Monday, March 30, 2009

Scalable Infrastructure vs Large Problems, or OpenDNS vs Conficker

After seeing Dan Kaminsky's talk at Black Hat DC last month, I blogged about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 benefits of DNS' ability to scale to address big problems like asset management records. I've avoid talking about Conficker (except for yesterday) since it's all over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 media.

Why mention DNS and Conficker in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same post? All of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 commotion about Conficker involves one variant's activation of a new domain generation algorithm on 1 April. Until today no one had publicly announced cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reverse engineering of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 algorithm, but right now you can download a list of 50,014 domains that one Conficker variant will select from when trying to phone home starting 1 April. Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 domains appear to be pre-empted:

$ whois aadqnggvc.com.ua
% This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Ukrainian Whois query server #B.
% Rights restricted by copyright.
%

% % .UA whois
% Domain Record:
% =============
domain: aadqnggvc.com.ua
admin-c: CCTLD-UANIC
tech-c: CCTLD-UANIC
status: FROZEN-OK-UNTIL 20090701000000
dom-public: NO
mnt-by: UARR109-UANIC (ua.admin)
remark: blocked according to administrator decision
changed: CCTLD-UANIC 20090320144409
source: UANIC

Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs appear ready for registration:

~$ whois aafkegx.co.uk

No match for "aafkegx.co.uk".

This domain name has not been registered.

WHOIS lookup made at 00:56:31 31-Mar-2009

Keep in mind that anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r 50,000 domains will be generated on 2 April, and so on. With such a big problem, what could we do to contain this malware?

OpenDNS is a possible answer:

OpenDNS has kept our users safe from Conficker for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past several months by blocking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 domains it uses to phone home...

The latest variant of Conficker is now churning through 50,000 domains per day in an attempt to thwart blocking attempts. Consider this: at any given time we have filters that hold well over 1,000,000 domains (when you combine our phishing and domain tagging filters). 50,000 domains a day isn’t going to rock cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 boat.

So here’s our update: OpenDNS will continue to identify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 domains, all 50,000, and block cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m from resolving for all OpenDNS users. This means even if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 virus has penetrated machines on your network, its rendered useless because it cannot connect back to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 botnet.


That's one advantage of outsourcing your Internet DNS to a third party. They have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 resources to integrate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest threat intelligence and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 position to do something to protect users.

This is a great example of scalable infrastructure (DNS) vs large problems (Conficker).

Finally, you've probably heard about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Conficker Know Your Enemy paper and associated upgraded scanning tools, like Nmap 4.85BETA5 and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest Nessus check. I can't wait to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 results of tools like this. It could mark one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first times we could fairly easily generate a statistic for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 percentage of total assets compromised, similar to steps 8 and 9 from my 2007 post Controls Are Not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Solution to Our Problem. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, you can scan for Conficker and determine one score of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 game -- cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 percentage of hosts compromised by one or more Conficker variants. The question is, how long until those controlling Conficker update cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 code to resist cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se remote, unaucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365nticated scans?


Richard Bejtlich is teaching new classes in Europe and Las Vegas in 2009. Online Europe registration ends by 1 Apr, and seats are filling. Early Las Vegas registration ends 1 May.

Sunday, March 29, 2009

NSM vs The Cloud

A blog reader posted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following comment to my post Network Security Monitoring Lives:

How do you use NSM to monitor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 growing population of remote, intermittently connect mobile computing devices? What happens when those same computers access corporate resource hosted by a 3rd party such as corporate SaaS applications or storage in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cloud?

This is a great question. The good news is we are already facing this problem today. The answer to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 question can be found in a few old principles I will describe below.

  • Something is better than nothing. I've written about this elsewhere: computer professionals tend to think in binary terms, i.e., all or nothing. A large number of people I encounter think 'if I can't get it all, I don't want anything." That thinking flies in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 face of reality. There are no absolutes in digital security, or analog security for that matter. I already own multiple assets that do not strictly reside on any single network that I control. In my office I see my laptop and Blackberry as two examples.

    Each could indeed have severe problems that started when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y were connected to some foreign network, like a hotel or elsewhere. However, when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 obtain Internet access in my office, I can watch cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. Sure, a really clever intruder could program his malware to be dormant on my systems when I am connected to "home." How often will that be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case? It depends on my adversary, and his deployment model. (Consider malware that never executes on VMs. Hello, malware-proof hosts that only operate on VMs!)

    The point is that my devices spend enough time on a sufficiently monitored network for me to have some sense that I could observe indicators of problems. Of course I may not know what those indicators could be a priori; cue retrospective security analysis.

