Monday, December 08, 2008

3rd Issue of BSD Magazine

I recently received a copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 3rd issue of BSD Magazine. This issue turns to NetBSD, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 BSD project with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most stylish BSD Web site I've seen. The next issue will be devoted to PC-BSD, which I have never used (but should probably try).


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Review of Nmap Network Scanning Posted

Earlier this year I posted Review of Nmap Network Scanning. Now Fyodor's book is available through Amazon.com. Therefore, I expanded my earlier story into a five star review:

Earlier this year Fyodor sent me a pre-publication review copy of his new self-published book, Nmap Network Scanning (NNS). I had heard of Fyodor's book when I wrote my 3 star review of Nmap in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Enterprise in June, but I wasn't consciously considering what could be in Fyodor's version compared to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Syngress title. Although cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 copy I read was labelled "Pre-Release Beta Version," I was very impressed by this book. Now that I have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 final copy (available from Amazon) in my hands, I am really pleased with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 product. In short, if you are looking for *cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365* book on Nmap, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 search is over: NNS is a winner.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Review of Googling Security Posted

Amazon.com just posted my five star review of Greg Conti's Googling Security. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

There's no question that Greg Conti writes excellent books. Last year's Security Data Visualization book earned 5 stars, and I put Googling Security in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same league. Conti takes a thorough and methodical look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 privacy consequences of Google's services, incorporating technical realities and thoughtful analysis. My only question is whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r this book will matter to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 intended audience.



Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Sunday, December 07, 2008

Review of Software Security Engineering Posted

Amazon.com just posted my three star review of Software Security Engineering: A Guide for Project Managers. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

The Addison-Wesley Software Security Series is generally a great collection, with titles like Software Security: Building Security In (my rating: 5 stars), Rootkits: Subverting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Windows Kernel (my rating: 4 stars), and Exploiting Software: How to Break Code (my rating: 4 stars). I particularly liked cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first of those three (SS:BSI), which I reviewed last year. I felt Gary McGraw wrote "a powerful book with deep truths for secure development." Software Security Engineering (SSE), by a collection of authors, pales in comparison to SS:BSI. You can skip SSE and stick with SS:BSI.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Thursday, December 04, 2008

Bejtlich Cited in Economist

I've been a subscriber of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Economist magazine since 1997. Although I have not been working to achieve this goal, I am happy to report that a personal ambition of mine has been reached today: I was cited in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 6 Dec 08 edition, in an article titled Cyberwarfare: Marching off to cyberwar.

One way for governments to do this [to become resilient to cyber attack], says Richard Bejtlich, a former digital-security officer with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 United States Air Force who now works at GE, an American conglomerate, might be to make greater use of open-source software, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 underlying source code of which is available to anyone to inspect and improve. To those outside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 field of computer security, and particularly to government types, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idea that such software can be more secure than code that is kept under lock and key can be difficult to accept. But from web-browsers to operating systems to encryption algorithms, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 more people can scrutinise a piece of code, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 more likely it is that its weak spots will be found and fixed. It may be that open-source defence is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best preparation for open-source attack.

Thank you to Evgeny Morozov for including my comment and to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Economist editors for not cutting it.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

BPF for IP or VLAN Traffic

Four years ago I did a second post on Understanding Tcpdump's -d Option, showing how you can using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 -d option to understand how Berkeley Packet Filter syntax works.

Recently my colleagues and I encountered a problem where we were monitoring traffic on a tap, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic contained traffic with and without 802.1q VLAN tags. We wanted to create a BPF that would catch traffic whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r or not it had VLAN tags. It turns out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a difference between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se two BPFs:

ip or vlan

is not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same as

vlan or ip

The first accomplishes our goal, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second does not.

To understand why, I used Tcpdump's -d option.

