We’re back once again in the Outer Banks (OBX) of North Carolina, enjoying a few days of fun in the sun with Caren’s sister and family. It’s always a fun trip. We get a nice big house up at the northern end of the area, just north of Corolla Light House. It’s a bit crazy with 5 couples and about 8 or 10 toddlers running around -- generally screaming or sleeping, and the kids are even worse.

Anyway, one of my favorite activities here is to hop on my bike and go for a nice longish ride. My daily ride at home is quite hilly (about 27 km, with 500 metres of aggregated ascent). Here, things are pretty flat. So, I put a pair of “skinnies” on my bike -- slim tires for the flat road conditions here. Also by comparison, I generally average about 17-18 km/h on my daily ride, but here I’m finding 25 km/h is quite feasible to maintain, even on my “fully” -- full suspension mountain bike.

So, today I headed out for a ride after we took the hounds on the beach for a romp and made a breakfast that couldn’t be beat. At just 44 km, I didn’t go insane, but I did enjoy the ride very much. Then the fun began...

On my ride north, I’d just come out of one of the subdivisions around Pine Island when I encountered a “roadie” -- a road bike. The rider was sporting full roadie gear, including elbow rests and aerodynamic head gear. I wasn’t trying to show him up or anything, but I pretty quickly caught up with him. I drafted him for a km or so, but then he slowed down to rest his legs a bit and I all but catapulted past him. It’s a pretty safe but general rule that roadies do NOT like being passed by mountain bikes, and being passed by a “fully” is about as full an affront as one could find.

Sure enough, within a couple km, he wanted to show me that he wasn’t going to be beaten by a fully. Zoom, he passed. He certainly had every advantage, and I was just there for a fun ride, so no problem. But then, by Tim Buck II, I had caught up to him again. He seemed a bit surprised, but no big deal. Then, he swerved a bit to avoid a car coming out of a coffee shop and zoom, I launched past him again. He was NOT pleased.

To avoid a nuclear showdown, I pulled into the next beach community and rode for about 5 km parallel to the highway. Figuring I’d averted a full fledged war, I left the subdivision and got back on the highway. There he was again... This was too good to let go.

I quickly caught up with him by Corolla Light, when he slowed down to turn into his own (presumably) subdivision. I had to brake a bit to avoid him, and he quickly looked back at me when he heard the noise. The look on his face was completely priceless. He was a beaten man. But, I am after all a gent-ul-mun, so I refrained from passing him outright. I was out for a leisurely vacation ride, after all.

It was about as much fun as I could have on two wheels -- at least with my pants on. Another GREAT day in the OBX!

Anyway, here’s a Google Earth image of my 44 km ride below for your amusement -- click on the image to download the Google Earth KML file and view it in your own Google Earth browser. (I use a Garmin Edge 205 GPS on my bike to track my rides. Together with a wonderful software package called Ascent, I can quickly export Google Earth XML files to visualize my rides. It’s lots of fun.)

Cheers,

Ken

If you read my writings here from time to time, you've probably heard me talk about my recent experiments with email security, as well as my laments about users who would choose to select the proverbial dancing pigs instead of security.

Well, that was not the case here in Belgium this week at the OWASP regional chapter meeting. As I said here, I've been over here in Leuven, Belgium this week for SecAppDev. Well, at Tuesday's regional OWASP chapter meeting, I volunteered to assure any attendees' CAcert.org or Thawte.com x.509 security certificates, fully expecting a "turn-out" of just one or two folks. Instead, I ended up with a line of people during the session break. I ended up with some 12 identities to verify on the CAcert.org site.

I was utterly amazed and, frankly, encouraged by the experience. Admittedly, these folks were already security-minded technologists, or they wouldn't be attending a meeting of the Open Web Application Security Project, but even still, it's nice to see that there really are people who want to improve the state of email security.

Very nice, thanks guys!

Cheers,

Ken

Laughter really is the best medicine. Throughout my life, I've always done my best to find ways to laugh at things, situations, and life in general, even when others don't. Perhaps it stems from growing up watching Wile E. Coyote, Foghorn Leghorn, and that bunch every Saturday morning, darn near without exception.

Two recent situations really brought this to the forefront for me. I was on a business trip in Boston a few days ago. When I got to the Hertz facility, my car wasn't ready and they couldn't find my reservation. Fortunately, I had a couple cars to choose from, however. The clerk asked me which I'd prefer of [4 or 5 generic cars whose names I don't recall]. I replied, "whichever one has the highest top speed." Turns out that was NOT the answer she was looking for, and she was pretty thoroughly humorless about the situation.

The other situation was actually earlier in the day. I was applying for the TSA's new CLEAR traveler program. I'd already finished the on-line registration, and then I had to appear at one of the registration facilities in person. I did this at my local airport, Reagan National. They scanned my fingerprints, both irises, facial pattern, etc. I came this (see my hand) close to saying something like, "what, no rectal scan?!". Well, perhaps it was a good thing I hesitated...

What does this have to do with...well, anything? Pretty much nothing. It's just an attitude thing. I feel humor is an essential element of life, like air, food, and absinthe. Perhaps that's something we should all try to do a bit more of--the humor, not necessarily the absinthe.

Cheers,

Ken

There's an old saying in the information security community: give the users the choice between security and dancing pigs, and they'll go with dancing pigs every single time. Perhaps it's a bit of an exaggeration, but it does make a good point.

Now, translate that to the "phishing age," and you have some insight into why phishing is so darned effective, at least from the attackers' perspectives. They are raking in the cash, and with little chance of being brought to justice. Great.

Then, a few days ago on a business trip to Prague, a friend of mine showed me the graphic image below that made me laugh hysterically. It really illustrates why phishing is so effective.



How many people do you know who might actually enter the data? What if this info came up in (say) a google search result list? What if it was delivered via email into your inbox, seemingly from your bank? How many people would fall for it? (Note: it's not a real attack. It's just an image to illustrate a point.)

Just goes to show you, old PT Barnum couldn't possibly have imagined how optimistic he was, when you factor in Internet and the unwashed masses. There's way more than just one sucker born every minute!

Cheers,

Ken

Ok, I just know this is going to come up, so I'm going to try to pre-empt it...

Did I match the new site theme to the shirt I'm wearing on my main page? Of course not! I'm an engineer. I'd be more likely to be able to cite the spark plug firing sequence on a V-12 Ferrari than to do something like that. Seriously.

Call it dumb luck. Call it serendipity. But please oh please do not call it coordinated. To do so would be to insult millions of engineers.

Cheers,

Ken