Archive for the ‘Jackassery’ Category

Brood Parasitism: A Cuckoo Discussion Of Smart Device Insecurity By Way Of Robbing the NEST…

July 18th, 2012 No comments
English: Eastern Phoebe (Sayornis phoebe) nest...

(Photo credit: Wikipedia)


I’m doing some research, driven by recent groundswells of some awesome security activity focused on so-called “smart meters.”  Specifically, I am interested in the emerging interconnectedness, consumerization and prevalence of more generic smart devices and home automation systems and what that means from a security, privacy and safety perspective.

I jokingly referred to something like this way back in 2007…who knew it would be more reality than fiction.

You may think this is interesting.  You may think this is overhyped and boorish.  You may even think this is cuckoo…

Speaking of which, back to the title of the blog…

Brood parasitism is defined as:

A method of reproduction seen in birds that involves the laying of eggs in the nests of other birds. The eggs are left under the parantal care of the host parents. Brood parasitism may be occur between species (interspecific) or within a species (intraspecific) []

A great example is that of the female european Cuckoo which lays an egg that mimics that of a host species.  After hatching, the young Cuckcoo may actually dispose of the host egg by shoving it out of the nest with a genetically-engineered physical adaptation — a depression in its back.  One hatched, the forced-adoptive parent birds, tricked into thinking the hatchling is legitimate, cares for the imposter that may actually grow larger than they, and then struggle to keep up with its care and feeding.

What does this have to do with “smart device” security?

I’m a huge fan of my NEST thermostat. 🙂 It’s a fantastic device which, using self-learning concepts, manages the heating and cooling of my house.  It does so by understanding how my family and I utilize the controls over time doing so in combination with knowing when we’re at home or we’re away.  It communicates with and allows control over my household temperature management over the Internet.  It also has an API <wink wink>  It uses an ARM Cortex A8 CPU and has both Wifi and Zigbee radios <wink wink>

…so it knows how I use power.  It knows how when I’m at home and when I’m not. It allows for remote, out-of-band, Internet connectivity.  I uses my Wifi network to communicate.  It will, I am sure, one day intercommunicate with OTHER devices on my network (which, btw, is *loaded* with other devices already)

So back to my cuckoo analog of brood parasitism and the bounty of “robbing the NEST…”

I am working on researching the potential for subverting the control plane for my NEST (amongst other devices) and using that to gain access to information regarding occupancy, usage, etc.  I have some ideas for how this information might be (mis)used.

Essentially, I’m calling the tool “Cuckoo” and it’s job is that of its nest-robbing namesake — to have it fed illegitimately and outgrow its surrogate trust model to do bad things™.

This will dovetail on work that has been done in the classical “smart meter” space such as what was presented at CCC in 2011 wherein the researchers were able to do things like identify what TV show someone was watching and what capabilities like that mean to privacy and safety.

If anyone would like to join in on the fun, let me know.



Enhanced by Zemanta

Tin Foil Hats: On BBQ Brisket & Security Purists…

April 14th, 2012 5 comments
Tony Bourdain

Tony Bourdain (Photo credit: Wikipedia)

I’ve always enjoyed Anthony Bourdain‘s antics.

When I first encountered him on FoodTV, he was busy digesting the remnants of some sad mammal whilst commentating appropriately with grease-stained chin and mumbling narrative, extolling the virtues of the roadside “chef” who’d managed to handily hose the crap out of the wrong end of the deep-fried duodenum he was consuming.

I’ve furthered my appreciation for his unique style of ex-crackhead edginess, and enjoyed greatly his visceral verbiage as I devoured chapter after chapter of his books.

I’ve watched his numerous TV series, chortling in glee as he gently dropped bleeped-out F-Bombs, lambasted his producers on all topics imaginable, and struggled not to lose his foie-gras overboard when his check-writers sent him boating.

Good times.

Oh, I follow him on Twitter also, as I’ve come to find his little quips quite amusing, as expected.


