the routine

the routine

professor's have something to say,
i tell my students.
i wear a nice jacket.

a northeast school, goulashes
naturally. sludging, dredging
in uneven bounds to my apt.

she left,
it didn't work out.
no kids.

one more semester
another book tour
will it ever end?

most-loved love-scenes

most-loved love-scenes

once firm heart, an instrument.
once tightly twined strings:
the notes respond to your touch,
to the sinews you're attending to -

it was all a movie dream

so since have been sent flying
violently, ripping & lashing out
like whips against my ribs.

now i'd prefer even those
mean-looking polar bear kisses
over most other activities.

a lesson learned only once,
and in an emergency room:
never trust a sexy nurse
w/ a major operation.

Penetration Testing and its Role in Enterprise Risk Management

For me personally, the technical aspects of penetration testing associated with what roles they play in the risk assessment and risk management process are most closely related to my future profession in the information security field. It’s interesting to see how the risk management process for organizations in today’s global Internet economy incorporate penetration testing along with other tools and measures to develop a thorough understanding of the risks they face.

Penetration testing simply refers to an approach used to evaluate the security of a computer system, network, or Web application. A penetration test consists of security experts simulating malicious attacks upon a client system seeking information pertaining to potential vulnerabilities. Vulnerabilities discovered from the testing are often the result of improper system configuration or errors in code. Successful penetration testers are able to obtain a comprehensive understanding of the target and manipulate it in a manner developers did not foresee as being possible. Following the completion of a penetration test, any security issues found are presented to the system administrator with the potential impact they may have along with relevant solutions to mitigate the problems.

Penetration testing is an interesting piece of the puzzle in regards to business risk management and risk assessment. It can be used as a tool to help an organization decide between taking action or inaction in combating technical risks appropriately. In today’s information age, organizations understand that technical risk is inevitable. In order to succeed organizations must learn to embrace such risks and approach them intelligently and effectively.

Due to the dynamic nature of risk in today's information age, risk management is a continuous process. Therefore, it is necessary for an organization to perform a penetration test whenever there are dramatic changes made to the system. Also, following the completion of a penetration test it is important to pervasively communicate the results throughout the organization. “Communicating the results of the assessment process ensures that the risks are understood throughout your organization, and can also bring to light vulnerabilities that had gone previously unnoticed. Additionally, it also helps facilitate the policy-development process.” (Andress 42)

Penetration testing is simply an additional tool used by organizations to obtain a clear, comprehensive understanding of the many technical risks they face. In the risk management process, penetration testing enables an organization to analyze their vulnerabilities, devise potential safeguards, and develop mitigating policies. This provides them with a holistic view of the many risks associated with their business.

why i love digg comments

the high tower

the high tower

like a real liquid river
flowing, or those elements
in a different state maybe,
false clocks tick away
w/ relative consistency;
fixed until broken.

my bed is guarded
from invasion over the rug
by a worn clothes moat
and i'm in a sleep state
inside the castle having
the sweetest coma dreams.

there's cement in my mailbox
& my phone might be tapped
but if so it's only recorded
conversations i've imagined.

cult initiation hic-cups

cult initiation hic-cups

an end took shape up ahead
where no edge earlier was,
but once seemed endless
& safe; like an infinite blanket.

& what an unfortunate opponent:
his mountain of pebbles, as tiny as white lies
piled up high, lifting his clumsy step
to the sudden, but inevitable, cliff-drop.

if a tree falls alone in a forest
but no one's around to see it,
who's fault was it?
i demand an inquiry
into this unexplained
phenomena.

New Security Documentary: 'The New Face of Cybercrime'

Apparently there is a new security documentary coming out in upcoming weeks (or months) honestly I'm not sure when, which discusses the new breed of cybercrime in today's information age.

No longer is hacking simply considered a hobby of your typical teenage pimple faced introvert but rather a tool used to carry out organized crime on both a domestic and global level. Following is a trailer for what appears to be an auspicious project and features the one and only RSnake from ha.ckers.org.

NSF Cyber Security Scholarship for Service Job Symposium

I've just returned from Washington DC where I was fortunate enough to attend a rewarding, government funded, cyber security job symposium. It was a four day event with some great speakers, interesting presentations, and countless opportunities to interact with cyber security professionals from a number of the federal agencies including the FBI, CIA, NSA, DHS, DoD, and Secret Service as well as some FFRDCs (Federally Funded Research and Development Centers) like MITRE. I plan on doing a brief write up with a summary of the event as well as my impressions of the symposium and posting it here within the next few days.

Until then, check out this new rIP (reverse IP) tool which takes a hostname or IP as input and returns all the vhosts running on the same IP address.

Obama's Perspective on the Need for Advancements in Science and Technology Research

Following is an interesting excerpt I came across earlier today from Barack Obama's most recent publication, "The Audacity of Hope". It really puts things in perspective and makes one realize how our federal government could more effectively use the billions of dollars being wasted on the War in Iraq for something far more beneficial to our country and its citizens.
------------------------------------------------

There's one other aspect of our educational system that merits attention--one that speaks to the heart of America's competitiveness. Since Lincoln signed the Morrill Act and created the system of land grant colleges, institutions of higher learning have served as the nation's primary research and development laboratories. It's through these institutions that we've trained the innovators of the future, with the federal government providing critical support for the infrastructure--everything from chemistry labs to particle accelerators--and the dollars for research that may not have an immediate commercial application but that can ultimately lead to major scientific breakthroughs.

Here, too, our policies have been moving in the wrong direction. At the 2006 Northwestern University commencement, I fell into conversation with Dr. Robert Langer, an Institute Professor of chemical engineering at MIT and one of the nation's foremost scientists. Langer isn't just an ivory tower academic--he holds more than five hundred patents, and his research has led to everything from the development of the nicotine patch to brain cancer treatments. As we waited for the procession to begin I asked him about his current work, and he mentioned his research in tissue engineering, research that promised new, more effective methods of delivering drugs to the body. Remembering the recent controversies surrounding stem cell research, I asked him whether the Bush Administration's limitation on the number of stem cell lines was the biggest impediment to advance in the field. He shook his head.

"Having more stem cell lines would definitely be useful," Langer told me, "but the real problem we're seeing is significant cutbacks in federal grants." He explained that fifteen years ago, 20 to 30 percent of all research proposals received significant federal support. That level is now closer to 10 percent. For scientists and researchers, this means more time spent raising money and less time spent on research. It also means that each year, more and more promising avenues of research are cut off--especially the high-risk research that may ultimately yield the biggest rewards.

Dr. Langer's observation isn't unique. Each month, it seems, scientists and engineers visit my office to discuss the federal government's diminished commitment to funding basic scientific research. Over the last three decades federal funding for the physical, mathematical, and engineering sciences has declined as a percentage of GDP--just at the time when other countries are substantially increasing their own R & D budgets. And as Dr. Langer points out, our declining support for basic research has a direct impact on the number of young people going into math, science, and engineering--which helps explain why China is graduating eight times as many engineers as the United States every year.

If we want an innovation economy, one that generates more Googles each year, then we have to invest in our future innovators--by doubling federal funding of basic research over the next five years, training one hundred thousand more engineers and scientists over the next four years, or providing new research grants to the most outstanding early-career researchers in the country. The total price tag for maintaining our scientific and technological edge comes out to approximately $42 billion over five years--real money, to be sure, but just 15 percent of the most recent federal highway bill.

In other words, we can afford to do what needs to be done. What's missing is not money, but a national sense of urgency.

"The Audacity of Hope" - Barrack Obama (p165-167)


VOTE OBAMA IN '08