Related Links: NLC | Contact | Blogroll | Feed |

 

"You Two! We're at the end of the universe, eh. Right at the edge of knowledge itself. And you're busy... blogging!"
— The Doctor, Utopia


Wednesday, April 30, 2008

The Truth About Ben Stein

Brian of dotboom fame takes on Ben Stein and the film Expelled: No Intelligence Allowed. (Sorry, the vid can't be embedded so you'll have to click the link to watch.)

Labels: ,

Creepy Portal-esque video


via Geekologie

Labels: , ,

Tourist or Terrorist?

According to this article from The Memphis Flyer be weary of taking photos in Memphis. You just might be a terrorist.

A man walking through Tom Lee Park pauses to snap a photo of the iconic Hernando DeSoto Bridge. Another man shoots pictures of numerous downtown buildings.

Many would assume the men are tourists taking in the city's sights, but law enforcement officials say they could be terrorists staking out possible targets.

The scenarios were described at an anti-terrorism town hall meeting last week hosted by the Shelby County Sheriff's Office. The meeting, held at Cordova's First Assembly of God Church, was one of four public meetings that occurred in conjunction with Operation Sudden Impact, a new local anti-terrorism initiative.

"You may think a guy is just shooting pictures, but if you report it to us, we'll send it on to the FBI and they may have four or five other reports of the same thing," said Richard Pillsbury with the Tennessee Fusion Center, a collaboration between the Department of Safety and the Department of Homeland Security.

Shelby County sergeant Larry Allen warned attendees at the meeting to look for people who appear to be doing surveillance outside public buildings, such as shopping malls.

I'm glad I got my photos of Graceland a few years ago.

Labels: ,

Tuesday, April 29, 2008

Doctorow & Scalzi are doin' it for the kids

Labels: , , , ,

More Little Brother

Link to purchase and download this audiobook without Flash interaction

Labels: ,

Unshelved on Little Brother

image

Labels: ,

The War on Photography: NYC

I've  been reading more and more stories about police and government warring on photographers who are well within their rights to do what they're doing. As a photographer myself I'm starting to get a little nervous. Until now I've failed to post much about this issue but that stops here. I can't not share this video.


via Boing Boing

Labels: ,

UKULELE - BLITZKRIEG BOP

The next time I play this in Rock Band I might not be able to keep a straight face.

Labels: , , ,

Little Brother has landed!

Little Brother by Cory Doctorow Today the day for the new Cory Doctorow novel Little Brother. Click on the cover art to buy your copy now. In fact, buy a copy for every teenager in your life. (I ordered one for me and one each for the two 15 year-olds in my life.)

Not sure what it's about? Check out these words from authors John Scalzi and Neil Gaiman.

Now, here's my question: Since I'll be in Colorado this weekend I had my copies shipped there. I was hoping to download the traditional free copy to my Sony Reader today in order to be able to get started on the book tonight. Hey Cory, where's the downloadable CC-licensed copy?

Oh, and there's a how-to blog based on the book too. w1n5t0n [INSTRUCTABLES] If you can't understand the name of the blog, you're too old ;-)

UPDATE: It looks like Cory will be posting the ebook version "just as soon as I get back to London (I’m presently in Toronto, visiting my family with my newborn daughter). It’ll likely be Monday or so — there’s a bunch of little clean-uppy things I need to do with the Little Brother distribution site that I need to be in my office with uninterrupted time to accomplish."

Additionally, there's a DRM-free audio version available which "comes with my own sampling license: once you own it, you’re free to take up to 30 minutes’ worth of material from it and remix and then redistribute it as much as you like, provided that you do so on a noncommercial basis, make sure that it’s clear that this is a remix and not the original, and make sure that you tell people where to find the original. This is in addition to all the fair use remixing that you’re allowed to do without my permission (of course!)." Maybe I'll buy that tonight and listen to it on the drive to CO. That sounds like a great plan.

Labels: , ,

Friday, April 25, 2008

ICIW2008: Closing thoughts

Well, the conference is over. Here's the thoughts I've been left with.

When military folks talk about "open source" they're not talking about "OpenSource" as we know it i.e. OpenSource software. What they mean is non-military sources i.e. the mainstream media. Once I came to this realization several things I'd head in the past two days had completely different meanings.

This was my first "academic conference" and it's not what I'm used to. What I'm used to us presentations about software, and events, and "here's what we did". At this conference it was 20 minute presentations of the research presented as papers in the conference proceedings. I understand that this is the standard for academic conferences but I'm just not used to it. That doesn't mean didn't enjoy the conference but it was a tad frustrating hearing "and you can read more about it in my paper" in most of the sessions.

Overall I enjoyed my time over the past two days. I thought I was going to be in over my head but surprisingly I wasn't. (Except for that last session.) It's always interesting to step out of your comfort zone and learn some new thing and new perspective.

Labels: ,

ICIW2008: Analyzing Anonymity in Cyberspace

Douglas Kelly, Air Force Institute of Technology, Wright-Patterson AFB, OH

I'm tired and there's way too much text on these slides for me to take coherent notes. Also, there's serious math going on in this presentation which is way over my head. Sorry.

Labels:

ICIW2008: Organizing the US Government for the Contemporary Environment

Colonel Steven Mains, US Combined Arms Center, Fort Leavenworth, KS Director, Center for Army Lessons Learned
  • Thesis
    • us govt is ceding to the info war to our enemies
    • more money is required
    • govt must be reorganized to retake the initiative
  • 2 examples of what could have been
    • prior to OIF, France & Muslin world opposed invasion but were open to influence
    • IEDs became weapon of choice but have severe vulnerabilities
  • the problem
    • coordinated campaign required
    • info ops not integrated into planning and decision making
    • govt to people comms almost nonexistent
    • US Govt built in stovepipes
    • complete reorganization of the govt not a feasible option
  • End
    • advance US ideals and policies by ensuing that everyone has access to factual, unbiased, unfiltered info about intentions, actions & character of US, allies & adversaries
  • Ways
    • gauge world views by region, ethnicity, religion
      • identify market segments
      • identify acceptance and effects of policies
    • deliver truthful, tailored content that relies on our values to our policies
    • continuous reassessment
  • Means
    • Dep advisor to prez for national security (strategic communications)
    • increased national security council
    • strategic comms task force
    • dept of state reorg
    • DNI: covert communications
    • DHS: Infrastructure assurance
    • USAID: substantially increased Public Diplomacy capability
    • DOD: integrated into PD efforts, CNO