Yesterday, he went batshit crazy and started ranting about something that someone else I admire greatly, Steven Raichlen, innocently mentioned with regard to BBQ.

Brisket, to be specific. The holiest of holies in the BBQ world, especially if you’re from that oddly-shaped, but giant state of Texas.

Holy shit.  This wasn’t going to end well.

I braced myself for the impact.

Basically, Raichlen was discussing the process, the Texas Crutch, in which upon a stall — the point wherein the collagen fails to continue to convert to gelatin because the temperature has reached an eponymous point in its cooking cycle wherein it refuses to budge — where one wraps it in foil to encourage it along some.

It’s really not that big a deal.

It’s not something I do often. It’s not something I even prefer to do. It’s something, when things just aren’t going my way and the Bourbon’s not helping, that I begrudgingly force upon my favorite bovine by-product.  It usually helps and I ultimately unwrap it to allow the bark to crisp back up before becoming a black soggy mess resembling (and tasting) like a mushy, peaty bog.

THAT, it occurred to me, was Bourdain’s real complaint — or so I thought.  He held in disdain the mismanagement of the process which would end up with an external, texturally-offensive crust.

I was wrong. Bourdain, it would unfold, accuses the entire process violation as something as impure as defiling a religious artifact, all the while missing the point that it is, by definition and title, generally done as a “crutch.”

He pushed forward, ignoring the contrariety, and rallied his culinary gendarme.  He even managed to pull a “Crazy Ivan” and suggest that this sort of unpalatable madness was as evil as the now-trendy sous-vide that the top-players in the industry were all now cursing at in symphony.  Many a slow-cooking, low temperature water bath shed a tear this day.

He righted HMS MadCow and then pratted on deliriously, desperately whipping up a frenzy, furiously retweeting supporters of his cause. The folks from Modernist Cuisine piped up. So did other zealots from the no foil camp. It seems that everyone who quipped was positioned behind their computers, burning mesquite, oak or hickory smudges, chanting rub recipes,  whilst they sharpened their pitchforks and thongs.

Ultimately, and by name, he then called upon the Sorcerer himself, Alton Brown, for backup.

However, Monsieur Brown, being the scientific fellow he is and not one to engage in “faith-based cookery,” simply replied back with a common sense evaluation of “foil-gate in which he simply stated this was a matter of choice and preferred outcome.

Specifically, he mused, if one wanted more smoky, wood-imbued BBQ-flavor, don’t do the Crutch and deal with the added cooking time which can often lead to dryness.  On the other hand, if one wanted moist brisket, go with the “Crutch” and use the braise method.  He did, rather correctly, also note that “Real brisket (meaning Texas) is not like any other barbecue.”

Like, duh.  But I’m not really sure that was Raichlen’s point in the first place.

Alton took the high road, but many others who would not have it joined the fray, frothing at the very thought of things like foil or injected “enhancers” such as beef broth. It seemed there was no place for common sense or scenarios tuned for alternative outcomes in the world of BBQ Brisket.

Or was there?

Others, like myself, simply blinked at the ensuing religious fervor with a mixture of bemusement and redress, shrugged incredulously and then chuckled when many of the very same naysayers went on to suggest that techniques  such as foil and broth injection should only be utilized in and saved for “competition.”

You know, “competition,” wherein the product judged as the “best” amongst many is often produced with things like beef broth injection and tin foil crutching.

So purity, it seems, goes right out the window (or BBQ pit) when one is trying to win a BBQ contest, an argument or a popularity contest.  Especially on the Internet.

I’m going to leave it to you to connect the ribs between this debate wherein “good enough” and “perfect” are ridiculously traded off and determine why I find such parallels deliciously ironic between BBQ and Security purists.

Suffice it to say, there are a lot of backseat “pitmasters” who will often tell you about “perfect” but likely can’t tell the difference between the creation of a smoke ring and blowing one.

