.:Computer Defense:.

Note: this was a series of posts following RSA but some personal issues delayed this and now I'm posting a single post on the subject.

This was my first year at RSA, and via the wonder of blogging, I had a press pass.  I also, unfortunately, had an exhibitor badge. That isn't to say I didn't want to be at the booth (I actually love being at the booth -- although, while many people walked by and loved our shirts, I wasn't a huge fan... just a huge pumpkin ), it just meant I had less time to use the press pass. I also didn't have a lot of time to post while at RSA, so now I'm doing my blog posts... based on a few notes and lots of foggy memories.

I have an interesting flight story to share, but I feel as thought it might be better sent to the consumerist, I'm not entirely sure yet.

Anyways, day one I met with a few interesting people. First I meant with some people from Commtouch to discuss their technology and what they do. It sounded rather interesting and I look forward to testing it out at some point in the future. Following that, I met with Michael Sutton from Zscaler, who'd I'd met once previously. I really enjoyed this discussion and think we'll see some really cool things out of Zscaler in the future.

I spent the morning at the nCircle booth and expected to see masses of peopel everywhere after hearing about the number of people last year. I later heard it discussed that there were fewer people, so that might explain it. Working the booth is something I really enjoy. Being an engineer leaves you with few chances to interact with customers, something I love doing. The booth over the three days that I was there lead to some very interesting discussions with intriguing contacts.

Tuesday afternoon was spent walking the booths. A few vendors said they'd send me samples of their hardware to play with and review, however I've had no contact from them yet. This is disappointing because I was really looking forward to seeing some of the hardware in action.

Wednesday was the day that I was really looking forward to. The Securosis breakfast, the WASC meetup and the Security Bloggers Meetup. All three of these were amazing and they gave me a chance to finally meet up with the people that I talk to and hadn't be able to connect with at past conferences. I also had the opportunity to do a video interview with Martin McKeay, which I'm eager to see... I just hope it was shot in wide screen so that Martin can fit in the frame next to me .

Thursday brought more of the same with booth duty and visits to other booths. It also brought dinner at Basil Thai which was incredible. Ever since I was in San Francisco last year, I'd looked forward to returning to eat at Chevy's (which I just learned is a chain), which I managed to do twice but Basil Thai was even better. I'm already excited about my next trip to San Francisco just to go back.

Friday was my final day in San Francisco (I was flying back on the red-eye). Friday also held the highlight of the week -- the Mythbusters. It was incredible and my only complaint was that the moderator was too chatty.

Anyways, shorter than I wanted it to be but I had to mention that I did enjoy RSA and I'm eager to attend again next year.

Q. What is your role at $vendor?
A. Director Product Management

Q. What got you into IT/IS?
A. started programming in 5th grade on a Commodore Pet, got an Atari 800, self-taught assembly...many yrs later studied CS and went into a startup in early client-server out of college.

Q. What do you do outside of IT/IS?
A. 6yr+4-yr old twins...Reminisce about free time. Think about education reform and getting rid of incompetent politicians.

Q. What are  you most looking forward to / what did you most enjoy about RSA this year?
A. Low expectations. Most enjoyed meeting up with past colleagues.

Q. Was this your first time at RSA? Will you return?
A. 3rd or 4th. Will return.

Q. What will you be doing at your both?
A. usual booth duty, fishing for real customers amidst the noise of vendors/partners/exhibitors.

Q. Is there any swag available at your booth?
A. yeah, come take a look. cheap stuff if you're a vendor/partner/exhibitor. Good stuff if you have budget.

Q. If people wanted to chat with you when could they stop by the booth?
A. anytime

Q. Prediction for the future of IT/IS during 2009 and into 2010?
A. Budget cuts, heavy emphasis on quick, real ROI. Small companies go away.

Q. Any comments?

I've arrived!

After almost being removed from the plane (due to a double booked seat), I've finally made it to SF. I visited Denny's and now I'm going to grab ~3 hours sleep before I kick off my day. I'll be blogging the conference, as well as mentioning it on twitter. You can follow treguly on twitter (that's me) or ncircletweets (my employer). Rumor has it that nCircle will be giving away a Kindle 2 to a random new follower of their twitter feed.

I also want to take a chance to mention the "At the Booth" series that I'm doing. So far I've had three participants (2 from nCircle) and I'd really like to do a large series of these posts, so I want to once again invite everyone to answer the questions (found here) and send them in.