Labels: ,

ICIW2008: Developing Cyber Warriors

Jeff Boleng, US Sir Force Academy, Colorado Springs, CO
  • Cyberspace added to USAF mission in 2005
  • cyberspace is a warfighting domain
  • cyberspace covers all the other domains (air, land, sea, space)
  • different domains, different fucntions
  • recent threats & motivations
    • Hezbollah SIGINT attack on Israeli tanks
    • DNS Root Server attack 2007
    • Estonia 2007
    • pakistan youtube redirect 2008
    • IED jammers
    • F-22 flight over international dateline (avionics went black)
  • Broad requirements
    • USAFA graduates 1/4 of all new 2nd lieutenants
    • not "geek" focused
    • technical w/ a large dose of
      • ethics
      • legal studies
      • behavioral studies
      • military strategic studies
  • contrasting questions
    • how can we exploit adversary's e-systems
    • what is the legal authority
    • what are the national security implications
    • is cyber attack an act of war
  • prep of graduates
    • well documented outcomes
  • currently underway
    • core curriculum
    • baseline content
    • new upper-level courses
    • ensure coverage of AF education and training requirements
  • training to reinforce education
    • "unlike a traditional college we own our students"
    • basic cadet training scenarios
    • global engagement integration
    • summer space program
    • summer UAV program
    • DHS sponsored Black Dart
  • CS - Cyber Warfare Track
    • 37 grads since 2004, 8 in 2008
    • offered to all CS majors
    • NSA & DHS recognized standards
    • 3 courses taken as major options
      • cryptography
      • Cs security & IW
      • network security
    • details on the three courses given
  • Research
    • Academy Center for Cyberspace Research
    • current projects
      • jam resistant communications
      • biometrics
      • security education
  • Community involvement
    • other front range colleges
    • cyber defense exercise
    • computer and network vulnerability assessment

Labels:

ICIW2008: Characterizing Malware Writers can Computer Attackers in Their Own Words

Dr. Thomas J. Holt, University of North Carolina, Charlotte
  • digital crime markets
    • problem is increasing
    • also becoming more complex
  • criminological research
    • little research has been done
    • few studies have explored malware and hacker community in their own words
  • online resources
    • blogs
    • forums
    • this study focuses on Russia & China
    • not using their real handles
  • data & methods
    • qualitative analysis
    • identify 2 via snowball samples
    • qualitative analyses of open source materials online
    • linguists involved
  • RUSH
    • malware writer and hacker in Moscow
    • skilled individual
    • possible emotional problems
  • RUN
    • close associate of RUSH
    • skilled hacker
    • CS major at a Moscow university
    • may have minor health issues
    • loves his cat
  • Black Hat Gang
    • both RUSH and RUN belong
    • no stated political or financial agenda
    • provide a justification for their activities
    • rush & ru seem to have dif levels of productivity
    • have worked together
  • SAINT
    • Chinese national in Jinzhou
    • does not specify his motives but gives Chinese perspective
    • actions are somewhat contrary to his words
    • young student but doesn't enjoy school
    • likes girls & posts comments about love & relationships
  • SNAKE
    • associate of SAINT
    • difficult to gage his skill level
    • may be a script kiddie
    • is a student
    • may also have emotional issues though no specific reasons given
  • Hack Crew
    • SNAKE & SAINT are members
    • covert security technology group
    • criteria for membership
    • roles listed for members
      • SNAKE is a cracker
      • SAINT is a hacker/cracker
    • not clear how skilled group is as a whole
  • Discussion
    • all extremely interested in tech
    • variation in skill levels
    • justify what they do as education
    • some evidence of depression & substance abuse
    • variation in information provided
    • public & private resources needed to get mroe info
    • further research needed

Labels: ,

ICIW2008: Establishing the Human Firewall: Improving Resistance to Social Engineering Attacks

Jamison Scheeres, Air Force Institute of Technology
  • what is social engineering
    • techniques to manipulate people
    • also shoulder surfing
    • also dumpster diving
    • trick someone into doing something
  • huge threat in today's environment
  • red teams say SE is 100% effective
  • current defensive techniques are not effective
  • research
    • successful SEs are not caught
    • classification issues
    • ethical issues in deceiving subjects
  • psychological triggers
    • authority
    • reciprocation
    • strong affect (phishing)
    • overloading (buffer overflow for humans)
    • deceptive relationships
    • integrity/consistency
  • principles of persuasion
    • authority
    • consistency
    • liking
    • reciprocity
    • scarcity
    • social proof
  • resistance to persuasion
    • inoculation theory
    • self-efficacy
    • forewarning
  • "dispelling the illusion of invulnerability" (2002, Sagarin)
  • methodology
    • compared psych triggers to principles of persuasion
    • determine relationship between illegitimate persuasion & social engineering
  • military vulnerable to authority due to strict hierarchy of authority
  • conclusions
    • strong relationship between principles and triggers
    • illegitimate persuasion = social engineering
    • been trying to install resistance in the wrong way
    • solution is to demo to the individual they are personally vulnerable
    • security people must social engineer their people
  • future research
    • develope measurement
    • compare/validate various means of resistance training