Tin Foil hats, it seems, are equally as contentious (and funny) on the BBQ circuit as they are in the Security Circus.

I’ma let you finish, but my Backwoods is calling.  I’m gonna go unwrap my brisket.  Enjoy your tofu.


P.S. I left out many of the juicy bits from the argument, but I think it’s best summarized by following tweet:

Or: “Outcomes: Reason, not religion.”

Enhanced by Zemanta

PSA: Paula Deen, Sausage Pancake Egg Sandwiches & Security…

February 9th, 2012 4 comments
Chocolate grilled cheese open-faced

Chocolate grilled cheese open-faced (Photo credit: benchilada)

There’s an awful lot of angst in the world today. Navel gazing at security drama can drive one batty.  Every day there’s some disaster brewing that threatens to turn order into chaos.

Looking at tabloids and celebrity nuttiness makes the security industry tame in comparison.

To wit:

Apparently Paula Deen’s fans (and foes) are shocked; blindsided by the fact that cooking with pounds of sugar, butter and deep frying foods does not constitute healthy living.

This is a recent revelation, however.  You see, before she admitted that she’s had Type 2 Diabetes for years, these same outraged people were under the impression that dishes such as Chocolate Cheese Fudge and Sausage Pancake Egg Sandwiches (credit: here) were healthy and must just have been accidentally skipped on the FDA food pyramid for healthy eatin’ (which ain’t all that hot, either.)

This was made even more insidious since during her “coming out,” as Ms. Deen announced a partnership with Novo Nordisk, maker of the diabetes drugs Victoza, NovoRapid and Levemir.

Thou repeath what thou soweth.   Apparently, she soweth a lot of buttah.

What strikes me as an interesting parallel is how many people react/respond to announcements/incidents in the security space.  We know certain behaviors are unhealthy or that certain practices result in outcomes which are shady at best, and yet we close our eyes conveniently…consuming the security version of “chocolate cheese fudge.”

And then when the industry responds with either outrage or (worse) “a magic pill” promising to treat said maladies, the crucifixion begins anew; we often blame the victim and then turn on the “savior.”

The point here is not to point the finger at either the victim (Deen | corporation) or the “savior” (Novo Nordisk | Security industry,) but rather the behavior that enables the entire co-dependency in the first place.

It’s also very easy based on perspective to waffle or conflate the villain (Food industry, Deen | blackhats, researchers, security industry)

Frankly, these things manifest themselves because we allow them to.

If you don’t want to increase the risk of diabetes, while some indicators point to genetics, eating healthy, exercising and not adding 6 pounds of butter/sugar to a recipe and deep frying it might be a good start.

Likewise, if you wish to practice good security hygiene, change the behavior of how we approach our “recipes,” and like a good plan to get healthy, invoke the discipline, lifestyle changes and “exercises” we go through to break the cycle of despair.

We’ve all seen cycles where we feel powerless to change things.  At least it appears that the timeframe seems daunting and unachievable.  Frankly, this is just a matter of expectations; it’s just that little voice (or big doughnut) inside one’s head that needs to be silenced.

I’ve changed my lifestyle and personally borne witness to being able to improve my wellbeing, health, fitness and quality of life in general.  I’ve also been lucky enough to chip away at problems, slowly and over the last two decades, to try and make things better in the security space.

I’ve been the pill taker as well as the pill maker and what I’ve learned is that I can’t blame the butter for eating it.

May I suggest the following (old) blog post for some motivation?  How to Kick Ass In Information Security: Hoff’s Spiritually-Enlightened Top 10 Guide to Health, Wealth and Happiness.

…and lay off the sugar.


Enhanced by Zemanta
Categories: Jackassery Tags: , ,

802.bah – Beware the SiriSheep Attack!

November 21st, 2011 1 comment

On the heels of a French group reverse-engineering the Siri protocol by intercepting requests to the Internet-based server that Apple sends Siri requests to, Pete Lamonica, a first-time Ruby developer has produced another innovative hack.