  • What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 purpose of monitoring? Don't just monitor for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sake of monitoring. What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 goal? If you are trying to identify suspicious or malicious activity to high priority servers, does it make sense to try to watch clients? Perhaps you would be better off monitoring closer to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 servers? This is where adversary simulation plays a role. Devise scenarios that emulate activity you expect an opponent to perform. Execute cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mission, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n see if you caught cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 red team. If you did not, or if your coverage was less than what you think you need, devise a new resistance and detection strategy.

  • Build visibility in. When you are planning how to use cloud services, build visibility in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 requirements. This will not make you popular with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server and network teams that want to migrate to VMs in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sky or MPLS circuits that evade your NSM platforms. However, if you have an enterprise visibility architect, you can build requirements for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sort of data you need from your third parties and cloud providers. This can be a real differentiator for those vendors. Visibility is really a prerequisite for "security," anyway. If you can't tell what's happening to your data in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cloud via visibility, how are you supposed to validate that it is "secure"?


I will say that I am worried about attack and command and control channels that might reside within encrypted, "expected" mechanisms, like updates from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Blackberry server and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 like. I deal with that issue by not handling cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most sensitive data on my Blackberry. There's nothing novel about that.


Richard Bejtlich is teaching new classes in Europe and Las Vegas in 2009. Online Europe registration ends by 1 Apr, and seats are filling. Early Las Vegas registration ends 1 May.

Response to 60 Minutes Story "The Internet Is Infected"

I just watched cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 60 Minutes story The Internet Is Infected. I have mixed feelings about this story, but I think you can still encourage ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs to watch and/or read it. Overall I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 effect will be positive, because it often takes a story from a major and fairly respected news source to grab cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attention of those who do not operationally defend networks.

I'd like to outline cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 negative and positive aspects of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 story, in my humble point of view.

The negative aspects are as follows:

  1. I detest cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term "infected." Computers in 2009 are not "infected." They are compromised by malware operated by a human with an objective. The malware is a tool; it is not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end goal. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 late 1990s I enjoyed defending networks because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 activity I monitored was caused by a human, live on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet, whose very keystrokes I could watch. At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning of this decade I despaired as human action was drowned in a sea of malware that basically propagated but did little ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise. Since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 middle of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 decade we have had cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 worst of both worlds; when I see malware I know cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a human acting through it for malicious purposes. I detest "infection" because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term implies we can apply some antiseptic to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wound to "clean it." In reality cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 malware's operator will fight back, resist "cleaning," and maintain persistence.

  2. Cue cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "teenage hacker." I thought we were collectively making progress away from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pasty-faced teenager in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 parental basement. It seems cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 popular consciousness has now moved to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pasty-faced teenager in Russia, courtesy of 14-year-old "Tempest" in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 60 Minutes video. Never mind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 organized crime, foreign intelligence, and economic espionage angles. Two ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r groups are definitely going to be upset by this: Chinese hackers and insider threats. Actually, not hearing a word about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latter makes me feel happy inside.

  3. "I thought I had a good enough firewall." GROAN. Hearing people talk about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir firewalls and anti-virus was disheartening. I almost thought Vint Cerf was going to spill cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beans on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 easiest way to avoid Conficker when he said cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

    I’ve been on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Net ever since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Net started, and I haven’t had any of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bad problems that you’ve described," Cerf replied...

    Because I don't use Windows! Say it Vint! Oh well.


The positive aspects are as follows:

  1. Hello security awareness. Stories like this wake people up to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problems we face every day. Sure Conficker is just cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest piece of malware, definitely not "one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most dangerous threats ever," as said on TV. At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 very least this story should enable a conversation between management and security operations.

  2. Client-side exploitation via socially-engineered and social network attacks were demonstrated. Good for Symantec to show that Morley Safer owns Leslie Stahl via Facebook. Better yet, 60 Minutes even used cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term "owned"!

  3. Real consequences were demonstrated. I am very glad that Symantec showed just what an intruder can do to an owned computer. Keystroke logging, screen scraping, sensitive informatiomn retrieval, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 works. They didn't even mention opening and closing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CD tray or activating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Webcam. That would have been cool, though.


Expect a few questions about this tomorrow at work!


Richard Bejtlich is teaching new classes in Europe and Las Vegas in 2009. Online Europe registration ends by 1 Apr, and seats are filling. Early Las Vegas registration ends 1 May.

Saturday, March 28, 2009

Network Security Monitoring Lives

Every once in a while I will post examples of why Network Security Monitoring works in a world where Webbed, Virtual, Fluffy Clouds abound and people who pay attention to network traffic are considered stupid network security geeks.

One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best posts I've seen on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 worm-of-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-week, Conficker, is Risk, Group Think and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Conficker Worm by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Verizon Security Blog. The post says:

With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exception of new customers who have engaged our Incident Response team specifically in response to a Conficker infection, Verizon Business customers have reported only isolated or anecdotal Conficker infections with little or no broad impact on operations. A very large proportion of systems we have studied, which were infected with Conficker in enterprises, were “unknown or unmanaged” devices. Infected systems were not part of those enterprise’s configuration, maintenance, or patch processes.

