ramblings of a {sys,net}admin…

Bradley Kuhn, John “maddog” Hall, and Max Spevack are just a few of the speakers that will be on-hand to talk about Linux, open source, and Free Software. We have a full day of exciting, community oriented presentations for everyone who’s interested in learning more about Linux and open source.

Of course, all work and no play makes for dull geeks. Drew Curtis, of FARK, and the Linux Link Tech Show will host a conference kick-off/FARK party on Friday, September 28th (6pm till whenever) at Barley’s Brewing Company, just across the street from the Convention Center. And, of course, after a long conference, we can unwind at the legendary linuxfest afterparty in the Hyatt Regency Union Room, sponsored by Google with entertainment by NOTACON. We’ll have food and drinks from 8 p.m. until midnight.

Please help us spread the word to as many people as possible. Let them know that the Ohio Linuxfest is taking place on Saturday, September 29th, at the Greater Columbus Convention Center in Columbus, Ohio. The deadline for registration is September 21, so be sure to sign up for the LinuxFest today! Registration is free, and the sign-up on the web site takes just a few minutes!

See you in Columbus!

For those of you who are new to National Preparedness Month, the U.S. Department of Homeland Security sponsors NPM each September to encourage Americans to prepare for emergencies in their homes, businesses, and communities.

In addition, U.S. Senators Joe Lieberman and Susan Collins, and U.S. Representatives Bennie Thompson and Peter King, have agreed to serve as honorary Congressional Co-Chairs of National Preparedness Month 2007 and lead the effort on Capitol Hill to increase public awareness on the importance of emergency preparedness.

Citizen Corps and the Department’s Ready Campaign work closely together to promote NPM throughout the country, but we need your help! You can make this the best NPM yet by planning and supporting preparedness activities in your communities and organizations. Need ideas? NPM 2007 will focus on several different areas of emergency preparedness:

• September 1-8: Back-to-School
• September 9-15: Business Preparedness
• September 16-22: Multicultural Preparedness
• September 23-30: Home and Family Preparedness, including pets, older Americans, and individuals with disabilities and special needs

For more ideas, visit our website to read about NPM.

Thanks, Mark Brostoff, CERT Monroe County Citizen Corps

Hahahaha, hilarious!

Undercover reporter Michelle Madigan (Associate Producer of NBC Dateline) got a little more than she bargained for when she tried to sneak in to DEFCON 2007 with hidden cameras to get someone to confess to a felony. When DEFCON staff announced the “spot the undercover reporter” game and told the audience that an undercover reporter was taking video to catch someone confessing to a hacking crime, Madigan bolted from the conference premises followed by a pack of ~150 DEFCON attendees and reporters trying to photograph and video tape her.

[ Read more… ]

This year’s Ohio LinuxFest will be held in Columbus, Ohio, on September 30th. We went to this last year and had a pretty awesome time (photos here), even if I don’t remember large portions of it.

And don’t forget to register!

The Unix Systems Support Group of the University Information Technology Services of Indiana University (try saying that five times fast) is hosting their annual LinuxFest this Friday, April 14th. It will be held from 10am-4pm in Alumni Hall at the Indiana Memorial Union. This is a great event every year and I encourage everyone who can attend to do so.

Thanks to $boss who is letting me attend while on the company’s dime! =)

Just hours ago I wrote “Tornado in Mitchell?”. Well, apparently there was. WRTV news is reporting “Three Tornadoes Hit Indiana Sunday, Weather Service Says”. Apparently, the National Weather Service has confirmed that an F-1 level tornado passed through Mitchell Sunday evening.

If you haven’t already seen them, check out my photos of the storm damage in Mitchell. NOTE: You may reproduce and/or redistribute any of those storm photos without restriction, provided that you properly attribute “jeremygaddis.com”. If you’re interested in downloading a single ZIP file of all the photos, please send me an e-mail.

Sunday night we got some pretty good storms around here (”here” being Bloomington, Indiana). I’m from Mitchell, Indiana, 40 minutes to the south, a small town of about 4,500 people. Late last night, I heard on the Indianapolis news that there was some pretty extensive damage in Mitchell. Did I mention that 98% of my family still live there?

Well, I headed down to Mitchell to help do some “clean up” work. About the time I was getting ready to head back to Bloomington, I realized I had my digital camera in my truck, so I drove around a bit more and snapped some photos of the storm damage in Mitchell.

According to the Bedford Times-Mail, Mitchell Mayor Butch Chastain stated that a National Weather Service employee told him that it was an F-1 tornado that came through Mitchell, thought the National Weather Service has yet to confirm that.

The Bedford Times-Mail ran an article today entitled “Former officers sentenced for fraud”, which describes the effective “slap on the wrist” given to two former officers of the Mitchell (Indiana) Police Department for committing fraud.

Feel free to read the full article for all the details, but in a nutshell: John Flynn, a dispatcher for MPD, hit a deer in his truck. Assistant Police Chief Michael Brewer falsified a crash report for Flynn, lying about the date of the incident, giving Flynn time to obtain full coverage insurance from Progressive Casualty Insurance Company.