Lamonica has created an extensible proxy server to enable not only interception of Siri requests, but provide connectivity/interfacing to other devices, such as his Wifi-enabled thermostat.

Check it out here:

What I think might be an interesting is if, in the future, we see Siri modified/deployed in the same way as Microsoft’s Kinect is today used to control all sorts of originally-unintended devices and software.

Can you imagine if $evil_person deployed (via Proxy) the Siri version of the once famed Starbucks pwnership tool, FireSheep?  SiriSheep.  I call it…

Your house, your car, your stock trades, emails, etc…all Siri-enabled.  All Siri-pwned.

I have to go spend some time with the original code — it’s unclear to me if the commands to Siri are sent via SSL and if they are, how gracefully (or ungracefully) errors are thrown/dealt with should one MITM the connection.  It seems like it doesn’t give a crap…

Thanks to @JDeLuccia, here’s the github link to the original code.


Enhanced by Zemanta

Bye, Bye My Clustered AMIs…A Cloud Tribute to Don McLean

April 23rd, 2011 1 comment

Sung to the tune of Don McLeans “American Pie

A long, long time ago…
I could launch an instance
How that AMI used to make me smile
And I knew if I needed scale
that I’d avoid that fail whale
though I knew that I was in denial

But April 20 made me shiver
Amazon did not deliver
Bad news – oh what a mess
auto-cloning E B S…

I can’t remember if I cried
when the status dashboard said East had died
Tried to take my VMs back inside
The day…Amazon died

So bye-bye, my clustered AMIs
I tried to launch one
it just sat there, much to my surprise
And them angry devs were telling stories and lies
Singin’ “this public cloud I now despise
“this public cloud, I now despise.”

The CFO’s got a look of love,
and his faith, all-in, with the clouds above,
Buy less servers, Werner tells you so…

Do you believe in infinite scale
Can the cloud save your ass when it goes to hell
and can you teach me how to plan to fail?

Well I know that ….you’re in love with scrum
that agile, mobile are your rules of thumb
You tried, those VMs to move
but with no RDS, you’re screwed…

I was a lonely sysadmin with nothin’ to prove
until the cloud done fail, now the devs are screwed
and they didn’t know what quite to do..
the day…Amazon died…

I started singin’
bye-bye, my clustered AMIs
I tried to launch one
it just sat there, much to my surprise
And them angry devs were telling stories and lies
Singin’ “this public cloud I now despise
“this public cloud, I now despise.”

Enhanced by Zemanta

VMworld – v0dgeball Deathmatch Details: vSquirrels vs. Sakacc’s Army…

August 19th, 2010 14 comments

UPDATE: Thanks to Chad’s hard work, transportation to/from the venue is provided:
v0dgeball bus (players and groupies) Marriott on Mission ~5:30PM Thurs, departs at 6:00 PM sharp & return ~10:00 PM.

[Reposted and edited for snark from Sakacc’s blog.]
To celebrate the close of VMworld 2010, there will be a best 5 of 9 match to the death between [me] @Beaker – Chris Hoff, aka hohoff from Cisco and his army of vSquirrels vs @sakacc – Chad Sakac, aka “Mr VMware at EMC” and his squad of vSpecialists.

So – a little more detail?

  • The game = dodgeball, 10-person teams, following official NADA dodgeball rules here.
  • The location = VMware vGym has been graciously offered (here)
  • The date/time = Thursday, Sept 2nd, 8pm PT

Here’s all the FAQ you could possibly need:

Q: Will it be broadcast?

A: DAMN STRAIGHT – I want to televise destroying Chad 🙂

Q: What do I need to bring refreshment wise?

A: Nada, I’m bringing the beer kegs (still working out details on this one)

Q: What do I need to know about dodgeball to follow the exciting matches?