Labels: ,

ICIW2008: Day 2 Keynote

Brigadier General Davis, US Strategic Command (Network Warfare)
  • Rapidly evolving battlespace
  • as long as we have two eyes and opposable thumbs we'll fight
  • econ major in college, never taken a CS course
  • I'm a social science guy
  • was never good at math until he had to learn how to make a bomb hit its target
  • Heads groups that operationalizes network warfare
  • has been learning about the cyberspace fight
  • tech has always made new inroads into warfare
  • modern networking tech is no exception
  • air, land, sea, space, now cyberspace
  • evolutionary steps in warfare
  • not going to talk about servers and high tech
  • what can we learn from the past
  • navigate the rocks and shoals of change
  • looks back to the advent of air power in warfare
  • some thought that war could be won by airpower alone
  • Curtis LaMay, father of Strategic Air Command
  • continuous readiness - 24/7
  • should also apply to cyberspace
  • Roy Geiger, saw airpower as part of a team effort, WWI Marine
  • but airpower could still be decisive
  • Geiger was there for for Bikini Atoll tests
  • the change was about speed and reaction time in this nuclear age
  • Geiger continued to say that it depended on an integrated effort
  • in cyberspace timelines are reduced to miliseconds
  • starting to learn what it takes to accomplish this
  • some was it's different, some things are the same
  • must change and adapt
  • "spectrum of conflict"
  • peace-something happens-spool up-war-spool down-back to peace
  • exploitation of anonymity
  • across a broad spectrum of activities
  • no one major adversary in cyberspace, could be anyone
  • not just the velociraptor nation -state we're up against
  • must be able to scale up operations quickly
  • final analysis: "there is no peace in cyberspace"
  • must be ready 24/7
  • multi-diciplined force of cyberwarriors is needed
  • must be ready when a crisis presents itself, which could be anytime
  • Marine General - three-block war: humanitarian/infrastructure, peacekeeping, high intensity conflict
  • we have the advantage in cyberspace right now but superiority would be better
  • no one military service can own this fight
  • military must partner with the intel community, law enforcement, allies
  • will need new authorities and policies
  • we are a nation of laws and those must be followed
  • "I've got a bunch of lawyers too"
  • training & education is key
  • must sustain operations to the highest level at all times including peacetime
  • on guard at all times
  • offensive and defensive tools
  • must integrate cyberspace tools with those in other war-fighting domains
  • must take account of trans-regional nature of cyberspace
  • no geographic boundaries
  • no single points of vulnerability
  • a digital bullet doesn't follow a straight line
  • multi-point attacks
  • our capabilities need to be distributed

Labels:

ICIW2008: Day One Photos

Firefly Supercomputer (21)My photos from day one of the conference are up in a flickr set. This evening I'l be adding my day two photos. Even if you're not interested in the conference itself, be sure to check out the photos of Firefly, the supercomputer cluster on the UNO campus. Not only were we allowed into the room, we were actually allowed to walk within the clusters themselves. Let's just say it was quite the experience.

Labels:

Thursday, April 24, 2008

ICIW2008: Religion, Ideology and Information Warfare

Geoffrey Darnton, Bournemouth University, UK
  • "if you can get into people's heads you can achieve anything"
  • different consequences if people fear being killed vs. wanting to be killed
  • scope and key issues
    • currently, mainly conceptual
    • conflics vs. war
    • war and conflict can only occur if people are willing to play
    • "willing" - coercion or real willingness
    • belief systems are critical in info warfare
  • war v conflict
    • technically war is a legal state
    • iw = information warfare
    • maybe should be saying information conflict
    • Civilian-ization of warfare via info technologies
  • origins of war
    • technology
    • law
    • social organization
    • opinions and attitudes concerning basic values
  • willingness
  • religion and ideology
    • same thing or not?
    • both are complex sets of characteristics
    • why does it matter in the discussion of IW?
    • many acts of conflict and war are done n the name of furthering or preserving some important value of belief
  • meta ideo-religious framework?
    • experiential
    • ritual
    • mythology
    • ethics
    • doctrine
    • social
  • framework extensions
    • symbols
    • key personalities
    • faith
    • deification or reification
  • example religions
    • middle eastern
    • indian
    • far eastern
  • example ideologies
    • capitalism
    • marxism
    • humanism
    • social anarchism
    • democracy
    • are there characteristics similar to religions?
  • proselytizing
    • done both by religions and ideologies
    • often accompanied by behaviour to discourage "non belivers"
  • studies of war
    • stats based on religious wars
  • extensions to ideology
    • how many wars have been fought based on ideology?
  • empirical questions
    • how many have been killed as consequence of the pursuit of religion
    • ...pursuit of ideology
    • predict that now ideology now kills more than religion
  • Information operations
    • targeted at belief systems
    • goal to move people within info space
    • change beliefs
    • change value judgments
    • relies on underlying epidemiological model for spread of beliefs
  • causes of war
    • seeking causes may be futile if war is a persistent human phenomenon
    • suggests that something like "Information Peaceware"
  • conclusion
    • characteristics of religions and ideologies are similar for practical purposes to have the same effects when it comes to war and conflict.

Labels:

ICIW2008: Implementation of a Multilevel Wiki for Cross-Domain Collaboration

Cynthia E. Irvine, Naval Post Graduate School, Monterey, CA
  • Motivation
    • collaboration permits information sharing
    • attractive collaboration tool
    • can it be applied in an MLS environment
    • [M: don't comment on Wikipedia's "legitimacy", not relevant here in the least]
  • objective
    • develop multilevel wiki
    • want high assurance policy enforcement
    • run it as untrusted subject outside of TCB
  • Testbed design slide
  • highlights
    • high assurance components
    • ["thin client running OS from a CD"???]
    • COTS components
    • Underlying server
      • BAE XTS-400
      • "{linux like" interface
  • background
    • more than 140 wiki engines available
    • aims
      • narrow list
      • select one or two to test
  • selection methodology
    • extensive public use
      • wiki engines
      • wikimatrix
      • wikipedia
    • considerations for MYSEA environment
      • execute on red hat 8
      • interface w/ apache
      • simple setup, flat-file system
    • other considerations
      • popularity
      • features
        • MediaWiki used as a baseline
  • Flat-file wiki list
  • Short-listed wikis features slide
    • PmWiki
    • TWiki
  • 2 determining factors
    • identity-based access control
    • concurrent editing
  • Decision
    • TWiki
    • better footprint
    • better user control
    • better editing
  • porting methodology
    • run on plain Red Hat 8
    • Port Wiki to XTS-400 for execution as a single-level subject
    • make multilevel aware
  • web-based collaboration support
    • logs into system
    • logs into wiki
    • user can read, edit, create
    • high users able to read and modify content at high, able to view at low
    • low users only able to read and modify wiki content at low, can link to high but not create high target
  • wiki design & architecture
    • directory organization
  • standard twiki architacture
    • apache runs as singe user
    • file system DAC
    • wiki DAC
  • MYSEA WebDAV DAC
    • Apache
    • MYSEA Apache Config
  • Implications
    • Users can bypass TWiki access controls by going directly to filesystem
  • Solution Space
    • run on dedicated server
  • Testing
    • conductedtesting at various stages
    • objectives
    • test plans conform to MYSEA documentation standard
  • Wiki in MYSEA visualization slide
  • Future work
    • Single signon
    • Multilevel data fusion

Labels:

ICIW2008: Understanding IRC Bot Behaviors in a Network-centric Attack Detection and Prevention

