Most everyone in the U.S. is aware that it's not uncommon for the Mississippi River to flood in the spring. Even though the river has a series of locks and dams, they are intended for navigation, not flood control. In fact back it the days of Mark Twain there were spot in the Mississippi River that had Class 5 rapids (something I learn on a tour of the river). One of the worst flood seasons was back in 1993. In 1996 in my career as a ‘Migrant Brain Worker’ (IT Consultant), I was on assignment in the town of Muscatine, IA right on the west bank of the Mississippi River. The preceding winter was hard with a large accumulation of snow and when spring came causing a rapid thaw, another big flood was anticipated and it came.
The town closed its flood gates, but that was not enough to hold back the river and the town faced another potential record flood. I had become good friends with the retired president of the company I was working for and he had sponsored me to become a member of the local Rotary Club. Trying to think of some way I could help back in a time before Twitter, Facebook, and other social media. I did some research and found that the Army Corps of Engineers had an FTP site that allowed anonymous access where they posted regular updates on the fiver flood levels. The data was in a nice format for parsing and so I went to my friend and my manager and proposed that if the company would allow me to use their assets, I could put a notification system in place that could provide early warning information to community leaders with the most up-to-date flood level status. Without any hesitation they agreed and encouraged me to proceed.
Taking advantage of the company’s internet access and their surplus of old-school pagers, I wrote a simple program that polled the FTP site and anytime the river level changed the program would automatically send out the new flood level and the amount it went up or down since the last change. Because of the structure of their internet connection there was a little slight of hand involved, but the script flawlessly collected the data, parsed and processed the data then sent it out to a subscriber list of pagers. The whole system was up, running and function in a little more than a day and the pagers were distributed. At the time, this seemed an amazing accomplishment and everyone was very appreciative. When the flood threat was over, the pagers were returned, the system retired and I was barraged with the question ‘how did you do that?”. At the time it was simple to me and compared to what’s possible today it does seem trivial, however It’s something that I look back with a bit of pride. I couldn’t stop the flood, but I could ease the panic and of course the kind words of appreciation were awesome.
So what does this have to do with security? Not much I suppose, but I could probably come up with some kind of clever analogy. Like many of you, we see something with a perspective and knowledge of what can be done and we do it. Creative thinking and problem solving are prerequisites for what we do. Using existing and exploiting information in new ways has created many new industries and entrepreneurs. As one of my mentor’s told me “Be inspired. Learn to think in multiple and different ways. If you can see many paths, you can learn to see down them and never pass up an opportunity to try something, anything; just don’t stand still. Imagine, what is possible if you can make a difference?”
Thom Dosedel is a Senior Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at skazal@secureideas.com or visit the Secure Ideas – Professionally Evil site for services provided.