A1: That people wearing gold shorts and knee high socks are acutely aware of just how cool that makes them.

A2: In the immortal words of Patches O’Houlihan“If you’re going to become true dodgeballers, then you’ve got to learn the five d’s of dodgeball: dodge, duck, dip, dive and dodge!”

…Oh and Chad – BRING IT.

NOTE: If you want to sign up for the vSquirrels team, add your name in the comments below.  The team size is 10, but if more people sign up, we’ll feign injury and do substitutions.

Remember, you get to bounce balls off Sakacc and his army of EMC Cloud’sperts. For free. With beer. [some of that sounds appealing, other bits quite wrong.]

/HoffEnhanced by Zemanta
Categories: Jackassery Tags:

Airing Private Cloud’s Dirty Laundry…

August 7th, 2010 10 comments
Laundromat in Toronto, Canada
Image via Wikipedia

It’s 10:13pm on a Friday night and as the highlight of my day begrudgingly reveals itself, I discover in preparation for the inevitable appearance of tomorrow, that I am once again out of clean underwear.

There are many potential remedies for this situation.

Option number one suggests I could borrow a pair of my wife’s low-cuts.  She’s out of town and would never know, except perhaps discovering upon her return the horribly awkward and uncomfortable remnants of chafing in places we simply and politely just don’t talk about at parties.

Option number two involves what I call ‘The Braveheart.” Commando fashionista. Rivets on Levis put a quick end to that potential.

Option number three. CVS. It’s open 24 hours. They sell boxers. I saw them last week when I ran out of toothpaste in a similarly-themed domestic challenge. However, it’s now 10:16pm and whilst the pharmacy is only 10 minutes away, I’d prefer not to have to explain or even acknowledge to the cashier — silently with a sheepish grin and a telling nod — why it is I am buying underwear instead of beer at 10pm on a Friday night.

Option number four. The uncomfortable reconciliation of fact.  Laundry.

Laundry is not an altogether alien concept to me.

In a house where I am surrounded by a fortress of estrogen-themed daily drama, couture — or namely the availability of fresh sources of same, not found strewn around the house in piles resembling Inuit housing — is a constant and simultaneous source of both amusement and utter distress.

I know how it works.  More specifically I know how it *should* work. It’s not that difficult a concept to master.

I contemplate, strangely, what it would be like if option number four required something other than a modest jaunt to the basement where lives the ominous apparatus that does diligent battle with the detritus threatening the sanctity of my linens.

I reckon back to the days of college and of single life in an apartment where this capability was not installed, where I had to pack up my dirty vestments, remember the detergent, fabric softener, dryer sheets and a thousand dollars in quarters and trek to…

The laundromat.

I re-imagine the hours I’ve spent there.

Strangely-timed appearances meant to avoid the rush which is met with the soul-crushing realization that everyone else uses the same random number generator to decide when to show.  The ludicrous rituals of basket placement and folding table land-wars.  The hope that at some point in the next 12 hours, the illusion of infinite laundry scale will avail itself to me.

I remember these things.

I remember the rust-stained linoleum flooring. Faded pictures and warning emblems threatening sure and certain death from things like asphyxiation, electrocution, strangulation and loss of appendages.  I am particularly disturbed and most concerned with the latter.

The community bulletin board is always a symbolic mecca for the cultural awesomesauce around which a neighborhood is formed; an eclectic mix of lost pets, waterbed auctions, spanish and math tutoring services, guitar or tuba lessons (your choice) and a never-ending supply of for-sale-by-owner-1984-in-good-condition-runs-perfectly-Honda Civics.

And yoga lessons.

Because with a wash-rinse-dry-fold cycle time of approximately 2 hours, down dog and vinyasas are a natural way to pass the time.  I must admit to never having witnessed yoga in a laundromat. Unless you consider two newlyweds making out in the corner as Yoga.