Q. What is your role at nCircle?
A. I am the Chief Technology Officer.  In terms of responsibility, it means that I try to add value in technical areas of the company and stay out of areas where I don’t add value.  nCircle has a ‘whatever it takes’ culture and it keeps things fresh and new.  I’ve been here since 2001 and I am still having a great time and learning something new everyday.

Q. What got you into IT/IS?
A. My computer career began at Broderbund Software where I worked on audio (auditory display) for the games.  In those days, there was a very fine line on the BBS’s between the gamer community and the hacker community.  I immediately got into the design of online games and a prerequisite was to know IT infrastructure inside and out.  I saw my infrastructure as instrumentation of the game and at some point, I was hacking kernels, applications and routers more than I was doing audio game interfaces.

Q. What do you do outside of IT/IS?
A. No surprise here but I still spend a lot of my time playing games.  I see ‘play’ in general as the method by which I learn and make sense of the world.  If I can’t play with it, I cannot truly understand it.  Lately, I’ve been ranking up on the Gears of War 2 online play so if you are into that stuff, drop me a line.

Q. What are  you most looking forward to / what did you most enjoy about RSA this year?
A. RSA for me is all about conversations.  I plan on having at least a dozen incredible conversations with customers, other vendors, and peers who are passionate about their work.  Last year at RSA 2008 I did a talk on Game Theory and its application in defensive strategies.  This year, I’ll be spending more time hanging out with peers and having great discussions.

Q. Was this your first time at RSA? Will you return?
A. It is not my first time to RSA and I have lost count.   It is difficult to imagine being in the information security domain and not being at RSA in some capacity.

Q. What will you be doing at your both?
A. I have a presentation to deliver on Tuesday and Wednesday which you may find interesting.  It makes the assumption that your network is made up of a prey species and through a discipline called Biomimicry we explore the dominant strategies of prey and how they can survive in a hostile environment.  Other than that, I’ll be just looking to have a great conversation with visitors.

Q. Is there any swag available at your booth?
A. The remote controlled helicopters have been a hit and I think we have a contest for a Kindle 2.

Q. If people wanted to chat with you when could they stop by the booth?
A. 11am to 2pm on Tuesday and Wednesday.  That is the plan so far but this week is all about exception handling.

Q. Prediction for the future of IT/IS during 2009 and into 2010?
A. I’m not a big fan of predictions but I can tell you an area of interest that I hope to influence its outcome.  I would like to finally see multi-vendor interoperability at the semantic level for customers.  I’m not talking about syntax level sharing of content, I’m speaking of the sharing of data _in context_ – sharing data with sense-making models and ontologies.  Come by the booth and I will talk your ear off on this stuff.

Q. Any comments?
A. Game on!

Q. What is your role at $vendor?
A. VP Product Management at nCircle. My job is to make sure that nCircle continues to build the most effective and most competitive solutions to the most urgent customer security and compliance audit problems.

Q. What got you into IT/IS?
A. Actually, it was 1982 and I was just starting college. I had one elective and was trying to decide between Economics and Computer Science. I picked Computer Science because it sounded more interesting and because my mother had been programming mainframes for 10 years. My first job out of college was as a developer with AT&T Bell Labs and I just never left it. I’ve been associated with IT vendors for close to 25 years now.

Q. What do you do outside of IT/IS?
A. You know, I’ve been thinking I need some new hobbies. I have two young kids that take up most of my free time. I read…a lot. I also like to write, though I haven’t done it regularly in years. I had my own blog for about four years and I’d like to find time to get back to that again.

Q. What are  you most looking forward to / what did you most enjoy about RSA this year?
A. I’m interested in seeing how the flavor of the show changes. For me, RSA is about economic trends – large scale swings in the market place. RSA has always been half-marketing/half-business development. This year, I suspect attendance will be down and we’ll see a larger percentage of the traffic representing companies trying to sell themselves. It’s a bizdev show in a buyers’ market right now.

Q. Was this your first time at RSA? Will you return?
A. Not my first show, no. (My first technology tradeshow was one of the early Interops in the 1980s where the protocol stacks were all so different. The main point of the show was to ensure interoperability and every vendor had to have a 10 Mbps (fast at the time) drop into the booth that they had to connect to successfully. Things have come a long way.)
I don’t know how many RSAs I’ve been to. I’ll definitely be back, if only for the annual ISS reunion that takes place each year.

