Sunday, November 23, 2008

Digital Asset Scorecards

Last month I reviewed Marty Raffy's great book Applied Security Visualization. Recently I've been considering ways to describe systems in my environment using visual means instead of text. I decided to try sharing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following visualization, which I call a Digital Asset Scorecard. I've created a zipped .ppt explaining this idea, but I'll share it here as well.

The Digital Asset Scorecard for a single system is shown below. As you will see shortly, each cell of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box is color-coded depending on its state. Here I use blue and tan to separate categories of elements.

The blue section began as a 4 x 4 table. I merged certain cells as a way to show that some elements (like Assurance) is more important than ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs (like Base, aka Baselined). These are completely subjective; you could change cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, remove cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, and so on.



On a single slide I can show 16 systems. The choice of a 4 x 4 arrangement is deliberate; it's a /28. This will make sense later.



I've done some sample color-coding to show how this might appear on a security or operational dashboard of some type. This network is mostly green, which we intuitively know is "good."



Here I've introduced some problems, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y can be seen by less green.



This subnet has some severe problems.



If you reduce cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 size by 75% you can now arrange systems on a 16 x 16 basis. Now you're depicting an entire /24.



I conclude with a few ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r ideas.



I'm not sure if I will end up trying to develop a system at work that implements cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se ideas. It might be possible to create a front-end that accepts feeds from a variety of sources in order to populate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 color-coded cells.

Please let me know if I've re-invented someone's wheel or if you have some ideas. I could point to Raffy's sections on Audit Data Visualization or Business Process Monitoring as being similar already.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Reading on Justifying Security Operations

My post Managing Security in Economic Downturns mentioned wrapping everything in metrics to justify your security operation. I decided to peruse cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past proceedings of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Workshop on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Economics of Information Security for ideas.

I was mostly interested in works explaining how to show value derived from security operations. (Remember value is mainly or exclusively cost avoidance.) I am really interested in knowing how much it costs to maintain and defend an information infrastructure vs what it costs to exploit it. I found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following to be previous work in related areas.

You may also remember my review of Managing Cyber-Security Resources: A Cost-Benefit Analysis. It is good background reading.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Friday, November 21, 2008

NASA v China

Yesterday Businessweek posted a fascinating and lengthy report titled Network Security Breaches Plague NASA. This part will sound familiar to many readers.

By early 1999 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 volume of intrusions had grown so worrisome that Thomas J. Talleur, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most senior investigator specializing in cyber-security in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Inspector General's office at NASA, wrote a detailed "network intrusion threat advisory..."

Talleur, now 59, retired in December 1999, frustrated that his warnings weren't taken more seriously. Five months after his advisory was circulated internally, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Government Accountability Office, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigative arm of Congress, released a public report reiterating in general terms Talleur's concerns about NASA security. But little changed, he says in an interview. "There were so many intrusions and hackers taking things we had on servers, I felt like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Dutch boy with his finger in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dike," he explains, sitting on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 porch of his home near Savannah, Ga. On whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r countries are behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 intrusions, he says: "State-sponsored? God, it's been state-sponsored for 15 years!"


The article mentions China and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Russians.

Speaking of China, yesterday's story coincides with a press release on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Annual Report to Congress of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 U.S.-China Economic and Security Review Commission titled U.S. – China commission cites Chinese cyber attacks, authoritarian rule, and trade violations as impediments to U.S. economic and national security interests.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Don't Fight cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Future

Digital security practitioners should fight today's battles while preparing for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future. I don't know what that future looks like, and neicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r does anyone else. However, I'd like to capture a few thoughts here. This is a mix of what I think will happen, plus what I would like to see happen. If I'm lucky (or good) cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future will reflect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se factors, for which I am planning.

A few caveats: I don't have an absolute time factor for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se, and I'm not considering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se my "predictions for 2009." This is not an endorsement of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Jericho Forum. I think it makes sense to plan for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 environment I will describe next because it will be financially attractive, but not necessarily universally security-enhancing (or even smart).

  1. Virtual Private Network (VPN) connections will disappear. For many readers this is nothing groundbreaking, but bring up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 possibility with a networking team and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y stare in bewilderment. Is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re any reason why a remote system needs to have a simulated connection, using all available protocols, to a corporate network? Some of you might limit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 type of connection to certain protocols, but why not just expose those protocols directly to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 outside world and avoid cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VPN altogecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r?

  2. Intranets will disappear. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next step when you architect for situations where VPNs are no longer needed. What's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 purpose of an Intranet if you expose all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 corporate applications to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 outside world? The Intranet essentially becomes a giant local ISP. That seems ripe for outsourcing. How many of you sit in a company office connected to someone else's network, perhaps using 3G, but still check your email or browse cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web? It's happening now.

  3. Every device might be able to talk to every ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r device. This restores cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dream of "end-to-end connectivity" destroyed by NAT, firewalls, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r "middleboxes." IPv6 seems to be making some ground, at least in mindshare in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Western world and definitely on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ground in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Far East. "End-to-end" is a core idea of IPv6, but scares me. Isolation is one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 few defensive measures that works in many intrusion scenarios.

  4. Preferably, only authorized applications will talk to ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r authorized applications. This is one way to deal with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous point. It's more complicated to implement, but will make me sleep better. I would like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ability to configure how my endpoint talks to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world, and how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world talks to it. For me, I would like to completely disable functionality, and abandon any kind of network-based filtering or blocking mechanism. It is a travesty that I have to use some aspects of Microsoft SMB for business functions, but generally allow any SMB traffic if I'm not willing to run a host-based layer 7 firewall (aka "IPS").

  5. Every device must protect itself. This one really pains me, and I think it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 greatest risk. This one is going to happen no matter how much protests security people make. Again, it's already happening. Mobile devices are increasingly exposed to each ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 owners completely at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mercy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 service provider. For me, this is an operational reality for which we must build in visibility and failure planning. We can't just assume everything will be ok, because prevention eventually fails. I'll say more on that later.

  6. Devices will often have to report cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own status, but preferably to a central location. Again, scary. It means that if an endpoint is exploited, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best you're likely to get from it is a last log event gasp as it reports something odd. After that a skilled intruder will make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 endpoint appear as if nothing is wrong. At least if centralized logging is a core component you'll have that log as an indicator. However, past that point cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 endpoint cannot be trusted to report its state. This is happening more and more as mobile devices move from monitored connections (say a company network) to open ones (like wireless providers or personal broadband links).

  7. As fast, high-bandwidth wireless becomes ubiquitous, smart organizations will design platforms to rely on centralized remote storage and protection of critical data. For certain types of data, we have to hope that our varied mobile devices act as little more than terminals to cloud-hosted, well-mannered information stores. The more data we keep centrally, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 less persistent it needs to be on end devices, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365refore cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 less exposed it can be. Central data is easier to deduplicate, back up, archive, classify, inventory, e-discover, retain, destroy, and manage.


I called this post "don't fight cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future" because I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se developments will transpire. The model cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y represent is financially more attractive to people who don't put security first, which is every decision maker I've met. This isn't necessarily a bad thing, but it does mean we security practitioners should be making plans for this new world.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Managing Security in Economic Downturns

You don't need to read this blog for news on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 global economic depression. However, several people have asked me what it means for security teams, especially when Schneier Agrees: Security ROI is "Mostly Bunk". No one can generate cash by running a security team; cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best we can do is save money. If your security team generates cash, you're eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r a MSSP, a collection agency of some sort (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se do exist, believe it or not!), in need of being spun-off, or not accounting for all of your true costs.

Putting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ROI debate aside, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se are tough economic times. Assuming we can all stay employed, we might be able to work cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 situation to our advantage. Nothing motivates management like a financial argument. See if one or more of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following might work to your advantage, because of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 downturn.

  1. Promote centralization and consolidation. The more large organizations I've joined, consulted for, or met, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 more I see that successful ones have centralized, consolidated security teams. There's simply not enough skilled security personnel to protect us, and spreading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talent across large organizations leaves too many gaps. Think of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pockets of talent distributed across your own company, and how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir skills could be applied organization-wide if properly positioned. If head counts are threatened, make a play for creating a single central group that helps cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole company and bring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best talent into that team.

