innismir.net

As previously mentioned, I'll be going to SOURCE Boston tommorow. I'll be attempting to the conference on my somewhat shiny and new Twitter Feed. Per haps I may even, *gulp* "live blog" (Ugh. I feel dirty for saying that).

Truth be told, I'm not 100% sure what to expect. Most of my previous "security" conferences have been either DEFCON or HOPE, which I assume will be slightly more "low brow" then SOURCE. For example, I'm not expecting SOURCE to have A room full of hammocks you can crash on. But, from what I can gather, and from what the schedule says, it will be a pretty good time. It looks like it's going to be a good mix of business types and security geeks, and it's approaching the idea with the right attitude (Pub crawl anyone?). Another plus, any conference where I don't expect the conference attendees to smell like week-old BO == Win. (Hooray!)

I'll be staying mostly on the Security Technology track, with possibly heading over to the Application Security track if something over there catches my interest. I'll be attending the pre-conference gathering tonight, along with the reception tomorrow night and the pub crawl on Thursday. If anyone of the four of you who read this want to meet up, IM, text, tweet, comment, or poke me at the conference.

One of the cool things about the new job, is that they are very pro-conference. Even better, they have a budget for conferences that cost money! Source Boston sounds really cool. While it may not be as cool as DEFCON or ShmooCon, it definitely has that "hacker-ish" feel to it. Of course, any conference with a pub crawl associated with it definitely gets the thumbs up from me.

PaperGhost runs VitalSecurity.org, a very informative and amusing look at malware. He's full of amusing quotes such as:

Bruce Lee understood that there was no problem on this Earth that could not be solved by repeatedly punching someone in the face until they stopped getting up.

Over the past month or so, he's outdone himself.

I occasionally take down phish sites and the such. However, PaperGhost has done everything short of handing down divine judgement to a bunch of script kiddies who think that phishing Myspace and Habbo Hotel accounts is the bleeding edge of computer coolness. PaperGhost has shown them that such enterprises do not end well:

• A Portrait of the Artist as a Young Man
• I asked, you answered
• Rise Up With Fists, Strike Down With Vengeance
• Witness the Collapse of a Self-Styled Empire
• Helgi, The Finale
• What the Hell(gi)?
• Making the World Burn
• Is this a beatdown stick I see before me?
• Did the Cops bust some chops?
• ncoming: First Reaction to Yesterday's Takedown
• A Call to Arms
• Hack and Scream - Headshot
• An Evening With Father Christmas

A bit of reading, but highly enjoyable...

Nepenthes is a wonderful tool that is great for collection of various malware nastiness. It's extremely useful and has provided me a fair share of amusement when I review the logs seeing all the various trash the Internet's tubes try to dump onto my computer. I love Nepenthes.

Unfortunately for me, Nepenthes also completely sucks.

Nepenthes does some amazing things in the areas of collecting malware, examining payloads, and automatic analysis. However, from a user perspective, it's a fetid pile of yak's droppings and an abomination in the sight of God. The software seems to be in a perpetual state of debugging, which, by itself is OK, but it seems to constantly want you to run it from the console. This makes it difficult if you ever want to run it unattended, which in most cases you will want to do considering you're essentially trawling for malware. Also, the logging facilities also seem to reflect this, as extracting meaningful messages from the log file is pretty close to reading tea leaves.

The thing that really drives me batty is trying to get Nepenthes and Honeyd to work together. The author seems to know that people want to do this and tries to explain what has happened, but provides a next-to-useless explanation and ends it with an update of "The Honeyd guy managed to do this, but I don't know how."

I know that almost all open source software is on some level classified as a hobby, but wouldn't you at least try to make inquiries as to how to make it work, and or adjust the codebases to make this kind of setup easier? Instead, you have people like me who are using duct tape and bailing wire solutions to "fix" the problem, and are unable to recommend the software for use in production environments because of specifically that.

Which is sad, because I love Nepenthes.