used with permission from: http://flickr.com/photos/witchietaitai/2629766357/

 Hi, and welcome to my trap. I see a ton of searches of just your type on my site on a daily basis. Lets get down to ranting.

Maltego is an awesome tool, it’s also GIVEN AWAY for FREE.. As in beer, which they allow you to use their servers to do your stupid little ego searches on. STOP TRYING TO STEAL IT.

Offensive Security 101. This is by far the best course / certification that I have attempted thus far in my career. It is informative and challenging. STOP TRYING TO STEAL IT.

Just to sum up a bit and not sound like a total ass. I fully support the use of torrents, for many of it’s uses. I do not however support the torrenting of projects such as this. The Offensive Security people contribute day and night with the development of BackTrack 3, which is again, free. Paterva also gives away the use of their Community Edition of Maltego for free. 

Instead of just taking from the community like the leech that you are, try contributing something. 

</rant>

Those who frequent my blog, I am sorry, this rage is not intended for you.