Suck butt!

Man, this has not been my week! Last Friday I received a deadline for a project I was not really ready for (deadline: change by Thursday with international communication and preparation, usually requiring nearly a week of lead-time).


Friday was also a meeting with my local IT Security professional group. I should not have gone, given my deadline. But like the moron I continually prove myself to be, I went... but wait, the moron story continues.

Thinking the location had wireless Internet for visitors, I fired up Kismet to figure out what settings I needed for Internet access to VPN back and keep abreast of the developments in my project. I would have asked but I was already 15 minutes late and didn't want to disrupt the meeting further. There was one unencrypted network, but the SSID wasn't broadcast. Hoping for something identifiable as "visitor" or "public" or something else, I thought I'd let it sit for a minute and pick up the SSID. I got distracted by the meeting (and a little bit of tinkering to get echod to return correctly), I forgot about Kismet running until the location security officer came and squatted next to me.

The gentleman asked me what I was doing on wireless. I was about to say "nothing" when I remembered Kismet was running. Kismet is undetectable, but honesty is important to me, so I showed him the Kismet window. I honestly didn't expect him to get angry, but he did. Visibly disturbed, he asked me to delete the datafiles collected by Kismet. I obviously didn't have any problem with that, so not only did I remove the data files, but passed them through the shredder first (unix command "shred") to make sure they were unrecoverable.

The gentleman still didn't seem very pleased, so I suggested that we take a walk. I apologized profusely, he told me quite firmly that this was unacceptable. He then asked me to never again bring a computer or other device/tool to their location. While I thought that was a bit harsh, I agreed.



Let me take a moment for an aside. Kismet is a wireless audit tool which is completely passive, leaving no indication of its use. It does not cause damage or disruption of service. Due to its invisible nature, I expect that everyone is running Kismet on my network at some point or another. Educated defense must expect this, in my opinion. Still, I need to capitalize on this opportunity to learn...



Back on track. I get a voice-mail from my boss at 6:45pm. Although I was feeding my infant and packing for a trip, I knew I'd better call him back (I'd have talked to him sooner but he forgot to turn on his cell-phone ringer).

The gentleman had contacted my boss, and was very angry (partly because *he too* had to wait for my boss's cell-phone issue), and demanded that my laptop be siezed and wiped. (let's be reasonable, this is *my* laptop!)

My boss kindly asked what was planned for the laptop over the weekend. He asked if I could bring it in just to have my counterpart forensic analyst verify that I did what I said to the other gentleman. Wanting to be helpful (I have nothing to hide) I told him I would leave it home and not touch it. Of course, I started having hard drive issues the day before. @#$%!



I'm running out of time, and you're likely out of interest. To make a long story short, my hard drive was failing, but we were able to get a good image (like the third or fourth try), of course I hadn't done anything nepharious, and I had nothing to hide. They were able to clear my name (as much as was possible), mid-week... It was a difficult week, busy and hectic and draining.

Thank God it's over. It's still hectic and crazy, but at least I learned a few things:

1. There are many people driven by fear (or worse), not knowledge


2. I must learn to keep out of danger from those people


3. Honesty has a slow ROI, but a very powerful one

My boss and team lead were both very supportive, because they know and have come to trust me and my intentions. They know I value and effort integrity. Their support was very well appreciated.