In one study a large proportion of infected machines were simply discarded because a current user of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 machines did not exist. This corroborates data from our DBIR which showed that a significant majority of large impact data breaches also involved “unknown, unknown” network, systems, or data.


This my friends is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reality for anyone who defends a live network, racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than those who break cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, dream up new applications for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, or simply talks about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. If a "very large proportion of systems" that are compromised are beyond cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reach of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IT team to even know about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, what can be done? The answer is fairly straightforward: watch cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. How can you do that? Use NSM.

Generate and collect alert, statistical, session, and full content data. I've also started using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term transaction data to mean data which is application-specific but captured from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network, like DNS requests and replies, HTTP requests and replies, and so on. These five forms of data can tell you what systems live on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network and what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are doing. It is low-cost compared to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 variety of alternatives (manual, physical asset control; network access control; scanning; etc.). Once a sensor is deployed in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 proper place you can perform self-reliant (i.e., without cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interference of ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r groups) NSM, on a persistent and consistent basis.

Where should you monitor? Watch at your trust boundaries. The best place to start is where you connect to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet. Make sure you can see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 true source IP (e.g., a desktop's real IP address) and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 true destination IP (e.g., a botnet C&C server). If that requires tapping two locations, do it. If you can approximate one or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r location using logs (proxy, NAT, firewall, whatever), consider that, but don't rely only on logs.

NSM lives, and it is working right now.


Richard Bejtlich is teaching new classes in Europe and Las Vegas in 2009. Online Europe registration ends by 1 Apr, and seats are filling. Early Las Vegas registration ends 1 May.

Sunday, March 22, 2009

NSM on Cisco AXP?

Last year I wrote Run Apps on Cisco ISR Routers. That was two weeks after our April Fool's joke that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sguil Project Was Acquired by Cisco.

I am wondering if any TaoSecurity Blog readers are using Cisco AXP in production? Looking at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data sheet for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 modules, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y appear too underpowered for NSM applications, especially at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 price point Cisco is advertising.


Richard Bejtlich is teaching new classes in Europe and Las Vegas in 2009. Online Europe registration ends by 1 Apr, and seats are filling. Early Las Vegas registration ends 1 May.

Saturday, March 14, 2009

Association of Former Information Warriors

In response to my TaoSecurity Blog post titled Buck Surdu and Greg Conti Ask "Is It Time for a Cyberwarfare Branch?", I decided to create cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Association of Former Information Warriors. I set up a LinkedIn Group with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following description:

The Association of Former Information Warriors is a professional networking group for those who once served as military members in information operations (IO) or warfare (IW) units. The mission of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AOFIW is to propose, promote, and debate policies and strategies to preserve, protect, and defend digital national security interests. Candidate members must be referred by current members. Those no longer in military service are candidates for full membership; those currently serving in uniform are candidates for associate membership.

In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, to join AOFIW you need to know an existing member. This weekend I am going to try kickstarting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 membership process by inviting those I personally know and trust to meet cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se criteria. You must be a LinkedIn user to join cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 group, since that is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mechanism we will use to vet and accept members.

I'll be posting about AOFIW at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AOIFW Blog, which will offer thoughts from ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r AOFIW members as we grow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 group.




Richard Bejtlich is teaching new classes in Europe and Las Vegas in 2009. Online Europe registration ends by 1 Apr, and seats are filling. "Super Early" Las Vegas registration ends 15 Mar.

Friday, March 13, 2009

More PowerPoint Woes

Last year I attended The Best Single Day Class Ever, taught by Prof. Tufte. He changed my outlook on PowerPoint for ever. Today in FCW magazine I found a pointer to 8 PowerPoint Train Wrecks, like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 slide Bill Gates is presenting at left. While following some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 linked presentations, I came across this line from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 shmula blog:

While at Amazon, we were all told by Divine Fiat that ALL presentations — regardless of kind, cannot ever be on Powerpoint. Period. Bezos prefers prose and actual thoughts slapped in a report — an actual paper report with paragraphs, charts, sentences, an executive summary, introduction of problem, research approach and findings (body of paper), conclusions and recommendations — not choppy, half-thoughts on a gazillion slides.

Thank goodness. I am not crazy after all.

That same blog post makes ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r good points, and links to an imagined Barack Obama "Yes We Can" PowerPoint deck. Hilarious.


Richard Bejtlich is teaching new classes in Europe and Las Vegas in 2009. Online Europe registration ends by 1 Apr, and seats are filling. "Super Early" Las Vegas registration ends 15 Mar.