Gail-Joon Ahn, UNC Charlotte
  • motivation
    • malicious bots
    • surgein attacks
    • 1241 bots collected by them in the past year
    • 25% not detected by AV tools
  • background
    • most unknown bots are not detected
    • risk-aware detection and prevention
    • taxonomy of botnets is available
  • approach
    • components work individually & in cooperation
    • analysis is performed both on and off the internet
    • repository system component
    • pattern correlation system component
  • correlation system
  • Traffic analysis
    • detect malicious agents
    • something else
    • something else
  • IRC Sandman
    • Simulator
    • Animations of how it works
  • ongoing effort
    • bot characteristics
    • IRC conversation
    • Intel attribution
    • building new maps with various knowledge bases

Labels:

ICIW2008: The Impact of Vista and Federal Desktop Core Configuration on Incident Response

Daniel J. Cotton, Univ of Nebraska, Omaha
  • Vista Firewall
    • filter incoming & outgoing traffic
    • IPSec
  • Address space layout randomization (ASLR)
    • Moves vista around in memory
  • BitLocker
    • hard drive encryption
    • uses TPM @ bootup
    • can be used in one of three modes
    • 128-bit AES, can use 256-bit
  • User access control
    • red/yellow/blue/gray backgrounds have meanings
  • user accounts
    • programs run at the level of the default user
    • must elevate to run as admin
  • filesystem
    • volume boot record has moved
    • journaling
    • directory structure changes
      • symbolic links
      • junction points
    • virtual folders
    • registry structure changes
    • virtual registry
    • recycle bin moved & contents changed
    • event logs
      • xml format
      • 30 different event logs
  • forensic testing preparation and execution
    • downloaded text virtual machines from NIST
    • set up w/ default settings
    • set of no-cost comm and line tools
      • executed all from batch script
      • run each tools separately to find differences
    • focused on command line tools
    • tool list not meant to be complete
    • in Vista run as regular user and as admin
  • impact of Vista on the tools
    • 3 out of 46 failed completely
    • one failed to resolve installation date
    • some ran with gray UAC window
    • some ran on xp as user but wouldn't run witout admin on Vista
  • Impact of Vista on *.mui files
    • majority failed
    • .mui file must be copied to the trusted media
    • this behavior is not well documented
  • Impact of FDCC
    • only two tools failed
    • impact minimal
  • conclusion
    • impact of vista on incident response is significant
    • changes need to be made to the toolset
    • impact of FDCC is less than anticipated

Labels:

ICIW2008: Afternoon Keynote

Are the System Security Watchmen Asleep? Dr. Roger Schell, Aesec Corporation, Palo Alto, CA
  • Executives are frequently clueless about security
    • rely on professionals to be their watchmen
    • "acceptable risk" based on gross misperception
  • serious failure by security professionals
  • "watchmen" responsible for likely disasters
  • air gap between domains is secure - but crippling
  • multi-level security slows or prevents info sharing
  • misguided mgt response
    • accredit and deploy low insurance platforms
    • ignore that low assurance is unevaluatable
    • exacerbate risks with plans to get well
  • watchmen - sound the alarm
    • subversion threat is serious and growing
    • unconscionable use of overly weak solution
    • verifiable protection technology languishes
  • cross-domain solutions
  • challenge is CDS connectivity
  • connection of disparate domains is multilevel
  • Cyber warfard subversion likely
    • tiger teams are subversion tool of choice
    • adversaries can use 30+ years experience
    • buy IT solution from your mortal enemy?
  • Trojan horse attacks
    • hidden functionality in application
    • application user is unwitting agent
    • current networks' open vast opportunity
    • 3000+ products online have easter eggs in them, all benign, doesn't mean all will be benign
  • Trap Door attack
    • malicious code in platform
    • can be remotely activated/deactivated
    • efficacy and effectiveness demonstrated
  • summary of subversion process
    • infrastructure subversion
    • execution of artifice software
    • (optional) "two card loader"
    • access to unauthorized domain data
  • weakest link in flawed solutions
    • single flawed interface exposes whole net
    • "secure application" is non-computable
  • "secure" pixie dust components
    • vested interest research "sand boxes"
    • hard problems for MLC systems remain
    • CDS can be no better than platform it is on
  • flaws in solutions missed
    • false security from isolated components
    • accreditations cannot responsibly judge flaws
    • only a veriftably secure CDS is evaluatable
  • impact indications and warning
    • vendor downloadable product subverted
    • intrusion can replace traditional espionage
    • SW subversion steals credit/debit card data
    • military recognition of subversion
  • Sorry state of defense today
  • sharing data across desparate domains need MLS
    • isolation obstructs missions
    • any low connection => MLS
    • class A1resists subversion
  • share but resist subversion
  • proven methods evaluated and deployed TCB
    • mature, proven trusted systems technology
    • "rainbow series"
  • verifiably secure: Class A1/EAL7
    • only this class excudes malicious software
  • proven solution: security kernel
  • illustrative MLS demonstrations
    • multilevel secure web server
    • multilevel ftp server
    • covert communications proxy
  • validated verifiable technology
    • blacker
    • hsrp
    • chots guard
    • cots trusted oracle 7
    • saclant client/server
    • affpb crypto-seal guard
  • more opportunities
    • mls networked windows
    • mls network attached storage
    • guards & filters
    • real-time exec
    • verifiably secure mls linux
    • identity management
    • mls handheld network devices
  • cost/benefit of evaluated protection capabliities
    • more cost, more benefit
  • conclusion
    • subversion threat is serious and growing
    • unconscionable use of overly weak solutions
    • verifiable protection technology languishes
    • customers aren't telling vendors security is a priority

Labels:

ICIW2008: Using Markov Models to Crack Passwords

Reiner van Heerden , CSIR Pretoria, South Africa
  • passwords are part of everyday life
  • password model
    • crack passwords
    • measure strength
  • suggested rules
    • upper & lower case
    • numerals
    • 8 character minimum
    • no dictionary words
    • no names
    • easy to remember
  • People keep using a single password for everything
  • Asdf1234
    • follows those rukes
    • possible patterns
      • start w/ cap
      • follow w/ keyboard sequences
      • end w/ numerals
  • tradeoff between security & memory
    • avg length 7-8 char
    • advice usually ignored
    • dictionary words & numbers are popular
    • special char use limited
    • memory is the key factor of choice
  • Markov model
    • sequence of events for which... just see the photos
  • Results (see photo, actually very interesting)
  • Uses
    • defensively as a password strength evaluator
    • offensively as a tool to enhance password guessing

