innismir.net

…and not in a good way unfortunately.

Rick, K6VVA, posted this on the CQ-Contest listserv last week that he was filing a petition to the FCC because someone (or someones) are forging callsigns on the DX Cluster network, including several prominent contesters, and are engaging in trollish behavior. While I frown on this behavior, as someone who deals with this kind of behavior on an almost daily basis the PFRM that Rick submitted to the FCC is a goldmine of unintentional comedy and another waste of the FCC’s time. Rick’s comparison to someone bootlegging a callsign to identity theft and his filing this with the FBI makes me cringe and laugh at the same time.

Rick, let me tell you: As someone who deals with all the crap that goes on the Internet, someone impersonating people on a DX cluster will rate on the FBI “to do list” right above “Find a way to arrest people on the Internet who are mean.” The FCC has no jurisdiction in this case as they can’t control what goes on networks like the Internet. Finally, there is the 1st amendment in play here as anyone should have the ability to spoof a callsign in a legal and non malicious manner. Also, I’m glad to see that Rick is trying to maximize the wasting of my Federal tax dollars by engaging not one, but two agencies on his private crusade.

Rick, and everyone else, this Internet is a scary new place, but let me teach you on how to deal with the person/persons behind this: Ignore them. By filing this PFRM, you may have thought that you might scare them, but you’ve only cause them to step up their efforts as they now they know they’re getting under your skin. Great job. Speaking of skin, you also need to toughen yours up. If cataloged all the insults hurledmy way in my 14 some-odd years on the Internet, I’m sure I could fill out an exhibit twice as long and twice as off-color.

While Rick is completely overreacting to this problem, this is a symptom of a broken system for DX Spots. DX Clusters are inherently anonymous. I can easily log into one randomly, pick a random call sign and start giving out spots to the global network. By not including any kind of authentication nor the ability to track who sent what, it allows this kind of nonsense to go on. Steps need to be taken to track down troublemakers and to include the ability to trace back spots to the originators. Sadly, such a system would require a massive push for everyone on the system to upgrade and some kind of central governance that could disconnect people who choose not to. Since the DX Cluster network is so organic, such a thing is not going to happen any time soon, and we are just going to learn how to deal with trolls on the system.

I was very lucky this summer because the Security Office got some funding for training and footed the bill for another SANS course. I opted to go for SANS SEC504: Hacker Techniques, Exploits & Incident Handling. I did a “At Home” course this time, which met three times a week online and was taught Ed Skoudis and John Strand. While I did like the self paced learning that I had for SEC503, but it was very cool to be taught by the folks that you always heard on and about PSW. Plus, I was able to make snide remarks in the chat window.

As much as I still wonder about certifications in general, I am starting to really like SANS courses. The course wasted little time on the basics and quickly had us rolling up our sleeves mucking about in what I classify as “cool sh*t”. While I did have stretches where I was just nodding and going “yeah… yeah… know that… uh-huh…” I would occasionally see or hear something, go “Oooh!”, and make write down some notes. The course consisted of 5 books of material, ranging from incident planning and handling to how to exploit systems, and then culminated in a capture the flag contest. I am ashamed to say the CTF was designed well enough that I could barely establish a toehold on the first server, I guess my days of staying up for an entire weekend and dominating the CTF at Northeastern is far behind me.

Although the course itself wrapped up sometime in the summer, I finally took my certification test today and passed with flying colors. I am happy to report that I have even more alphabet soup after my name and I am now “Ben Jackson, GCIA, GCIH”

For the longest time, I had two Google accounts. One of which was a GMail account I never used, the other was the one I used on a daily basis that was hooked into my regular e-mail account. This did toss me some curve balls when I wanted to use my handle for a Google service on my day-to-day Google account, as it reserved the name for my GMail account.

Then Google Wave came out, and I couldn’t pick my handle for my username. My response being: “Oh, for f*ck’s sake.”

So, this was the straw that broke the proverbial camel’s back. I have moved all my settings over to my “GMail account” and wiped out my old account. Unfortunately, this means that if you followed me on one of Google’s services (like my Reader Feed) that just went up in a puff of electronic smoke. However, this allows me to give Google even MORE of my information and like an idiot, I have: I now have a publicly accessible Google Profile that has links to the various social services I use.

Also, I am starting to resume doing stuff on my Tumblr which is mostly my Google Reader feed and stuff that is too long to fit on Twitter.

Share and Enjoy!