I recall the sweet and confusingly intoxicating smell of Downy.  That earthy, hot, suffocating perfumed humidity of 1000 dryers tumbling in a rhytmic chant of anti-moistness. Low frequency undulating serenity drummed into my consciousness, starkly punctuated with the the alarming and syncopated rupture of tempo by unrecovered pocket change falling out of jeans, producing a staccato “pitta-chank, pitta-chank, clink, donk.”

And then, the fear.  The fear that I don’t have enough quarters and that the change machine doesn’t take ten dollar bills and that I’ve forgotten to bring something to read, nourishment, hydration, motivation…

I recollect the homeless man curled up in the corner under the flickering TV that only gets Korean soap operas with a vertical lock problem and the industrial-sized machines used for washing tents, small couches or horse blankets.  There’s the cigarette, whiskey and cruely time-stained woman in 50 cent curlers in her high-fashion and Heathcliff slippers, unshaven legs and a hawaiian print moomoo reading People magazine, snickering at the misfortunes of multi-millionaire actresses jilted by their spoiled no-talent actor suitors.  Venom.

But most fondly I smile — almost vindictively — at the memory of the man staring hopelessly at the bank of identical washers, each in spin cycle, wondering which three were his and hopelessly wondering why it is that he is mesmerized and distracted then by the one pink sock in a load of all black washing, flitting back and forth through the porthole in the jumbo drier.

It’s then that  I flash forward to the now, staring at the highly advanced, extremely efficient and 100% available and dedicated GE Monogram front-loading washer and dryer standing before me in my basement.  They’re color matched in a silver hue not unlike that of a fighter jet — beautiful, sexy and — if you paid attention to the warnings in the laundromat — potentially deadly.

Speaking of which, I’m quite sure it *is* possible to drown in a front-loader, but the process eludes me.  Perhaps out of respect for the grieving family of anyone stupid enough who has managed to kill his or herself in a running washing machine. Perhaps because I’m thinking way too much about how this can be done.

The physical attractiveness is not the most compelling element of my dirt-ridding-appliances. It’s the fact that they belong to me.




No waiting.

No vehicular excursions. No lady in a moomoo. No territorial battles waged over timing issues between washing machine to dryer transfer latency.

All. Mine.

You see, although I recognize the idealistic beauty and utility of the laundromat, it’s beaten down and mocked selfishly by the bully that is the convenience of dedicated capacity.

The convenience of discretionary load times. The availability of highly-customized wash/dry settings.  Knowing that I didn’t just put my clothes in a vessel that rid unmentionables from someone’s love-stained sheets.

No nickel-and-diming me for quarters because the spin cycle was too short or where I end up paying twice as much for the utility of centralized community resources that do only 80% of what I need in drying cycles because my heavy thread-count towels are just too damned thick.  Nobody else gets to mistakenly touch my loads or scowl at me because I wasn’t neurotically hawking over the dwell times and exfiltrating things the microsecond a cycle was complete.

It is true, however, that I had to pay for the privilege of doing my laundry when and however I see fit and yes, frankly, sometimes the demand for use outstrips the supply, but ultimately, unless it’s comforter day, I can just plan better to make better use of what I have available to me.  Or I’ll make use of the industrial sized washers for my comforters in well-planned, more reasonably strategic washing sessions for when I need that scale, bulk or don’t really need a delicate cycle.

I can’t tell you what it *actually* costs per load of laundry in my basement. I admit I’ve long written off the books the initial investment of purchase. It seems less than what it costs per load to visit the laundromat.  Perhaps that’s just wishful thinking or perhaps it’s worth every penny not to have to share folding space with a man who reeks of kielbasa and Marlboro lights.  That’s not to say I don’t find him amusing in a cinema-verite sort of way.

Nor do I write off the efficiency and service this place provides.  It’s just that it doesn’t provide all things to all people and that’s OK.  The point is, those that need or like this place come here but you don’t hear them espousing that the only one true way to do laundry is at the laundromat, nor do they speak of the “laundromat revolution” whilst sipping hot chocolate or gatorade and finger-snap clapping to the pretentious preaching of bitter launderers.