Q. What will you be doing at your both?
A. Trying not to look too out of shape in my orange t-shirt?
Seriously, I’ve got booth duty as an “executive” plus there are a couple of 15-minute presentations I’m giving. Plus, it’s a great place to do market research if you’re a product manager. I have a couple of projects in the works that I’d like to bounce off the right personas, if I can I find them.

Q. Is there any swag available at your booth?
A. We have those cool tiny battery-powered helicopters for presentation attendees and we’re giving away a Kindle 2 to a random person who begins following us @ncircletweets.

Q. If people wanted to chat with you when could they stop by the booth?
A. Monday after 6:00 pm; Tuesday after 2:00 pm; Wednesday after 2:00 pm. Or just tweet me @markwood.

Q. Prediction for the future of IT/IS during 2009 and into 2010?
A. Security and compliance spending will rebound faster and earlier than the general economy. Virtualization is fundamentally changing the nature of our IT world and it’s going to result in customers getting a lot more choices when it comes to security and compliance solutions. That said, the drive to consolidate vendors will not abate in 2009 and may actually accelerate in 2010. It will, therefore, be critical to be a strategic vendor to your customers.

Q. Any comments?
A. I have always thought I could make a killing at RSA by having my own Dr. Scholl’s booth.

Q. What is your role at $vendor?
A. PCI QSA at TW.  or Payment Card Industry Qualified Security Assessor at RSA

Q. What got you into IT/IS?
A. Innate geekiness.  Been playing with computers since the Ti99/4a

Q. What do you do outside of IT/IS?
A. There's a life outside of IT/IS?  When I'm not on the computer, I'm spending time with my wife and kids.  God help me when the kids get old enough to IM, tweet and play Halo.

Q. What are  you most looking forward to / what did you most enjoy about RSA this year?
A. The Security Bloggers Meetup.  I'm hosting it with Rich Mogull; I'd have to say that even if it wasn't true.

Q. Was this your first time at RSA? Will you return?
A. 4th RSA, and I'll be back as long as they'll let me return.

Q. What will you be doing at your both?
A. Good question.  No one's told me yet.  Seriously.

Q. Is there any swag available at your booth?
A. Another good question.

Q. If people wanted to chat with you when could they stop by the booth?
A. Tuesday, 1-4 or Thursday 11-1.  I may have to leave early on Tuesday to participate in the "Avoiding Security Groundhog Day" panel.

Q. Prediction for the future of IT/IS during 2009 and into 2010?
A. PCI is going to continue to be a big driver in the security market.  Unless the federal government decides they can do better, then all bets are off.

Q. Any comments?
A. Who's bringing the economy size bottle of Tylenol?

So I was trying to think of something different that I could do in my blogging about RSA. After some humming and hawing I decided to do a blog series that I'm calling RSA "At the Booth". This is open to anyone working a booth at RSA. Simply send me an email to rsa [at] <thisdomain>. The questions are:

1. What is your role at $vendor?
2. What got you into IT/IS?
3. What do you do outside of IT/IS?
4. What are  you most looking forward to / what did you most enjoy about RSA this year?
5. Was this your first time at RSA? Will you return?
6. What will you be doing at your both?
7. Is there any swag available at your booth?
8. If people wanted to chat with you when could they stop by the booth?
9. Prediction for the future of IT/IS during 2009 and into 2010?
10. Any comments?

The post titles will follow the format - "RSA - At the Booth with $name of $vendor". It may be interesting to some people who want to a) talk to a particular person or b) find someone with a similar interest.

A recent SANS ISC diary entry mentions an interesting configuration point that I had been previously unaware of. It seems that AddType doesn't just enable the extension, it enables all files containing that string.

Example: AddType application/x-httpd-php .php

In the above example, both phpinfo.php and phpinfo.php.bak would be parsed as PHP.  I found this to be rather interesting and started testing with a few servers I have handy.

It appears as though this isn't the case 100% of the time.

I tested 3 servers running Apache 1.3.34, 2.2.4 and 2.2.8. It was true on the server running Apache 1.3.34, however it wasn't true on the two Apache 2.2 systems.

I contacted the handlers at ISC to follow-up with them, however I haven't heard anything confirming one way or another. Has anyone else tested this on their servers?

In 4 hours I'll be on a plane to Vancouver to enjoy CanSecWest. If you're going to be there ping me and we'll grab a beer. You can find me on twitter (treguly) or email me ht [at] this domain.

One of the patches released yesterday has a serious flaw, in that an already compromised host will not have the patch properly applied. I provided a full write-up on this yesterday on the nCircle blog and felt that the importance of the issue warranted posting a link here to increase awareness.