A truly great podcast I just ran across is the 10 "Inconvenient Truths" of Security by Brian Kenyon (of Foundstone fame, now with McAfee). It's just under 18 minutes which makes it perfect for your next TreadClimber routine. But just in case you don't have that kind of time, here's a summary of his top 10 (with index times, if you find one that you really want to hear):

Yesterday morning Absolute Poker, an online poker room, released a statement that a 'trusted consultant' had compromised the system and was unfairly playing poker on the site. Essentially, the 'glitch' allowed this person--who has been linked to others within the Absolute Poker organization (can you say, conspiracy?)--to view the hole cards of other players (this means he was the only one who could see all the cards in the hand). The poker community has been blogging and sharing opinions on this issue for weeks, with plenty of uproar.

The only comment I have to these people is, "DUH"! C'mon, how can you take online gambling seriously? Obviously there has been quite a bit of attention to the fact that it is still illegal in the U.S., so the companies involved aren't the most upstanding and scrupulous. They are constantly dodging criminal prosecution and money laundering charges. So these are the people you think are hosting an honest game?

I am nearly convinced that BrickBreaker on my Blackberry cheats when I get too far in the game, so I think its only natural that humans would try and manipulate the system to make more money (obviously I was correct).

I have plenty of friends that have almost made a living out of playing online; however, when I think of online gambling I am reminded of the scene in Vegas Vacation where Clark Griswold goes to the Native American Casino and plays pick a number with the dealer. In my mind this is almost the same thing. How can one honestly believe that the Blackjack application is completely random? You cannot. At least in a real casino there are safe-guards and visual indications that the house only has a statistical advantage, not a technological one.

My only advice to the online poker players that are up in arms about this incident is to get a new hobby or drive your butt into a legal card room. While technology has made it easier to play cards online, it certainly hasn't made it more ethical.

Just a few weeks ago I posted on this very same blog that I would gladly pay for premium services from my broadband ISP if that meant that there would be no degradation of the basic service level. Now, I don't have false illusions that I am big industry mover and shaker, but really, did Comcast ISP have to go and do the exact opposite? According to an Oct 19th story by the Associated Press, Comcast--the 2nd largest ISP in the nation--is blocking traffic to file-sharing and peer-to-peer networks.

The article claims that 50-90% of Internet traffic is peer-to-peer applications. To me that sounds about 50-90% full of crap. While I do agree that ISPs have the right to shape their traffic, I find it hard to believe that access can be denied. Even worse, Comcast seems to be devious in their methods of blocking access, essentially resetting connections for file uploading. Shady tactics indeed!

Of course I'm sure they claim they are winning one for copyrighted material, however I use BitTorrent to download legal content. No seriously -- I do. In fact, I am downloading a live recording of Dave Matthews on my Time Warner connection right now. While I am probably in the minority of BitTorrent users it still doesn't change the fact that I want my live copies of Dave Matthews, or John Mayer, or OAR (I could go on for ages).

In all reality most Comcast subscribers won't be affected by this new policy, nor will they notice a difference (even with that 50-90% utilization freed up), but it sure would be interesting to see how many jump ship to DSL. It will be even more interesting when Comcast stops blocking everyone's access to the Special Ops Security blog, because the views expressed are not acceptable (even though they are legal and not copyrighted).

From the "who couldn't see this one coming" department...

Ticket demand crashes Rockies' computers

Paciolan--acquired by Ticketmaster this summer and located just minutes from Special Ops Security HQ in Irvine, California--provides venue ticketing services to the Colorado Rockies professional baseball team. A little more than an hour after online ticket sales started this morning, the crushing load of 8.5 million requests crashed the entire North American ticketing system (affecting all of Paciolan's customers). This, just days after they assured uneasy fans that because MLB.com hosts their website, they would be able to handle the demand. What they failed to mention is that MLB.com only hosts the links to evenue.net (Paciolan).

For the first time in the Colorado Rockies baseball team history, they make it to the World Series... and the network engineers didn't believe that there would be overwhelming demand??

Furthermore, the system wasn't properly isolated such that a failure for one customer (the Rockies) would be isolated from other customers. Again we see that you don't always need fancy SQL injection skills to bring a system to its knees... sometimes you just need to open up your web browser (with a few million of your friends).