Hacking in Canberra
This week I've made my first visit to our nation's capital - Canberra - for a 6-day course in Hacker Techniques, Exploits and Incident Handling.
Canberra is a strange little city. It seems to me to be a cross-between Washington and Milton Keynes, in that it's clearly a Government town; the Federal government being the largest employer in this capital city which has only a population of 300,000. Yet like Milton Keynes, Canberra has an artificial feel to it. You can see the planning and design - it's not a city that has grown organically like most others. It's even got some of the same 60's carbuncles as Milton Keynes!
I've come to Canberra completely ill-prepared for the freezing temperatures. It's about 13 degrees C in the day but it drops down to zero at night. I new what the temperatures would be before I arrived and I thought I'd be ok, after all I am from the UK! However, I didn't realise how much I've acclimatised to the Queensland weather over the past year. 13 degrees C feels to me like -5 did in the UK! All I've brought is a thin jacket and some jeans and t-shirts. I didn't even pack a jumper.
Because it's so cold, tonight has been the first evening that I've dared to venture out. I had a gander around the city centre (which isn't much bigger than Doncaster town centre) and then went to the flicks to watch Hancock. I had planned to see the Indiana Jones film but the timing didn't work out very well, so then it was a toss-up between Hancock and Sex and the City. No contest - I couldn't bear the thought of sitting through 2 hours of self-obsessed women talking about shoes and Prada handbags.
I was pleasantly surprised with Hancock. I thought it was just going to be just another dumb superhero movie but it was actually really good. Of course the action scenes and special effects were good, that's a given, but this added in a really funny script, as well as some character development and a few twists and turns to boot. Definitely one I'd recommend for 90 minutes of pure escapism. I plan on seeing Indian Jones tomorrow night, If I can be brave enough to go out into the cold again. I'm not expecting anything great from Indian Jones and the blah blah whatever-it-is as most of the reviews I've read have been pretty damning. I'll try and keep an open mind.
Being holed up in the National Convention Centre each days means I haven't had chance to take in any of the sights of Canberra. All the things I'd like to see are only open during the day. I'll probably come back here sometime in the future with Rach & Lauren. In particular I'd love to take a tour of Parliament House and the National Museum of Australia.
As for the course, i've really enjoyed it. Over the past few months I've been quite dissolusioned with my career and frankly have been getting bored to death of doing security compliance work. This course has re-awakened the geek inside me and allowed me to get back to my technical roots. Learning the technicalities of how to break into systems is much more fun that just learning how to defend them!
As much as the content of the course has been really good and up-to-date, the best bit about the course so far has been having access to the knowledge and experience of our tutor - Bryce Galbraith. Bryce is very much an expert in this industry and is a contributing author to the bestselling book 'Hacking Exposed: Network Security Secrets & Solutions'. He has worked with a ton of Fortune 500 companies and has also worked on Foundstone's world renowned Attack and Penetration team.
Of course I had a decent knowledge of hacking before I came on this course (you're not much of a security consultant if you don't know how the bad guys exploit the vulnerabilities you're telling companies to fix), but this course has significantly enhanced my knowledge and brought it up to date with the latest exploits and attack vectors. I'm looking forward to Saturday when we get to put all we've learnt into practice with a live 'capture the flag' exercise - where we all compete to hack into a system.
I tell you, there's some scary stuff happening out there and there's a good reason to be paranoid about your computer security. A lot of the myths around security have been dispelled this week. Do you think I can't get around your personal firewall? Think again! Do you think I can't sniff your traffic on a switched network? Think again! You think your wireless network is secure because you've enabled WPA2 instead of WEP? Think again!
It's a shame this damn code of ethics prevents me from using my knowledge for evil. I could be rich in no time!