It’s been a crazy few months which culminated in the awesome (first) security and hacker conference called Brucon this past weekend. Volunteering for the conference, hosting the podcast for it and working together with some awesome people to make it the success it was were all very satisfying experiences for me.
Looking back at Brucon, I wouldn’t believe that this was the first time we organized something like this. Apart from some minor glitches, I don’t think anybody can complain about the conference. It had it all !
Great speakers on varying subjects (cyber warfare, kiosk hacking, social engineering, hackerspaces, … to name a few).
Food (free ! thanks to the brucon sponsors) and Drinks (at reasonable prices)
Quality workshops on varying subjects (VoIP, Wireless, digital ID, lockpicking to name a few)
A great location (can any place beat that lounge area ??)
A fantastic audience (thank you for attending)
As a volunteer, I haven’t seen all the talks, but you can find a good summary of most talks on http://www.c22.cc .
video of most talks will be available shortly on http://www.brucon.org
Today I think about the great people I have met in the past 4 days, the inspiration and the dedication to the same goal. Improve security by sharing knowledge.
Thank you and see you next year !
Dear Colt employee,
In the past few days I, as a customer, suffered a lot. Due to a sudden loss of connectivity to the interwebs in which I trust your employer to provide me with a stable and reliable connection. In the past 2 days however, this trust was tainted. And that was not YOUR fault.
I’ve been there. I’ve been called out of bed at 2a.m. for an emergency in a weekend and stayed up for 36 hours afterwards until the situation was normalized. I have been called names by end users that you wouldn’t even call your worst enemy. Seriously, I know where you’re at. I know what you are going through. I’ve seen the PHB standing before me in the server room, red-faced, blowing steam from his nostrils demanding that his e-mail be restored right now. God knows we can share those war stories over some beers (maybe even at Brucon ! If I have offended any Colt employee with my tweets or blogs, I didn’t mean to. This wasn’t a personal attack at all. I can only imagine how frustrating this situation must be for you. No, I haven’t worked on an ISP level but I’ve experienced cable cuts, broadcast storms, major power outages.
That said, my goal is (and always will be) to improve the way incidents are handled. On a technical AND and on a functonal level. If a company (yours as well as mine) experiences a disaster, it has to communicate clearly and without hesitance with the community formed by it’s customers.
Assume that I work for a company that relies on Colt for connectivity. And assume I do that with 200 of my colleagues. We have customers too, that ask us why we are not replying to e-mail. We, on our part, are unable to send out offers, orders, etc. We are cut of from our HQ. It raises questions for our customers and suppliers. Let me make this clear : we rely on Colt not only for quality service when there is connectivity but also, and maybe even more, when there isn’t. Those are the times when we need you. To provide us with useful information that we can use to reassure our customers. We didn’t receive anything.
<time lapse of 6+ hours>
I’ve been out for the rest of the evening/night because my grandmother, who was also my godmother, died suddenly after an heartattack tonight. At this moment I couldn’t care less for news from Colt.
It’s 3am CET now and I notice that connectivity has not been restored yet. The update on the Colt ‘Case Study’ page consists of nothing more than an update of the header and footer. As much as I appreciate the effort of all people involved, pulling allnighters and giving their all to resolve this issue, I still feel very let down by the company in its inability to correctly communicate with its customers.
In the night between September 7th and September 8th, around midnight , the Colt network in Europe went black. No, it wasn’t a little hickup, the network just went down. In the blink of an eye, their top-notch multi-datacenter, redundant cross-channel lines was degraded to zero. It didn’t last for an hour though, it lasted over 16 hours ! At this moment I can find no confirmation that the whole situation has been resolved and all services have returned to normal.
From outside (at least from my ADSL line) it looked like the whole network was vanished. All traffic just stopped at BNIX (which is the Belgian Internet Exchange).
Belgium, Switzerland and UK were among the affected countries, but nobody actually knows what happened … and that’s the worst part of this story. After a few hours into the working day, the support center switched to a recorded message saying they had a major outage and were doing everything to resolve it. The only online report on the outage was one by The Register.
Meanwhile, speculation started. Some blamed it on a severed underseas cable, some on a software update that went bad. And then there were the rumors about a DDoS attack on the Colt network. The fact is, NOBODY KNOWS !
As a company, Colt should have been much more open in their communication. By not letting your customers know that you are on top of the issue, that you know what is going on with your network and how to resolve this kind of issues, you have seriously damaged the trust in your service.
Sure, I know that serious claims are being written as we speak and this outage is gonna cost you a shitload of money but that shouldn’t prevent you from communicating openly with your customers.
I’ll post an update when more details emerge … right now I think we have found one more provider NOT to consider for our critical network projects…
Update 1 :
Apparently, Colt has added a message to the frontpage of their homepage (see the picture above). Just more fog …
I joined twitter quite some time ago and as I didn’t expect to engage in it very much, I chose some random nickname that didn’t actually represent anything, domdingelom. It was just a try-out …
In the past months I had thought about changing my twitter account to something more meaningful, as, you know, I became quite fond of the little tool and how it allows me to interact with the security community at large. I’ve learned a lot from the security tweeps. Finally, yesterday, I changed my nick to my real name. It only made sense since, I am no fancy avatar, I’m just me.
While changing my nick, the thought of registering an new account with my old nick, briefly crossed my mind but the following made me decide not to do it :
- I’m not THAT important for anyone to go and hijack my old nickname.
- It didn’t actually go back far (max. 12 months) and it didn’t really represent something. I couldn’t bother
One thing I forgot though is that, however small the risk, we’re talking about the security community here … Some guy or gal is gonna pwn your @ss whenever he gets the possibility.
So, my good friend Didier registered an account today with my old nick and since he knows who I interact with (I had unprotected tweets until yesterday AND he is on my friends list) and briefly tested it’s possibilities. Quickly he tricked some of my contacts into talking to him, believing he was me.
I learned a few good lessons today :
- In the security community, take nothing for granted.
- Your online ‘person’ is can be a valuable asset
- Twitter doesn’t protect ‘dropped’ nicknames, you better register a new account with your old nick if you don’t want somebody else to do so.
- It’s better to be pwned by a friend than a foe.
On the bright side, it’s only 17 days until Brucon starts … I’ll have a chance to unleash my demons upon Didier there … Didier, you are forewarned 
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire