Category: Uncategorized

If you’re the smartest person in the room…

May 2, 2014126 Views

I have a mentor who sends me a motivational quote a couple of times a week and today he dropped this on me:

If you’re the smartest person in the room, then you need to find another room.

I have heard that quote before and actually used it in an opening slide of a talk to make a self deprecating joke. I get the underlaying meaning of the quote but I think few people would actually admit to thinking that they are the smartest person in the room.

So either the person who wrote this quote was an egomaniac or wasn’t clear in his writing. Here is what I think he is talking about:

I have an amazing four year old at home who challenges me all the time by asking me questions I don’t know the answer to (Why are bananas yellow?) and asking me questions that make me think about life (Why do we have a house and my friend lives in an apartment?).

To be honest a lot of time I turn into this guy:

One thing my son does everyday is challenges me to think and learn. So after thinking about that quote for a little bit I responded with this:

If you’re in a room with people who don’t challenge you, then you need to find another room.

Are you being challenged in your personal and professional life or is it time to find another room?

Malicious Copy and Paste Appending

April 28, 2014164 Views

Earlier today I was reading this article on Rollingstone.com about how FXX plans to show all 552 episodes of The Simpson’s this August and noticed when I copied anything from the website it appends a link and copyright notice. That got me thinking about what else could be appended to copied text and how bad guys could use.

So after a little looking around I found this JavaScript that will append text to anything copied. To test my theory out I setup a secondary tumblr account called badcopypaste.tumblr.com and added this javascript to the head of the document:

javascript<script type=“text/javascript”>
function addLink() {
   var body_element = document.getElementsByTagName(‘body’)[0];
   var selection;
   selection = window.getSelection();
        var pagelink = “<br></br> du <br></br> ; // change this if you want
   var copytext = selection + pagelink;
   var newdiv = document.createElement(‘div’);
   newdiv.style.position=’absolute’;
   newdiv.style.left=’-99999px’;
   body_element.appendChild(newdiv);
   newdiv.innerHTML = copytext;
   selection.selectAllChildren(newdiv);
   window.setTimeout(function() {
       body_element.removeChild(newdiv);
   },0);
}
document.oncopy = addLink;
</script>

and posted this post:

When you copy and paste the echo $PATH command in Firefox and Chrome you get this:

echo $PATH

du

If you copy and paste directly into a terminal window you get this:

In the javascript I added a non-malicious DU command as an example. You cant see it until you already pasted it and it could just as easily been rm -rf / or a command to SCP all your SSH keys to "The Bad Guys™”.

That is why it is always a good idea to paste all commands into a notepad and not directly into a terminal and a dumb idea to let javascript add information to your clipboard.

Tags capitol, jcmo, missouriApril 20, 2014182 Views

The Missouri Capitol in Spring

How To Be A Security Expert On Twitter

April 15, 2014186 Views

So you want to be a Twitter security expert? I have come up with an easy to follow list to make sure you are:

All Cons, All The Time!
If you are not tweeting about flying to, attending, partying at, or flying home from a con at least once a month you cant be a security expert. Also try not to mention what you actually do for a living. It removes some of the expert shine.

Be an expert on EVERYTHING.
Heartbleed? Drones? Malaysia Airlines Flight 370? Top Secret NSA Domestic Spying Programs? Windows Patching? Programming? All in your wheelhouse. If you are going to be a twitter security expert you need to know this stuff. Skimming half a wikipedia page qualifies you to speak on any subject authoritatively.

Everything is your business.
A company you own no stock in appoints someone you dont like to their board of directors or CEO? Good thing you are an expert on EVERYTHING! Time to be really outraged and let everyone know it!

It is all about you!
This is the main rule of being a security expert on twitter! Every time somebody expresses an opinion with which you disagree, they are doing it to anger you personally. It would be wrong to not to take it as a deeply personal insult.

How many followers do you have?
Make you sure you are have at minimum one bot a week tweet about how many followers, re-tweet and mentions you have. You need people to know how important and influential you are!

My goodbye letter to Windows XP

Tags goodbye, windows xpApril 8, 2014174 Views

Dear Windows XP,

So this is how it feels to feel abandoned? That is the question you have to be asking yourself this morning. For the last 4549 days you have been a constant workhorse for PCs around the world and this morning Microsoft has decided that you are no longer worthy of support.

I remember the first time I meet you. I was a 20 something systems admin who was in love with Redhat 7.1 and I thought you were going to be the end of the enterprise operating system. A few service packs later you were a solid work horse who did her job without any real complaints.

You have been great to me and my career. I owe you a lot and until Windows 7 came out you had been what I have used and supported nearly every day of my life for 10 years (I am still sorry about that fling I had with Vista in 2007. She was shiny, pretty and had so much promise. I am wrong and glad we can move on.).

I know you will live on in unprepared and underfunded schools, banks and grandparents systems for the next 10 years but I am going to miss you. Thanks for all the good memories you gave me and thanks for taking me this far in my career!

Yours Truly,

Jerry Gamblin

Tags motivational, quotesMarch 29, 2014187 Views

Life’s greatest difficulties always happen right before life’s greatest breakthroughs.

Tags leadership, quoteMarch 28, 2014218 Views

If you’re tired of starting over, stop giving up.

How To Disable Twitter Photo Tagging

Tags security, TwitterMarch 27, 2014287 Views

Twitter added a photo tagging feature today and like Facebook decided to have the default setting to allow anyone to tag you.

For your own saftey you should change it to this:

The steps to do this are easy:

1) Login to Twitter.com
2) Go to the Settings tab.
3) Go to the Security tab.
4) Under Photo Tagging click “Do not allow anyone to tag me in photos”.
5) Scroll to the bottom of the page and Click “Save changes”
6) Enter your password to save your changes.

The Goonies is my favorite hacking movie.

Tags goonies, hackingMarch 24, 2014278 Views

My favorite conference asked the following question this morning:

#44CON QOTW: If you could watch two hacker films the night before 44CON what would they be? Just erm asking

— 44CON (@44CON)

March 24, 2014

My answer was the noncontroversial WarGames and the controversial The Goonies.

My friend Steve Lord asks the question that inspired this blog post:

@JGamblin @44CON is the goonies a hacker film?

— Fake Steve Lord (@stevelord) March 24, 2014

Why yes it is. Please let me explain:

Gooines: A group of working class families are being evicted from their houses to make room for an expansion of a country club.

Hacking:

Goonies:

Hacking:

Goonies:

Hacking: Data was the original hardware hacker. Any security conference you attend will have at least one talk of someone hacking non security related hardware.

Goonies:

Hacking: The Fratellis are basically a group of blackhat hackers who think they are a smarter than they really are and can be easily defeated by a group of teenagers.

Goonies:

Hacking: The hacking community is basically built on taking a group of socially awkward people and forming tight knit and caring communities.

Tags leadership, quoteMarch 23, 2014181 Views

If you aren’t training new leaders you are on autopilot and you won’t succeed.

Older Posts

Newer Posts