RFC: Sans Alternatives

Just emerging from the disorientation and exhilaration of SANSFire 2011, a huge computer security training event with weekend and weeklong courses, vender demos, and some really cool one-off presentations. (My highlight – a unified “lessons learned” assessment of the Tōhoku earthquake/tsunami, the Fukushima meltdown and the Sony Hack by Japanese security analyst Tomohisa Ishikawa.)

One of the traditional special events is the annual State of the Internet roundtable, where the Internet Storm Center handlers take questions on the year’s internet security events. Topics include big attack vectors and stories, the tech media, and – this being D.C. – politics and the military. I asked a pretty spontaneous question, inspired by a previous one about getting involved in computer security that hadn’t really been answered terribly broadly (“become a consultant”).

This isn't really my millieu. At the time, I didn’t really have any answers in mind to my question (I have some ideas now), and it seemed to catch the panel off guard as well, with most of their answers overlooking the activism aspect. (To be fair, their focus is tech analysis, not activism, and my question was a bit off topic.) So, I turn to you, my scattering of dedicated readers, for your thoughts:

Anonymous and Lulzsec and other popular “hacking” groups in the media right now seem to exist in a miasma of criminality and pranksterism, but also genuine activism. Who do you see out there right now providing a positive outlet for legitimate technical activism?

I’ll follow up with my own ideas later, but I want to hear from you, first.

Safe as houses...

Another brief update... too late tonight to get into anything detailed, but I've had this kicking around for quite a while and just remembered it.

During orientation in Chicago I noticed that most of our group were well-advanced of the “all-caps email” level of technological savvy.  I'd noticed this at the Archdiocese, too.  There are plenty of folks now who do  know what they are doing, but there aren't many non-technical resources aimed at them.  

So, I decided to start with the folks most in need, those in “smart enough to get themselves in trouble” territory.  (I'll be submitting an RFC on this classification system at some point in the future.)  It seems like computer security is the second big learning curve for casual tech users; it requires a very different mindset than the “nothing to fear” tack we usually take when educating new computer users.  The idea here was to keep to one page, clear and jargon-free, with practical advice.

So, if you have a moment, take a look at Computer Security Basics (PDF) and let me know what you think below.  I'm open to any improvements you can suggest.  It's share-alike, so once I've incorporated corrections and clarifications, etc., I'll put up a couple editable formats.