$ tcpdump -d -n -r sample.pcap ip or vlan
reading from file sample.pcap, link-type EN10MB (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet)
(000) ldh [12]
(001) jeq #0x800 jt 3 jf 2
(002) jeq #0x8100 jt 3 jf 4
(003) ret #65535
(004) ret #0

That looks right. Load cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 half word at offset 12. If it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IP Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype, you get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole packet. If it's not IP, go to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next instruction. If it's a 802.1Q VLAN tag, again you get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole packet. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise, return nothing.

This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r option.

$ tcpdump -d -n -r sample.pcap vlan or ip
reading from file sample.pcap, link-type EN10MB (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet)
(000) ldh [12]
(001) jeq #0x8100 jt 4 jf 2
(002) ldh [16]
(003) jeq #0x800 jt 4 jf 5
(004) ret #65535
(005) ret #0

That doesn't work. Load cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 half word at offset 12. If it's a 802.1Q VLAN tag, you get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole packet. If it's not a 802.1Q VLAN tag, load cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 half word at offset 16. If that half word is an IP Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype (which it won't be), you get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole packet. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise, return nothing.

For an example of how you would combine a host and port filter with this syntax, see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

tcpdump -n -r ip.pcap \(ip and host 1.2.3.4 and port 80\) or \(vlan and host 1.2.3.4 and port 80\)

You might see this new option appear in Sguil CVS soon.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Wednesday, December 03, 2008

Letters You Will Need to Know: 201 CMR 17.00

Props to Ed at SecurityCurve for informing me of 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Commonwealth, a new Massachusetts law. Section 17.03 sets cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 basic tone;

Every person that owns, licenses, stores or maintains personal information about a resident of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information.

Unless you're prepared to figure out how to separate PII on Massachusetts residents from non-MA residents, this law now applies to all PII in your organization.

Jack Daniel has written several great posts on what this new law means. References for Mass 201 CMR 17.00 is really helpful. You can also access a video of a presentation he just made to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Boston chapter of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 National Information Security Group. The slides don't render in Firefox but I was able to download cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 .wmv video and I'm viewing it now.

If you don't want to download cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 video (large) you can access an audio recording.

Bill Brenner wrote a good article titled Why Mass. 201 CMR 17 Deadline Was Extended, explaining why cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compliance deadline moved from 1 Jan 09 to 1 May 09.

Cynthia Larose and Elissa Flynn-Poppey wrote Privacy Compliance 101: Why Massachusetts Data Security Standards DO Affect You for CIO magazine. They mention potential financial penalties:

What Happens If You DON'T Comply: Penalties

It is crucial for businesses to understand and comply with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newly enacted data breach legislation to avoid potentially severe monetary penalties. Massachusetts, unlike cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of states, provides for civil penalties in cases of non-compliance with its data breach notification statute, Massachusetts General Law 93H [cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 law which created cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 guidelines of 201 CMR 17.00]. In particular, a civil penalty of $5,000 may be awarded for each violation of 93H. In addition, under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 portion of 93H concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal.
(emphasis added)

I decided to see how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 law might affect detection and response. Looking for references to monitoring or response in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 law found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

[E]very comprehensive information security program shall include, but shall not be limited to...

(iii) means for detecting and preventing security system failures...

(j) Regular monitoring to ensure that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 comprehensive information security program is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of personal information; and upgrading information safeguards as necessary to limit risks...

(l) Documenting responsive actions taken in connection with any incident involving a breach of security, and mandatory post-incident review of events and actions taken, if any, to make changes in business practices relating to protection of personal information...

Every person that owns, licenses, stores or maintains personal information about a resident of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Commonwealth and electronically stores or transmits such information shall include in its written, comprehensive information security program cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 establishment and maintenance of a security system covering its computers, including any wireless system, that, at a minimum, shall have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following elements...

(4) Reasonable monitoring of systems, for unauthorized use of or access to personal information
(emphasis added)

I think this law is going to have a real impact. I'm not sure when; companies aren't going to be ready by 1 May 09.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.