Sunday, October 7, 2007

Las Vegas Activities

I know there are some folks from my company planning to attend a conference in Vegas in the near future. For them, and for any other interested parties, here's my list of tips.
  • Allow for an extra 10 minutes to find your way out of your hotel on the first morning. Since you have to pass through the casino, they don't really make the path to the front doors very obvious.
  • Bring some business casual clothes. I wore shorts and t-shirts most of the time, but you feel oddly under-dressed in that attire.
  • Get up early and walk or jog around the town. It's nice to be able to see many of the sites with very few folks around. Note that most things, i.e., fountains and free shows aren't running in the morning, though,
  • For Food Network fans, several of the TV chefs have excellent restaurants there:
    • Mesa Grill in Caesars Palace - Bobby Flay (excellent food, had lunch there twice)
    • Delmonico in The Venetian - Emeril Lagasse
    • B & B Ristorante in The Venetian - Mario Batali
  • The gelato at The Bellagio is excellent even if it does cost $6.50 per cone.
  • You can buy discount, same day tickets to many of the shows and attractions from a few different places. They open around 11:00 AM and close by 9:00 PM. Your best bet is to run out to one at lunch.
    • Tickets2Nite - Showcase mall near MGM Grand
    • Tix4Tonight - Fashion Show Mall
  • Shark Reef at Mandalay Bay (10:00 AM - 11:00 PM)
  • White Tigers, Dolphins, etc. at The Mirage (11:00 AM - 5:30 PM Monday - Friday and 10:00 AM - 5:30 PM Saturday and Sunday)
  • Lions at MGM Grand (11:00 AM - 10:00 PM) FREE as close as would ever want to get to a lion
  • Fountains at The Bellagio (every 15 Minutes starting in the afternoon and going until late evening) FREE and very cool
  • Amusement park rides at New York New York (10:00 AM - 11:00 PM)
  • Crazy rides on top of the Stratosphere Tower over 900 feet in the air
  • Carnival Midway and brief trapeze act at Circus Circus FREE
  • Dragon battle and Motion Simulators at The Excalibur
  • Las Vegas Mini Grand Prix Go Karts (10:00 AM - 11:00 PM)
  • Imperial Palace Auto Collection (9:30 AM - 11:30 PM)
  • Desert Passage Thunderstorm at Miracle Mile Shops attached to Planet Hollywood Hotel FREE but kind of lame
  • SPEED rollercoaster and Nascar Simulators at The Sahara (10:00 AM - 11:00 PM)
  • Sirens of TI show at Treasure Island FREE and mildly entertaining
  • Erupting volcano at The Mirage (every 15 minutes starting in the afternoon) FREE
  • King Tut's Tomb, IMAX, motion simulators, worlds brightest light beam, etc. at The Luxor
  • Star Trek Experience at The Hilton expensive at $50 or so, but discount tickets are available from the previously noted ticket places (11:00 AM - 8:30 PM)
  • You have to be sure to go inside all the various casinos. In particular, The Bellagio, Luxor, New York New York, Paris, and Venetian are pretty cool to see.
  • You can print off a very good map of The Strip from here.
  • You can still get free drinks even if you're only playing the penny slots. You just need to find a spot that's visible to the waitresses serving the higher rollers.
Here are a few pictures.

The erupting volcano in front of The Mirage Hotel and Casino

Inside part of the Miracle Mile shops attached to The Planet Hollywood Hotel

The free Pirates of TI show in front of The Treasure Island Hotel and Casino

The Paris Hotel and Casino

Planet Hollywood Hotel and Casino

The fountains at The Bellagio - probably the coolest free attraction in Vegas

A sleeping lion at The MGM Grand - I was standing in a glass walkway upon which a pair of very large males were sleeping.

New York New York Hotel and Casino - I've heard that the roller coaster is hard on your neck

The Excalibur Hotel and Casino - Attached to The Luxor, the two seem to offer the most family entertainment if that's what you're looking for. Keep in mind, though, it's definitely not Disney... :)

I apologize if any of this information is inaccurate. I've tried to ensure that the hours and locations are accurate but things may change.

Wednesday, October 3, 2007

SANS Network Security 2007 (Post Conference)

Well, I'm back from Vegas, and I've finally found a few minutes to post. The Securing Critical Web Applications and Web Services class was quite good. Interestingly enough, it wasn't actually a SANS class. Instead, it was taught by Jeff Williams, the founder and CEO of Aspect Security and the current chair of the Open Web Application Security Project (OWASP). Basically, we covered the security vulnerabilities in the OWASP Top Ten list plus some discussion specifically about AJAX and web services. We also used an intentionally very poorly written web application called Web Goat and a proxy tool called Web Scarab for some hands-on experience. Both are available for free on the OWASP site. At the very least, I highly recommend that anybody doing web development should thoroughly read and understand the vulnerabilities noted on the top ten list. It's a little frightening to see what a decent hacker can do and the complexity of the tools readily available to them. For anybody that uses the internet, here's my tip of the year:

Never use tabbed browsing to open any other website at the same time as one that contains any secure information or has the ability to perform transactions that involve anything important like money or your identity. Keep in mind that once you log in to the secure site, the sites in other tabs can access the secure site because they are open in the same browser. For more information on how this is done, check out the OWASP page on cross-site request forgery. To be even safer, use the profiles feature of Firefox to run under a limited profile with scripts disabled when accessing a highly secure site.

Since we often reference OWASP where I work, it was very interesting to meet and converse with the chair of the project. He was excited to hear about somebody actually making use of their work. As he noted, there must be many people doing the same because the traffic on their site is high. However, he seldom gets the opportunity to meet most users. If anybody is interested in the field, he did mention that Aspect Security is hiring, and it seemed like it would be a good company to work for. Certainly, Jeff knows his stuff and would be a good person in the industry with whom to connect.

That's it for tonight. I'll post again soon and share some tips on things to do in Vegas if you're there for a couple days at a conference.