Last Friday, I participated in a roundtable discussion on the topic of "Best innovations in Security." Joined by notable security minds Jamey Heary, Dave Kearns, and Andreas Antonopoulos, an hour long chat room session ensued. I was pretty unprepared, as the last time I was involved in any sort of "group discussion" was in front of a grand jury (it was only a port scan!) The focus of this online get-together was to talk about the following four topics:
- Most innovative security technology over the last year
- The ultimate solution to end the patch/hack/patch cycle
- Thoughts on Steve Bellovin's new Web SQL language (NewSpeak) plan
- The impact of social networking on identity management
As it turns out, my chat room skills have significantly atrophied over the years. My days of flaming and getting K-lined (and even G-lined) from IRC channels and networks are but a distant memory of a past life. Probably most of my experience with textual interaction comes from my old days of playing MUDs and its precursors. Therefore, my recent participation in this multiperson chat felt like playing Adventure, Dungeon Campaign, and Zork simultaneously ("xyzzy" had no effect). The text scrolled off screen faster than I can read (which isn't very fast), however I think Jamey may have thrown in some sort of "you're standing in a forest near a small stream..." reference, but that might have just been my wishful imagination at work.
I have several other "lack of relevant input" excuses. There were a few technical problems on my end. I joined the discussion a few minutes late, as I discovered that there are downsides to using BackTrack3 as your default operating system. With my verbal capacity to talk at about 250 WPM and my feeble typing of 20 WPM, I found myself using about 12.5 expletives for each word produced. My true dependency on spellcheckers was also revealed, with several repeated furies of backspacing to correct grammatical errors and missed word insertions. However, the tipping point for me came at the moment I realized I was the only person without content...to copy and paste. Apparently, this is an accepted practice, and in retrospect makes sense. Actually, if I had carefully read the moderator's instructions, I would have known this fact. Bereft of pre-written intelligent responses, knowing that my ctrl-x/ctrl-v key combo was powerless, I accepted failure. I knew I should have just let my Darkbot auto respond.
The sum total of these "setbacks" resulted in my contribution consisting of only sentence fragments, misstatements, some comedic comments and random emoticons. By the end of the discussion (and once the pills started working), I had sort of got the hang of typing conversationally to several people. Unfortunately, everyone else had better things to do on a Friday night than sit in a chat room. I stayed and tried to talk to myself for awhile, but got bored, and the chat room closed.
I would, however, like to take a moment to praise myself for at least using proper netiquette and following the rules of accepted chat room usage.
- I did not type in ALL CAPS, nor did I use any over-exclamation!!!!
- Despite my "ethically questionable" past of being a h4x0r, I did not regress to 1337 5p34k and p0wn any n00bs.
- I did not perform any input validation testing and BEGIN { for (; ;) { printf ("didn't type any comments in the form of code") } }.
- I didn't connect through a BNC proxy server.
- I made no attempts at channel takeover, abstaining from riding the split or causing nick collisions.
- I did not use EnergyMech, nor deploy this perl script.
- And lastly, I didn't even consider using Trinity v3, Stacheldraht 1.666, or any IRC DDoS bot tools.
I still have yet to answer any of the original security questions asked last Friday, but will provide my responses through my blog. For now, you'll just have to settle for the historically obsolete IRC-hacking references I've shared.
***securityphreak has quit IRC (Max sendQ exceeded)
If anyone wants to chat: greyhat@computer.org