1st, I did a presentation to the Boston Chapter of the Association of Government Accountants for their monthly meeting as part of my day job. I’d like to think I did fairly well and there certainly was a fair amount of discussion afterward. In case any of them find their way here in an attempt to find my slide decks, I am happy to oblige:

• Information Security and You PPT (1.4MB)
• Information Security and You PDF (1.8MB)

2nd, I have been selected to speak at QuaghogCon in Providence, RI the weekend of April 24th and 25th. I’ll be departing from my usual “Information Security” speaking groove and instead will be evangelizing Amateur Radio. Sadly, this means I’ll be missing out on B-Sides Boston, but that’s the way the cookie crumbles. Registration is open now and I’ve heard rumors that attendance will be capped at 150, so even if you don’t want to hear me speak, buy a ticket; there are going to be some awesome presentations.

My talk went as well as I could have hoped. Despite some minor issues with regards to what I could and couldn’t talk about and thus the presentation being much shorter then I wanted it to be, I felt I fielded all the questions cleanly and ones that I could not answer I made sure I got business cards so that I could follow up. For those of you interested in downloading my slide deck it is available here:

• Massachusetts Data Breach Laws, Regulations, and Responsibilities (PPT, 828K)
• Massachusetts Data Breach Laws, Regulations, and Responsibilities (PDF, 286K)

Some highlights of the conference:

• David Mortman‘s delicious bread, which he handed out if you asked questions during his talk. I got a slice because I was able to answer a question.
• Marcus Ranum‘s keynote. Despite being a presentation of “The industry is beyond repair, and here’s why…” gloom and doom, I was able to at least grab some good points out of it that will enable me to fight the good fight. He also made a great metaphor: “3D dancing pigs” meaning something which management wants and will try to implement despite any warnings.
• James Atkinson‘s counter-surveillance talk. Last year he did telephones and this year he did automobiles. Crazy stuff.
• L0phtCrack 6 information session. I can’t wait.

And these are just the ones I can remember off the top of my head.

SOURCE is a great conference and if I had the time and money, I’d seriously consider going to SOURCE Barcelona in September. If you have the chance in 2010, I would highly recommend attending.

L0phtCrack is back! At a special information session at SOURCE Boston (Thursday, 10:15am), the team that brought you L0phtCrack will be releasing version 6 of the highly-acclaimed Windows password auditing tool. Come to the session to learn about this release, its new features and platform support, and the story of the product from the days of the L0pht, to @stake, Symantec, and finally back to the L0pht.

Expect this site to go live soon!
See you at SOURCE!

This is great news. L0phtcrack was an amazing utility (technically it still is, just a bit old) and it’s great to see development on it revived. I am pretty sure it will be a piece of every security person’s toolkit as soon as it’s released. I’m also sure that this session will be standing room only. I know I will be there.

I’m excited to be a part of SOURCE. I attended last year and it was an excellent conference. A great mix of  secruity geeks and business types and everything just seemed to click. Not as “free-for-all-ish” as DEFCON or HOPE, not as stuffy as a business conference. This year, it’s shaping up to be even better: They moved the conference to a better location, and the schedule is even more impressive then last year. If you’re a security geek, you should definitely look into attending. It is worth every penny.

Of course there is an off chance that someone might make a grand entrance a touch early. I think everyone is hoping that doesn’t happen.

As a brief side, the Hacker Ethic was a term coined by Steven Levy in his excellent book Hackers: Heroes of the Computer Revolution (If you haven’t read this book and are involved in IT, click the link and order it. Now. Go ahead, we’ll wait. Back? Cool.). One of the key points that I always feel is one of the great equalizers in computers is the fact that people are often accepted by their knowledge, rather then their position or their alphabet soup after their name. (However, they are not mutually exclusive)

HACKERS SHOULD BE JUDGED BY THEIR HACKING, NOT BOGUS CRITERIA
SUCH AS DEGREES, AGE, RACE, OR POSITION.

The ready acceptance of twelve-year-old Peter Deutsch in the TX-0 community (though not by non-hacker graduate students) was a good example. Likewise, people who trotted in with seemingly impressive credentials were not taken seriously until they proved themselves at the console of a computer. This meritocratic trait was not necessarily rooted in the inherent goodness of hacker hearts–it was mainly that hackers cared less about someone’s superficial characteristics than they did about his potential to advance the general state of hacking, to create new programs to
admire, to talk about that new feature in the system.

This is often a very common theme technical circles. Unless, of course, you seem to of the female persuasion at which point it seems to be thrown out the window. I really experienced this in college. The handful of women in our classes were leered at, harassed, and generally made uncomfortable by some of our more “vocal” geeks who probably thought that it was some part of the mating ritual. To be 100% honest, I was dismissive of some of them until I came to the conclusion they could hold their own. Since then, I’ve had the pleasure to meet and work with some talented women, some of who can kick my ass technically.

The computer industry is very male dominated. Conferences have booth babes and the likes of Vanna Vinyl, which I’m sure doesn’t encourage women to get involved in the field. However, shouldn’t people who subscribe to the hacker ethic start equally applying it equally to both sexes?

Also, since we’re on the topic:

Talented Women in Computers who’s weblogs I read, and so should you:

• Jennifer Jabbusch – http://securityuncorked.squarespace.com/
• Jennifer Leggio – http://mediaphyter.wordpress.com/
• Stacy Thayer – http://www.stacythayer.com/

Truth be told, I’m not 100% sure what to expect. Most of my previous “security” conferences have been either DEFCON or HOPE, which I assume will be slightly more “low brow” then SOURCE. For example, I’m not expecting SOURCE to have A room full of hammocks you can crash on. But, from what I can gather, and from what the schedule says, it will be a pretty good time. It looks like it’s going to be a good mix of business types and security geeks, and it’s approaching the idea with the right attitude (Pub crawl anyone?). Another plus, any conference where I don’t expect the conference attendees to smell like week-old BO == Win. (Hooray!)

I’ll be staying mostly on the Security Technology track, with possibly heading over to the Application Security track if something over there catches my interest. I’ll be attending the pre-conference gathering tonight, along with the reception tomorrow night and the pub crawl on Thursday. If anyone of the four of you who read this want to meet up, IM, text, tweet, comment, or poke me at the conference.