Thursday, May 17, 2012

SPC 2012 - A Limerick

Things were getting too serious...

There once was a smart Russian hacker.
His code obfuscation a bushwhacker.
He pooched your website
Last Saturday night,
Making Monday morning even blacker.

SPC 2012 - What You Can't Outsource

During the conference happy hour on Wednesday, someone asked the crowd what couldn't be outsourced in IT.  (This was part of an ice breaker where they gave an open mic to anyone who wanted to talk about anything, like Speakers Corner in Hyde Park in London).

Coincidentally, upon seeing an opportunity to be a ham, I wrote the following.  It happened to also answer the question of what things in an IT program can't be outsourced.

What You Can't Outsource

Our school buses
    look like city buses.

Children ride those buses
    from dorms
    from slums.

They ride
    one hand on the strap
    or on the bar.

Their minds
    on the books
    in the bag
    attached to the strap
    on their back.

Their minds
    on the face
    of the person
    they met last night
    in the bar.

Their other hand
    holding their phone
    sending a text
    updating their timeline
    checking their grades.

Their grades
    the key
    their future
    hanging in the balance.

The bus opens to
    the library
    the stacks
    the computers.

They research
    they study
    they dream
    they snooze
    they wake with a start.

Their phone reminds them:
    Time for class.
    Time for office hours.
    Time for lunch.

They smile,
    that we are there
    we run
    the network,
    the Blackboard,
    the kiosks,
    the instruments

Instruments that sing
    with music and data
    flowing and caressing them
    with an endless tune.

We keep their classrooms

We keep their Internet

They may never know
    to thank us
    to ask us
    to help them again

But we watch
    we fix
    we plan
    we dream too.

Our dreams are their dreams.

They just don't know it.

And we
    should never forget it.

SPC 2012 - Another Inside Joke

Dedicated to Tony.


Flour is foundation:
A cloud made in a mill.
Sugar adds the sweetness.
A bit, if you will.
Add a tad of leavening
And a touch of salt.
Put the dry aside now,
But it isn't time to halt!

Break a large egg or two
  In another bowl.
Add your butter or some oil.
  Beat it as a whole.
A touch of fine vanilla,
Pour in a lot of milk.
Then mix it all together.
(Should be lumpy, not like silk.)

Make the griddle hot
So drops of water spit.
Then ladle on the batter.
  Make sure each one will fit.

Bubbles start to form:
  The quick bread taking shape.
When the bubbles stop their popping,
  Flip them gently, you big ape!

Another thirty seconds,
  Then move them to the plate.
Pour on some maple syrup.
Rejoice, there's no more wait!

Tuck in to the tall stack,
Golden-brown and round.
All your work was worth it.
It's the best meal around!

SPC 2012 - No Fear

What information security professionals do and why they do it is not well understood by those outside our field.  This leads to fear and confusion whenever we enter the conversation.  But we are here to help, and our users should know that.

No Fear

I see you.
  Well, I see your packets.
Don't look offended.
It's my job.
Serve and protect
the servers.
Allow and refuse
  the users
Who knock on the doors,
  Salesmen selling brushes
  to a house of bald old men.
But we let them in
Academic freedom!
Science can't say no.

Science says yes to me.

Science watches
where you go
what you type
what you see.

Are you ashamed?
Does the idea of
Science seeing
  your post
  your porn
  your friends
  your enemies
Embarrass you?
Don't fret.

I keep your Internet flowing.
I don't see your browser's view
But I keep the view from pulling you
  the vertigo
  your computer
  betrays you
  exposes you
  takes your life
  lays it out bare

For the monsters
  who look to take
  what you are
  And propel it
  out of control
  across the world.

You worry that I might
  see you say "cantaloupe"
When a horde is pounding at your door
Paparazzi seeking a view
  of your secret places
  and secret faces.

I am not your enemy.
I do not represent
  The Man.

The Man fears me too.

I seek to find the truth.
I seek to hide the truths
From those who you want blind.

Help me help you.
Learn to trust,
  Let me earn that trust.

I can view
  without judgement.

I can shield
  without blocking.

I can secure
without bindings.

You can live
without fear.

For Beth and Holly, who thankfully didn't laugh at the haiku, even though it wasn't that good.

Wednesday, May 16, 2012

SPC 2012 - An Inside Joke

Only a few people will understand this one...

Tehweshat, Tehweshat!
On many heads it has sat!
It travels around when it's bored.

On top Wes, you might guess,
But it finds its way to mess.
It's floated and wiggled and soared.

This chapeau wants to go,
Has wild oats it must sow.
But Wes just won't let it be free.

Tehweshat, like a cat,
Is as fickle as all that.
It's wanderlust leads it to flee.

SPC 2012 - Admin Rights

Managing desktop systems for a campus is far from easy. The technical hurdles are part of the problem. Managing the social aspects, working with the users to set reasonable expectations for what security controls are necessary, and managing the risks that remain are all tricky processes as well. Playing the blame game is a bad move, of course, but thoughts like these are not uncommon...
Admin Rights

I Am God.
They are my tools.
I know how to run
My web browser with Flash
So I can watch the movies
I want to download with torrents.

What's wrong?
Don't tell me
I can't use that.
It's my computer.
I know how to run it.
Don't even try to stop me.
I have Administrator rights.

And control.
I can install
Whatever I want.
I bought this computer.
Go ahead, make policies.
I ignore the inconvenient.

Look here.
Free AV!
Just click the link.
I want that, need that.
So I click that link there.
Whatever I want is mine.
I laugh when you tell me not to.

Oh, no.
My hard drive.
My data is gone.
It's all corrupted.
Encrypted by bad guys.
Sending spam to all my friends.
They corrupted my Facebook page!

Please help.
You should help me.
You should protect me.
Remove the viruses.
And you should do it for free.
Because it just isn't my fault.

Your fault.
You failed me.
You let it happen.
Why didn't you stop it?
You let me get tricked and fooled.
Why are you smiling like that?

SPC 2012 - I Phish You're Phished

Another from SPC 2012...

I Phish You're Phished
I phished.
You're phished!
More accounts than
I ever wished.
You try
And cry
"Go pick on
Some other guy!"
But I send.
It won't end.
Your users to me
will bend.
I send spam:
"Hot babe cam"
Or "take this cash
from OXFAM".
Through email
I assail.
Your awareness work
Seems to fail.
I make scratch
With each batch
Of NetIDs
That I snatch.
I won't stop!
I'm on top!
Go cry to mom
or a cop.
You can't win.
Worked too thin.
Try to block them
In your Junk bin.

I'll find a way.
Here to stay.
I'll make users
Just obey.

SPC 2012 - Fawkes

A year ago, I started this blog to document the songs we sing. The blog was inspired by the EDUCAUSE Security Professionals Conference, and once again, I find myself attending this fantastic gathering. I'll be generating some new poems and songs as the conference goes on. I start with a song about Anonymous, APT, and the eternal threats we face.

Hey there, folks.
Have you met Fawkes?
He smiles at everyone he meets.

He loves what you do.
Loves to share too.
He's accomplished extraordinary feats.

He travels around
With the face of a clown,
And he finds his way into your data.

He inspires his friends.
DoS packets he sends.
Knows the default password on your SCADA.

Some think he's noble
Making all info mobile.
The whitehats would all like him dead.

But how can you kill
A man with such skill:
A hydra with millions of heads?

There is APT
You don't always see.
Sometimes it comes with a mask.

Sometimes it's there
Like gum in your hair.
No good way to get it out fast.

We hope that vigilance
Will increase our resilience
But the battle will never be won.

For us it's hard work
With no single perq
For the bad guys, it's totally fun.