ICIW2008: Interactive Visualization of Fused Intrusion Detection Data

Stuart Kurkowski, Air Force Institute of Technology, Wright-Patterson AFB
  • Work in progress, developing the tool to do all this
  • Fused Alert Data
    • alert data is cleaned and reduced to remove redundant or false-positive alerts
    • IDS Alerts and log files are grouped into "tracks"
      • 10939 CGI Script events reduced to 150 tracks
  • Cyber situation awareness model
    • level 0 & 1 exist
    • level 2+ is this project
  • three part approach
    • fused track data only
    • minimalist additional data & track data
    • visual attributes for context awareness
  • why visualization?
    • large volume of data
    • visualization advantages
      • more resources to apply
      • humans process visual data faster
      • relevant info visualized not searched
      • patterns easier to recognize
      • temporal activity becomes more obvious
      • more configurable interface
  • Other products
    • NVisionIP 2004
    • PortVIs 2005
    • VisFlowConnect 2005
    • VIAssist 2007
    • VisAlert 2005
  • Methodologies
    • lots of screenshots. See fickr tag iciw2008 in my account for photos
    • TCPDump data linked with the tracks to give additional context and information
  • the visualizations involve a dynamic and interactive process (i.e. filters)
  • filters can be saved and retrieved to run against different datasets
  • Results
    • allows visualization of heterogeneous sources
    • provides more context
    • provides viz filter
    • easier to project behavior
  • future
    • add database source to front end
    • colors, shapes & borders to be added
    • directional information

Labels:

ICIW2008: Outsourcing and the Insider Threat

Carl Colwill, BT DEsign Security Risk & Compliance, UK
  • "The insider will always be the greatest threat"
  • Worry about the senior people, not just the lowest people
  • hard to distinguish your people from 3rd party people due to so much outsourcing
  • it's a rapidly changing world
  • national and international boundaries are being stretched
  • India is a playground for intelligence communities right now
  • risk assessments are essential
    • incorporate regional factors
    • what are the crown jewels?
    • highlight risk priorities
    • identify layers of control
  • streamlined risk assessment tools need to feed into business decisions
  • By outsourcing you may actually be giving away confidentially
  • new opportunities for attack
    • loyalty thresholds
    • most threat agents will apply inducements to turn insiders
    • failing that they'll infiltrate with their own people
  • complex mix of threat agents and influences
  • what can be done?
    • many controls
      • physical
      • logical
      • personnel
    • key topics
      • categorizing 3rd parties
      • segregation (physical & logical)
      • minimum privileges (physical & logical)
      • system & user account mgt
  • many approaches can be applied to build trust and relationships
  • but allin the context of massive vendor staff churn
  • it's not just about technology
  • compliance is fundamental
    • evidence &detection
    • ongoing education and awareness
    • requires periodic onsite visits
  • conclusions
    • outsourcing is increasing attach posibilities
    • these threats can be assessed, modeled & managed
    • however can be expensive
    • it's a balance of risk and cost

Labels:

ICIW2008: Opening Keynote

Persistence, Ambiance, and New Maps Brian Lopez, Lawrence Livermore Laboratories (Led security for Utah winter Olympics)
  • 1200 comp sci folks @ LLL
  • LLL has world's largest laser & world's fastest supercomputer
  • Vulnerability and Risk Assessment Program founder
  • field assessment
    • threat
    • vulnerability
    • consequences
  • actionable findings
  • 1996 Presidents Commission on Critical Infrastructure Protection (PCCIP)
  • 1998 Presidential Decision Directive 63: Policy on Critical Infrastructure Protection (CIP)
  • Moved to DHS in 2003
  • DHS seeme to be "perpetually reorganized" (audience snickers)
  • Energy infrastructures
    • electric power
    • oil
    • natural gass
    • Most owned by private corporations
  • Assessment activities completed in 30 states
  • Look for isomorphisms
  • Red Hat, Black Ice exercises
  • US Computer Emergency Readiness Team
    • training annalists on protocols & systems
  • Classified work
    • Intel, VAs/Red Teaming, SNM,DBT
  • Methodology Development
  • Emerging vulnerabliities
    • 802.11i & Zigbee
  • Smart border initiative
    • attacks in canada & mexico can affect CI here in the US
  • "Critical Infrastructure is the one place where the computers touch the physical world"
  • Terrorist simulations folks use OpenSource tools
    • dumpster diving too
  • Philosophy
    • combine strong security and domain expertise
    • field experience and capabiities
    • multi-diciplnaty teams
    • work at three levels
      • strategic
      • tatical
      • technical
    • approach - listen, learn, teach, collaborate
    • actionable findings
    • customers make all decisions
    • continuous support
  • Broke into state power grid in 20 minutes. Board's response was "great, who do we fire"
  • "Information" warfare, not computer science warfare
  • Three themes
    • Ambiance - what's ambient that we can leverage
    • New Maps - seeing though new lenses
    • Persistence - tools to make those maps
  • Beware of photocopiers, especially those with network connections and hard drives
  • Has the mic on the videoconferencing system on even when they're not using the room for a video conference?
  • "OpenSource reconnaissance" / Social Engineering
  • "How to initiate a fire drill other than the obvious starting a fire?" (laughs) "Hey, the terrorists aren't beyond starting fires."
  • "The electric power grid runs on water." so blow up the water main two blocks away from. (Second order effect)
  • The Problem with Persistence
    • photo of a theatre
    • single exposure of a whole film
    • Too much information creates no information
    • "The sum of everything is nothing"
  • "Honey Nets"
    • Replicate a system to attract the bad guys
    • "instrument the heck out of it" / "instrumented to beat the band"
    • learn from what they try to do to it
    • Now they're building the map for you
  • Research ideas for the attendees
    • Ambiance
      • expand field of vision of the target
      • expand the avenues of attack
      • cascading failure - infrastructure interdependence
      • cascading support - leverage the dark fiber when other standard connections fail
      • auto-characterizing environments tools
      • ex-filtration
      • what can you inject to induce signatures?
    • New Maps
      • "Good maps help win the war"
      • map of the air - value cocaine from measuring the air
      • maps of sound - IEDs & "what the locals know" - when the marketplace goes more quiet than normal
      • biometrics - gait analysis, veins in the face, "we need BIG biometrics map"
      • "maps used to represent the data, everything you know. now a map is a viewpoint, not everythng you know"
      • establish new baselines & establish tools to organize that data
      • mapping the physical to the cyber - where are the people in the virtual world located in the real world?
    • Persistence
      • More complex sensors
      • More signal sensors
      • We need tools to peer into all that data & pull out actionable items
    • bioengineer plants to react to certain elements
    • All this is dual-use i.e. commercial and governmental
  • CS graduates are down 50%
    • this is a crisis for the country
    • There are tons of CS jobs available right now
    • encourage Americans to go into science, esp CS