It just is and I’m cool with that.  Just like my washing own washer and dryer is.  This simply isn’t about religion, righteousness, idealogs or dogma. It’s about getting my underwear clean.

I visit the laundromat still.  Because it’s useful to me.  Because it offers utility for things that are important to me.  But not because of some idealistic need to share space with others or make someone else money.  Afterall, utility is about choice.  There’s no right or wrong if a solution meets my needs.

So my underwear is washed and prior to drying it — at my leisure — I have managed to consume a snack in between watching something on Netflix, playing with my dog and — surprisingly — contemplating those guitar lessons.  I can’t say I miss the lady in curlers, but the dead potted plant that exists in both realities — my house and the laundromat — offers some comfort through familiarity.

Do I feel guilty for the inefficient hoarding of resources in my basement and not suggesting to my neighbor that they abandon their machines or pool them with mine to produce a kibbutz-like washing utility for the neighborhood at large?


However, I would consider having a folding party if that makes you feel any better.

Utility is in how you use things, not necessarily how it’s offered.

Lather. Rinse. Repeat.

Enhanced by Zemanta

Cloud Light Presents: Real Men Of Genius – Mr. Dump All Your Crap In the Cloud Guy.

January 11th, 2010 3 comments

It’s full of awesomesauce.


Cloud Light Presents…Real Men of Genius
{Real Men of Genius…}

Today we salute you, Mr. Dump-All-Your-Crap-In-the-Cloud Guy
{Mr. Dump-All-Your-Crap-In-the-Cloud Guy}

Some seek danger in cliff diving…others? Competitive eating…flamethrowing or ferret wrestling. But You? You put data in other people’s hands in the Cloud
{You’re asking for it}

Armed with a SAS-70 and a license to commit PCI, you live your life with a simple code: Finders keepers, losers weepers
{Finders Keepers}

Some people mock you, sure. But you paid $8.32 for your EC2 spot instances and well, you just can’t get that from Dreamhost
{who’s laughin’ now?}

So crack open a cloud instance, oh King of the Cloud…we’d give you our data, but you’ve probably already lost it
{Mr. Dump-All-Your-Crap-In-the-Cloud Guy}

Cloudheiser Bushed, Poughkipsie, New Jersey…

Cloud Computing Public Service Announcement – Please Read

December 11th, 2009 1 comment

If your security practices suck in the physical realm, you’ll be delighted by the surprising lack of change when you move to Cloud.

Thank You.


Apologizing In Advance: I’ll Be On PaulDotCom 11/27…

November 24th, 2009 No comments

This won’t end well.

Day after Thanksgiving: Hoff Friday

By Mike Perez on November 24, 2009 12:00 PM | Permalink– Paul, Carlos, Mick, Larry, John, & Darren.

What better way to emerge from your (Wild) Turkey stupor than to join the PDC crew and guest Christofer Hoff live at 20:30 EST on Friday November 27th for Episode 177 of PaulDotCom Security Weekly! We promise not to ask you to pass the gravy or overstay our welcome in exchange for your agreement to not Hassle the Hoff.


As a special treat, the PDC crew will be recording from Larry’s barn! At least, Larry told us it’s his barn (Social Engineering paranoia sets in after a while & we begin to question just about everything these days).

The live stream should be active around 8:30 EST, Friday night. Please keep in mind that the recording start time is dependent on the amount of tryptophan in our blood streams.

For bonus effect, join the IRC channel during the stream – we can take live comments and discussion from the channel! Find us on IRC at #pauldotcom.

When active, the live stream(s) can be found at:

PaulDotCom Livestream – All new with Video and Chat!

PaulDotCom Icecast Radio

Please join us, enjoy the show live, and thanks for listening!

Categories: Jackassery, Podcasts Tags: