Latest News

Brian Baskin's Site (FWIW)

Dissecting the Hack: The F0rb1dd3n Network

Last Updated on Monday, 26 October 2009 05:59 Written by Administrator Sunday, 25 October 2009 15:50

An incident came to light this last week, when the new book Dissecting the Hack: The F0rb1dd3n Network was reviewed by Wesley McGew, wherein many occurrences of plagiarism were found. The issue went public very quickly, and the lead authors came out in defense of their work. The issue arose in the technical reference portion of the book. To help complete the book, the lead authors, Jayson Street and Kent Nabors, allowed the technical editor, Dustin L. Fritz, to write the large technical portion. It was this technical portion, written by Dustin, that contained the plagiarism. I was shocked. I've met Dustin, and even had dinner with him and his wife and others at TechnoSecurity this year. I met him through my personal friend, Marcus Carey, who brings together many experts in the Baltimore/DC area through his DojoSec meetings. I just wouldn't expect the great cardinal sin of technical writing to be performed by him on this project.

The end result is that the credibility of two great people in the InfoSec world has been tarnished over a labor of love that they've been working on for years. But, that can be fixed.

It's a bad situation, but it is being rectified. Syngress, the book's publisher, has come out with their official statement and is working to correct the situation. Dustin L. Fritz will no longer be working on any Syngress project. The cache of copies of the book will be destroyed and a new ISBN created. The technical volume will be completely eradicated and redone with a group effort. The details are still being worked out, but Marcus Carey will be leading the charge to interview the authors of the tools and methodologies used in the book. I will be the technical editor on this portion to ensure that it is relevant, accurate, and fresh material.

You can review the latest happenings with this book project at its dedicated community site.

I'll do whatever I can to help make this book the best it can be. How? Well, here are some of my credentials. In my day job, I'm the Deputy Technical Lead for the Department of Defense Cyber Crime Center's Training Academy (DC3 DCITA). I spend much of my time overseeing various research projects into incident response, forensic analysis, and network intrusions. I am part of the review cycle on over two dozen technical reference guides on cyber crime that our organization produces for its training courses. The issue of plagiarism has come up before. I've seen blocks of text: paragraphs or even page-long blocks, uncited and copied from other sites. If you know how to find it, it's actually very easy to see. We've been able to see these issues and stop them before they ever make it into the book, and provide additional training to the developer that made the mistake (which, many times, are purely by accident). I've been writing forensic technical manuals for nearly ten years, so I'm pretty good at what I do.

I've also authored and co-authored five books with Syngress. One of the chapters I wrote was republished into a best-of book, so I claim six books :) Book authoring is a very difficult and time-consuming job. For most of the books I've worked on, I was brought in by Syngress as "the closer". If a book was getting behind on its schedule, and a chapter needed to be done quickly to get it back on schedule, I would be brought in. I wrote the three chapters of my first book, Securing IM and P2P Application in the Enterprise in a month. The third chapter was written in a 24-hour period of no sleep. It was also an eye-opening chapter, as I originally wasn't planned to do it. Instead, someone else wrote it and the technical editor (Marcus Sachs) found material in the chapter plagiarized from his own works. Since Syngress caught it early, the original author was stricken from the contract and I re-wrote that chapter.

Syngress has a great niche in the service they offer. The Information Security field is filled with really bright individuals that need an outlet to let their genius flow. Syngress provides this. With their new staff of editors, including Angelina Ward and Rachael, they have my full faith in making the best of this situation.

The arrival of our second child

Last Updated on Sunday, 25 October 2009 17:55 Written by Administrator Thursday, 22 October 2009 15:27

On Tuesday, 20 October, my second son was born into this world at 1139. It was... an interesting experience.

Early in the pregnancy my wife had decided that she didn't want to know the gender of the baby, and no one should either. I won out and found out that it was a boy from the ultrasound tech and tried to keep it a secret for many months. We had girls' names all picked out, but none really for a boy. Yet, I couldn't push the issue as that would give away the gender.

My wife had me stay home from work on this Tuesday, as she was two days past the due date and feeling like it would come soon. We had already planned on a homebirth with two midwives coming to assist in the delivery. However, the entire "hard" part of labor was less than two hours and the midwives didn't arrive in time. Meaning, that I had to catch the baby. The midwives arrived just 7 minutes later.

Tristan Blaise Baskin, 8lbs 14oz, 21 1/4", was born very healthy and strong. And it was a very strong family moment for us to deliver the baby with just our family, and our five year old cutting the cord. No overbearing "hurry so we can free up the room" hospitals, no over-trained doctors that want to make it interesting for their own sake; just a nice, natural birth.

Putting the Lightning up for sale

Last Updated on Sunday, 25 October 2009 15:49 Written by Administrator Saturday, 16 May 2009 21:35

In a pretty dramatic move, I've decided to sell the Lightning. The first thing people ask is why. Here's why:

Another child on the way and a larger vehicle is needed (such as a minivan)
We really need to consolidate our cars down to just two. So, the Lightning and the Volvo are going up for sale to buy a single, newer, vehicle.
I don't get as much happiness out of the truck now. At most, I drive it an hour a month due to other obligations. I don't see that getting better in the near future.
Also, I find myself wanting a more plush ride. Mid-life crisis? I find myself considering taking the truck last, after all my other cars. I'm loving my Volvo right now, but it's getting up there in mileage (236K) and is almost a high-mileage ride.

To get this done, I've had the truck put through Maryland Safety Inspection, which is required in Maryland for all title transfers. It was about $600 in repairs for that: new windshield, some new wiring, new rear leaf hanger, and other minor things. I just had the rear end rebuilt, new rear brakes, and fixing up a ton of minor issues.

She's about to go back in this week for another small item: putting the factory transmission pan on. I've had tons of leak issues, and come to find out it was the new Derale cooling pan I bought from Summit. There's a kink in the corner that's leaking fluid out at a slight rate. But, on my inclined driveway, sometimes it comes out fast. That's getting fixed finally.

So, there it is. If you want to see more information, check out my other domain, which I've changed to be a selling site for her: www.mdsvt.com

Update: But, it's already sold :) In July the new owner came along and bought her up.

DC / Maryland Security Conferences

Last Updated on Sunday, 15 March 2009 07:45 Written by Administrator Sunday, 15 March 2009 07:41

There have been many attempts by different groups to start up regular security chats here in the Balt/DC corrider. After all, THIS is the home of IT security and government compliance... at least I keep telling myself that to put up with the weather, people, and traffic. Ahh, cognitive dissonance.

However, I have to give a hand to my friend Marcus Carey for putting one together that has gained a lot of traction: DojoSec. The event started last fall as a monthly dinner party for security professionals and enthusiasts. Based in Columbia, it was hosted in a spare conference room at the Howard County Community College building on Gateway Drive. We all got together and Marcus treated us with food and three talks by experts in various fields. A single night can see talks range from network analysis, to policy compliance, to iPhone forensics.

This last event seemed to really seal the deal. It was near standing-room only in the room, and the dozens of pizzas went fast! It looks like the event outgrew the venue, so next month it looks like it's being moved to the auditorium at Capitol College in Laurel. How full was the event? Check out the images on Dustin Fritz's blog

Kudos to Marcus for putting this together. I think everyone should make an effort to schedule themselves in to attend, the first Thursday evening of every month.

Entry is only $1, but you're invited to donate as much as you think the talks are worth to cover the expenses of the event.

Rising tuition costs

Last Updated on Monday, 22 December 2008 18:46 Written by Administrator Monday, 22 December 2008 18:45

After over four years of attendance at Strayer University, I'm really sick of it. The school is not bad, and neither are the courses, but the tuition is getting out of control. Every semester there is a substantial increase. In those four years, tuition has risen 22% per semester. The overall effect of this is that my company's education reimbursement, which is a bit antiquated, isn't keeping up. At only $7500/yr ($5250 tax free), I used to be able to take six classes a year. At the new tuition rate of $1510/class, I just went below the 5 class/yr ratio. This extends my school time out an additional few semesters and guarantees that I'm paying over $800 out of pocket each year just for tuition.

And what happens when you extend your degree out too long? Strayer forgets about you, cancels required classes, and leaves you in limbo. It's been a year since I finished my Associates Degree, but they still can't figure out the paperwork to reward it to me.