This pisses me off majorly for two reasons: first, as a former resident of Mitchell, I’m all too aware of how all the law enforcement and public officials “look out for” one another; secondly, my vehicle insurance is through Progressive. It’s shit like this that makes MY insurance rates go up. Anyways, the fact that the officers got off with a suspended sentence (that means NO jail time whatsoever) is a huge disservice to all of us citizens. I felt so strongly about it that I composed a letter to the editor, shown here:

After reading “Former officers sentenced for fraud” (Times-Mail, 03/02/06), I was awestruck at the sentences imposed on the defendants in this case. This seems like just another case of law enforcement looking out for their own.

The defendants in this case — both employees of the Mitchell Police Department when the incident occurred — received 180-day suspended sentences and one year of probation each. Brewer and Flynn received the equivalent of a 10-minute “timeout” that parents often give their children. I’ve seen harsher sentences handed down for MUCH lesser offenses.

Those involved in prosecuting this case have committed a huge injustice to all of us as citizens. This case had the opportunity to be a huge lesson to those that we trust “to serve and protect” and present a major deterrent in case others have the same idea of abusing their power in the future. It could have caused them to think twice before violating the ethical code and high moral standards that we uphold them to.

Unfortunately, the officers involved are not the only ones who have done us wrong. The prosecutors of this case should be held accountable for not prosecuting this case as fully as they could have. Indiana Code 35-44-1-2 declares “Official misconduct” to be a Class D Felony, punishable by up to three years in prison. I’ve reread the article many times, but nowhere did I see any mention of a conviction for “official misconduct”.

Perhaps I’m wrong. Perhaps an investigation by the Indiana State Police and an admission of guilt from one of the involved parties was not sufficient evidence for a conviction for “official misconduct”. Then again, perhaps it’s just another clear cut example of the “good ol’ boy network” that dominates our local governments.

Kudos to Mitchell Police Department Chief Mike Hardman, who contacted the Indiana State Police to initiate an investigation in this matter. Perhaps there is at least one person in local government that us citizens can depend on.

As a paying customer of Progressive Casualty Insurance Company, you can bet your socks that I’ll be contacting them as well to encourage them to pursue this matter to the fullest. It’s fraud like this that causes all of our insurance costs to rise.

Brewer	Flynn

I’ve been on what seems like a virtual scavenger hunt today. For some reason, I feel like going to some more conferences. A few months ago, I went to the Security 505: Securing Windows course put on by SANS (yes, I passed the exams).

I’d like to take the SSCP exam sometime within the next few months. It’s actually being offered in Indianapolis and Louisville in May, so I may try to do that. For less than $400, the price isn’t bad and should be an asset, until I meet the experience requirement for the CISSP.

A number of universities host the SANS courses, often at great discounts to employees of the government and educational institutions. Since I fall into the latter category, I can get excellent discounts on them. For instance, the SEC 505 course I went to cost $750 for .gov and .edu employees, and nearly $3,000 for everyone else. Virginia Tech is hosting the SEC 504: Hacker Techniques, Exploits, and Incident Handling course in a couple of weeks. The course is $600 and the exams are $300, so that’s only $900. Since I know $boss can’t really spare the $900 out of our budget (which is sad), I’d just about pay that out-of-pocket. I’m not sure I can get the “okay” to go on such short notice, though.

Oh, I’m going to be speaking at Notacon 2006, can’t remember if I’ve mentioned that before or not. That’s four days or so that I’ll be out of town. I’ll be speaking about Patch Management in a Windows environment. Nothing spectacular, will just demo deploying Service Packs through GPOs and managing Windows Server Update Services in large(r) environments. Anyways, it gets me in free.

I came across the Defcon web site as well. Though I’ve wanted to go to Defcon for years, I’ve never managed to make it. This year it’s August 4-6th (in Las Vegas, of course), and I’m definitely going to try to get out there for that. Never been to Vegas, so that should definitely be fun. I suddenly have this feeling I’ll be broke when I get back, though. Hmm.

About two weeks ago I was in Muncie, Indiana for the “Cooperative Computer Incident Response” conference put on by CERIAS of Purdue University. It was pretty interesting and we got to hang out and exchange info with a number of law enforcement guys (Indiana State Police and FBI guys). Oh, that one guy from the ISP didn’t wash his hands after taking a leak, but I can’t remember his name…

Anyways, I’m always on the lookout for good security conferences to go to. Let me know if there are any good ones coming up that I’m missing out on. Bonus points if they’re in the State of Indiana.

On February 16th, I’ll be giving a talk on Ubuntu Linux to the Ivy Tech Computer Club. To be honest, I don’t a whole lot of experience with Ubuntu, other than occasionally firing up Firefox on it, since I do have an Ubuntu box here on my desk.

What are some of Ubuntu’s strengths that should be pointed out to a number of College students who’ve never touched Linux? Are there any major issues with Ubuntu? What would you highlight if you were giving the talk?