ICIW2008: Morning notes

  • Conference is tightly scheduled. All presentations are 20 Min + 5 min for Q&A then 5 min to move to next session.
  • Ooh! There's going to be a tour on the on-site supercomputer at the end of the day. Hope I can take photos.
  • Hosting Institute director: "We have the right people here working on the right issues" which makes us all feel safer

Labels:

Information Warfare and Security Conference

Today I'm attending day one of a two-day conference titled he 3rd International Conference on I-Warfare and Security on the University of Nebraska, Omaha campus. I'm very interested yet I'm sure I'm in over my head. There are folks from all over the worls here including major universities and a lot of Air Force personnel. Here's the sessions I plan on attending today:
  • Outsourcing and the Insider Threat: An Increasing Security Risk
  • Interactive Visualization of Fused Intrusion Detection Data
  • Using Markov Models to Crack Passwords
  • The Impacts of Vista and Federal Destop Core Configuration on Incident Response
  • Understanding IRC Bot Behaviors in a Network-centric Attack Detection and Prevention
  • Implementation of a Multilevel Wiki fro Cross-Domain Collaboraton
  • Religion, Ideology and Information Warfare
I'll do my best to blog throughout the day but I'm not sure how much I'll be able to easily and clearly explain on the fly. However, here's the ironic thing: I got in for free. This was through someone at the Univeristy Library. However, it seems I didn't make it on to the ist of registered conference attendees. No problem, they took my name, said come back later as they'll make me a badge, handed me a conference packet, and told me to enjoy the conference. By thew way, did I mention this was a "security" conference? On another note, the WiFi here is working great and I'm doing all this on the Cloudbook.

Labels: ,

Wednesday, April 23, 2008

Of Librarians, Photography, Copyright & Creative Commons

Before you read this post be sure you've read these other posts and I don't really feel like summarizing them, just responding to the issues at hand.

I was going to post about this since I seem to be the "CC Guy" in the library world post-CIL2008 but then I decided not to as I'm not in the mood to write something worthy of what I have to say about it. Now, is looks like we will be discussing the issue on tonight's episode of Uncontrolled Vocabulary so I've decided to create this less-than-perfect response if for no other reason than to organizer my thought in preparation for tonight.

Resolved:

Whereas the original blogger of the image in question did not own the copyright on the image in the first place, they are just as "wrong" in republishing it on the Net as anyone involved.

Whereas the original blogger states "Please note that this image has a copyright, for non-commercial distribution with attribution" then displays the CC BY-NC-SA license, this wholly makes no sense. Either the image is under traditional copyright or it's under a CC license. You can't have it both ways.

Whereas Michael Casey followed the license as far as I can tell I consider him pretty much faultless in this situation.

Whereas the original blogger insists that you use her code to post that image anywhere else, that both a) does not jive with the CC license given and b) is not something most Web publishers will do since she could change the image to something else at any time and therefore that would display new, non-approved content on my site.

Whereas the original blogger is stating a copyright, and stating a CC license, and then stating that others must only post the image the way she wants, she is trying to have her cake and eat it too and that just won't work. Pick one. You can't have all three.

Whereas the original blogger issued a DMCA takedown notice to Yahoo! (owner of Flickr), I consider this to be a complete overreaction to the situation. She should have contacted Michael first and tried to work it out with him personally. I'm sure he would have been reasonable about it.

Whereas Yahoo! received the DMCA takedown notice they did the only thing that the law allowed them to do, and took the image out of Michael's account. Michael and I see this as completely unreasonable but I still find Yahoo! faultless since they had no choice under the DMCA. I hope that Yahoo! will restore the image pending their investigation.

Whereas Flickr does not allow for a public domain license, I agree that they should. Anyone know who to write to in encouragement of adding a PD license?

Whereas the new Free Use Photos Flickr group has been created, I believe this might only cause additional confusion and problems as most of those photos are in the "Free Use Photos" group yet still have a traditional full copyright listed for rights. In other words, we teach users to check the rights but now have to say "but as long as it's in this group, you're allowed to ignore the listed rights."

Whereas I was invited to participate in this group I have decided to respectfully declined. I am more than happy to let pretty much anyone use my photos as long as they give me credit. (In fact I've allowed several commercial organizations to use my photos without paying me.) My CC license allows for this just fine. I'm not willing to put my photos into the public domain at this point since then others could use my works without giving me credit.

Therefore I believe that the problem is not Creative Commons but a distinct lack of understanding of one or more of the parties. The solution is not to give up on CC as Michael has done, but further education.

Labels: , ,

flickrfs

This looks totally cool but I don't believe I've got the Linux chops yet to pull it off. Anyone else want to try first and report back?

Flickrfs is a virtual filesystem which mounts on your linux machine like any other partition. Once mounted, it retrieves information about your photos hosted on your flickr account, and shows them as files. You can now easily copy photos from your local machine to this mount, and it will automatically upload them to your flickr account. Similarly, you can copy the files from your mount to your local machine, and it will download your images from flickr.

via Lifehacker

Labels: ,

The latest blog numbers from Technorati

Ok, I should have posted this a few weeks ago but I've been busy. (Can you tell I'm link dumping today?)

According to Technorati, 175,000 new blogs are born every day. Bloggers post 18 new updates every second.

via Poynterevolution

Labels: ,

HP BookPrep Creates Long Tail for Out-of-Print Books

Been sitting on this one for a while so I'm just finally going to dump it here and let you investigate further on your own. Me? I say it sounds and looks interesting.

A new service from HP's IdeaLab is HP BookPrep, a print-on-demand service. With BookPrep, consumers can order any book, whether current or out-of-print, and have it prepared for them as a print-ready PDF eMaster file. What's more, the HP technologies used in the imaging process can restore older, damaged copies of books back to their original form.

via ReadWriteWeb

Labels: ,

Tuesday, April 22, 2008

What could have changed in 20 years?

Junior Prom (1987)See those two cute kids in the photo over there to the right? (Well, at least one of them is cute.) That's me and Kathy, my date to the Junior Prom back in 1987. (Note the big hair and gold.)  So, why am I posting this photo now? Well, it's all Facebook's fault.

Last week I received a friend invite from a "Kathy" who's last name I did not recognize. In the message she gave her maiden name and I instantly placed her despite having not spoken to her for more than 20 years. (Back at the prom she was currently dating my best friend who went to a different high school and she was a year behind me so I invited her to my prom.) How else could this have happened except through the current wonders of online social networking.

When I asked how she found me she said "your grad class". Here's where it starts to get weird. Having been a trainer for the past 14 years and having also taught in the University of Denver's grad school, I immediately became confused. "Through DU?" I asked. What she'd meant was my "graduating class". She has searched through Facebook's page for our high school and looked for folks she new who she might have gone to school with. And, there I was found.

Suddenly I find myself using Facebook for more than just playing Zombies and Scrabulous. We've been "e-maliing" back and forth for a week now still busily catching up. A lot has happened to the both of us in the past 20 years but I have quickly learned that Kathy is still the wonderful person that I remember.

Not to get too into what I think about my high school years but I've only regularly spoken to one person from back then. Most of that was intentional, some of it was not. That was true until this past week. I'm so happy that this giant heart and smile has come back into my life.

Labels:

Saturday, April 19, 2008

How to create a Twitter conference feed

I'm not sure I want to make a habit of this but I've received another request to blog on a particular topic. I've been meaning to write this post for a while so I'll just look at this as the push that I needed to actually do it. ;-)

So, for three conferences now I've created a Twitter RSS feed for those who are not at the conference to read the posts of those that are. The method or system isn't perfect but I think I've got the major bugs worked out. So here's how you do it.

  1. Create an account using the name of the conference and/or some abbreviation thereof. For example, the last one was "CIL2008". Be sure to use an e-mail address that you've not previously used to create a Twitter account. (Twitter only allows one account per e-mail address.) If you plan on doing this for another event in the future, I suggest using a throwaway e-mail service so you don't run out of e-mail accounts you actually use.
  2. Write a tweet or two while logged in as that account telling people that there won't actually be any content here as no one will actually be tweeting under that username.
  3. Write a tweet telling people that if they're attending the conference who to contact to be added as a friend. Early attempts had me telling people to direct message me or the conference account with the request but this proved unreliable for people with protected Twitter accounts. I suggest telling people to e-mail you directly with their request.
  4. As people contact you, log into the conference account and follow that person. Follow anyone who says they'll be at the conference and will be Tweeting from the conference. (Following people who are not attending will just clutter the resulting feed with non-relevant information.)
  5. People only need to follow the conference account if their tweets are protected. Otherwise, following the conference account is technically pointless since there won't be any actual tweets from that account. (You'll be busy tweeting from your personal account.)
  6. Instruct those not attending to follow the RSS feed found at the bottom of the conference account's "With Others" page.

That's it. I hope I've explained it well enough for others to recreate what I've done for other events. Feel free to post requests for clarification in the comments below.

Labels: , ,

Recent reuse of my photos

Consumerist - Starbucks Ordered To Pay Back

lux.et.umbra - Misconceptions on Wifi hazards

MLTnotes - Not Library 2.0

Consumerist - Man Ejected From Flight

Consumerist - Starbucks Coffee No Longer

Labels: ,

Wednesday, April 16, 2008

Oregon: our laws are copyrighted and you can't publish them

According to Boing Boing "The State of Oregon is sending out cease and desist letters to sites like Justia and Public.Resource.Org that have been posting copies of Oregon laws, known as the Oregon Revised Statutes."

Want to read them online? Check them out on TravelinLibrarian.info! I wonder if they'll send me a letter.

If the LSW presentation @ CIL2008 had been done using PowerPoint

Labels: , , ,

Why downloading Firefox is like getting into college

Firefox-logo According to Seth Godin:

This is true of bloggers, of Twitter users, of Flickr users... everywhere you look, if someone is using Firefox, they're way more likely to be using other power tools online. The reasoning: In order to use Firefox, you need to be confident enough to download and use a browser that wasn't the default when you first turned on your computer.

Seth's Blog: Why downloading Firefox is like getting into college

Labels:

Tuesday, April 15, 2008

Pecha Kucha CIL2008

Here it is folks. The CIL2008 Pecha Kucha. Six presenters, each with 20 slides for 20 seconds each slide.

Labels: , ,

Sunday, April 13, 2008

Richard Dawkins / Doctor Who connections & appearances

According to SEB, Richard Dawkins is making a guest appearance in this season of Doctor Who. Even cooler, Dr. Dawking is married to Lala Ward who played Romanna #2 in the classic series and was previously married to Doctor #4, Tom Baker. (None of this I new previous to a few minutes ago.)

Labels:

CiL2008 Slideshow

I took over 650 photos at CiL2008 and have uploaded them all to a flickr set. As it was to be expected, some where better than others. Here, IMHO, my 70 best.

Labels: , ,

Friday, April 04, 2008

Thing #19: Pandora

This Thing had us wandering about in the list of Web 2.0 Awards nominees, and picking one to write about. I picked the music category and what do I find as nominee #1? Pandora! One of the single best music sites on the Internet.

Here's how it works. You start with an artist or a song that you like and create a "station". That song is then played for you, followed by another, and another, and another, all fitting into the same general style as your original song. To adjust the types of songs that are being sent to you, click on the thumbs up or thumbs down for the song currently being played. Too much bass in that song, thumbs down. That song's perfect, thumbs up. It's a great way to hear artists you may not be familiar with.

I mostly use Pandora at home. Despite an extensive CD collection (thousands) most of which is not yet on my network, I'll often got to Pandora on the laptop hooked up to my HDTV and have Pandora supply the soundtrack for the afternoon.

Here's the favorite of my stations based on the classics of Miles Davis. This and my other stations can be access through my profile page.

Pandora: Miles Davis Radio

Labels: , ,

Thing #18: ZOHO Writer

I had an account and I didn't even remember that I did. Good thing that my browser remembered for me...

Anyway, I've been using Google Docs lately due to my recent acquisition of a Cloudbook. This tiny computer does have a hard drive and USB ports but I figured it would just be easier to do my work online and be able to pick it up from any other computer. Trouble is, I'm jus tnot all that impressed with Google Docs' lack of features.

Now, this Zoho Writer thing, which I'musing to write this post, is, at first glance, impressing me a whole heck of a lot. I see lots of formatting buttons and even a Collaborators feature allowing me to bring in others to edit documents along with me. (Not having anyone to test that with at the moment I'm unclear on how well it works. For example Google Docs allows multiple people to work on the same document at the same time (sort of) so I wonder if Zoho Writer allows that same level of fucntionality.

Hmmm, maybe I'll have to try Zoho Writer next time while on the Cloudbook or on my office laptop during a department meeting.

All that being said, let's see how easy it is to publish from her to my blog. If you're reading this you can assume it went off without a hitch.

John Legend covering “Pride (In the Name of Love)”

On the 40th anniversary of MLK's assassination.

(via Whatever)

Labels: , ,

Thing #17: PBWiki

I'm a firm believer that PBWiki is a great way to get your feet wet when it comes to creating and editing a wiki. My only complaint is that the WISIWYG editor locks up Firefox. Oh, well, off to IE I go. I added to the Favorite Music page in our wiki. Check it out if you're wondering.

Labels: , ,

Thing #16: Wikis wikis everywhere

I'm a fan of wikis but when used appropriately. In other words, no matter how much you like wikis at a technology, that doesn't mean they're right for all situations. Here's a way to think about it: blogs are for conversation, wikis are for collaboration. Just because you have three people editing your Web site, that doesn't mean it should be based on wiki software.

Additionally, those that say that Wikipedia isn't a good resource, are using a different Wikipedia than I am. I use it almost daily. Occasionally I find myself looking elsewhere to verify the information Wikipedia contains but generally it is right.

Labels: , ,

Thing #15: What is Library 2.0?

I'm going to cheat on this one and post a screencast created by my friend Cindi Trainor since I agree with every word she has to say about the topic. (The text is small in the embedded version so you'll want to click the Full Screen icon once it starts playing or view it on blip.tv directly.)

Labels: , , ,

Thing #14: Technorati

I have a love/hate relationship with blog-specific search engines. On the one had I long-ago "claimed" this blog in Technorati to make sure that it was indexing my content. I also appreciate that those of us attending conferences like Computers in Libraries can tell those who wish to follow along to just watch for the conference tag in Technorati.

On the other hand, I don't use it for searching at all. I rarely find myself asking "Gee, I wonder what's being said about this topic in the blogosphere." Is it that I don't care what bloggers have to say about a topic, no. It's just that I already follow via RSS the bloggers I care about so I already know what they think.

I suppose I could use something like Technorati more and maybe I should give it a second chance, but it just doesn't come to mind when I need to search for things.

Labels:

Thing #13: Del.icio.us

I use Del.icio.us a lot! I've still got a a set of my most used bookmarks in my browser for quick access but pretty much everything else goes into my Del.icio.is account. Most importantly I use my account to post the links that are relevant to my workshops and presentations. For example, I've tagged all the links for my blogging workshop with "class-blogs". This way, I can sent all of the blogging workshop attendees to http://del.icio.us/travelinlibrarian/class-blogs instead of giving them a piece of paper with a long list of sites and URLs on it. Also, with this method, after class, attendees can return to this URL whenever they like and see the most recent resources that I feel are relevant to the topic. I've been doing this for a little over two years now and all my students have grabbed onto the concept quite well.

Labels: ,

Thing #12: Rollyo

I've played with Rollyo in the past and didn't find it of much use as I don't do many subject specific searches. However, on further investigation, I could see a library setting up some specific topic-based searches for use on the reference desk. For example, Lincoln City Libraries setting up a search that runs against all sorts of Lincoln-related resources.

I did end up creating a pseudo ego search for myself. Use this one to search against all my different sites and profiles that I've got online. For example, if you want to see what I've posted online involving the commission search the box below for NLC, choose "The Travelin' Librarian" as your search engine, click Search and see what you get.


Powered by Rollyo

Labels: ,

Thing #11: LibraryThing

I've been using LibraryThing for a few years now and love it! You can find my profile here. I've paid the $25 for a lifetime membership and (geek that I am) imported all of the ISBNs from my home catalog into my account to get started. Since then I add all my new books as soon as I get them home. Just seven more books and I'll have 4,000 in my account. My favorite part of the whole thing is being able to access the mobile version of my account on my cell phone in order to be able to answer that age-old question: Do I already own this? LibraryThing has come to my rescue many times. I've also met Tim Spalding, the creator of LT and he's both wonderful and intelligent. If you're interested in knowing more, check out this talk that Time gave to the staff of the Library of Congress in 2007.

Labels: ,

Thing #10: Puzzled by Sushi?

Today's the day where I catch up, if not complete since I'm at CiL all next week, with our Learning 2.0 program. Thing #10 is image generators. I've got to say that I LOVE playing with image generators. I've got quite a list of these in my del.icio.us account. (Check 'em out.) So, having played with many of them in the past I tried to find a new one and, courtsey of fd's flickr toys, I've now used the Jigsaw generator. Here's the result:

Puzzled by sushi?

Labels: , ,

Wednesday, April 02, 2008

Game On!

What: Gaming (& Gadgets!) Night
Where: CIL 2008, Jefferson Room
When: Sunday, April 6th, 5:30-8:00 pm
How much: FREE
Who: You and other people interested in gaming

Jenny Levine and Aaron Schmidt have given a few gaming workshops at past Computers in Libraries and Internet Librarian conferences. After the sessions we’ve opened up the room to anyone interested in playing some games and/or learning about gaming. It’s proven to be a popular and really fun time, so this year Information Today has turned the post-workshop gameplay into a featured event. With refreshments even!

Computers in Libraries 2008

They’ve assembled an impressive array of games!

Systems: Nintendo Wii, Playstation 2, and Xbox 360. We’ll also have two Nintendo DS handhelds.

Games: Wii Sports, DDR, Hotel Dusk, Guitar Hero III, Professor Layton and the Curious Village, Wario Smooth Moves, whatever you bring, and Rock Band.

Since they’ll have three systems going at once, we’re opening up the option of an honest to goodness tournament with prizes. You probably want to know which game, huh? Well, it’s up to you. Sign up on the CIL08 wiki titled CIL08 Gaming Night to play Rock Band, Guitar Hero, or DDR. We’ll play whichever game gets the most signups!

In addition, Chris Harris is bringing some modern board games. Bring your own games, bring your latest shiny, new gadgets, and we’ll see you Sunday night!

Labels: ,

Tuesday, April 01, 2008

I've been offered the job of a lifetime!

Check out the details here. (Sorry, I'm just to excited to blog details at this point.)