  2. Convert business security leaders into local experts/consultants. If you work within a large company, your individual business leaders may not like seeing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir local staff join a larger company-wide organization. However, those that remain in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business should now be free to focus on what is unique about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir business, instead of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 minutiae of managing anti-virus, firewalls, patches, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r "traditional" security measures that are absolutely vanilla functions which could be outsourced overseas in a heartbeat. What's more valuable, a security leader who can run an AV console, configure a firewall, and apply a patch, or one who can advise cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir business CEO on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 risks, regulations, and realities of operating in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir individual realm? Notice I said leader and not technician. Technicians do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 routine tasks I mentioned and are ripe for outsourcing; don't cling to that role unless you wanted to be replaced by a Perl script.

  3. Advocate standardization where it makes sense. For example, is it really necessary to have more than one "gold image" for your common desktop/laptop user? Why develop your own image when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Federal government is doing all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 work for you with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Federal Desktop Core Configuration? Turn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 team that creates your own image into a much smaller one that tweaks cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FDCC, and redeploy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 personnel where you need cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

  4. Cut through bureaucracy and authority barriers with a financial knife. This one really bugs me. How many incident responders out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re lose time, effectiveness, and data because 1) you don't know who owns a victim computer; 2) finding someone who owns cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 computer takes time; 3) getting permission to do something about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 victim requires more time? You can probably make a case for reduced help desk costs, fewer support personnel, and faster/more accurate/cheaper incident response if you gain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 authority to perform remote live response and/or forensics on any platform required, minus some accepted and reasonable exclusion list. This requires 1) good inventory management; 2) forensic agent pre-deployment or administrator credentials to deploy and agent or scripts as necessary; and 3) mature processes and trained people to execute.

  5. Simplify and build visibility in. An example comes from my post Feds Plan to Reduce, Then Monitor. What's cheaper than 1) identifying all your gateways; 2) devising a plan to reduce that number; and 3) building visibility in? Step 1 takes some effort, step 2 might strain your network architects, and step 3 could require new monitoring platforms. However, when done, you're spending less money on gateways, less time scoping intrusions, and less resources on scrambling during incident response because you know all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ways in and out of your organization -- and you can see what is happening. This is a no-brainer.

  6. Move data, not people. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 principle I mentioned in Green Security. I'm sure your travel budget is being cut. Why fly a security person around cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world when, if you achieve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 goals in step 4, you can move cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data instead? And, if you're building visibility in, you have more data available and don't need to scramble for it.

  7. Wrap everything in metrics. This one is probably cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most painful, but it's definitely necessary. If you can't justify your security spending, you're more likely to be cut in a downturn. This doesn't mean "security ROI." What is does mean is showing why your approach is better than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 alternatives, with "better" usually meaning (but not always) "cheaper." It can be difficult to capture finances in our field, but I have some ideas. One is intrusion debt. If you've recently hired any outside consultants to assist with security work, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir invoices provide a ton of metrics opportunities. (You have a tangible cost that you wish to avoid by taking steps X, Y, and Z in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future.) Metrics can also justify team growth, which is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next step out of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 downturn. Be ready!


If you have any ideas, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here. I think this is an important topic. Thank you.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Tips for PSIRTs

If your company sells software, you probably need to have a Product Security Incident Response Team (PSIRT). The PSIRT should act as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 single point of contact for any user of your product to report and coordinate security problems with your software product.

Examples of PSIRTs include:

I think you can tell how serious a company takes security by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y promote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir PSIRT, obscure its existence, or not even operate one. Try comparing Oracle to Cisco, for example.

If you're looking to start a PSIRT, Chad Dougherty's Recommendations to vendors for communicating product security information post on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CERT blog is a great start.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Snort Report 21 Posted

My 21st Snort Report titled Understanding Snort's Unified2 output has been posted. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:

Welcome to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 21st edition of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Snort Report! In July 2007 I described Snort's Unified output, first released in July 2001 with Snort 1.8.0. Unified output allows Snort to write sets of data to a sensor's hard drive. Writing to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hard drive, instead of performing database inserts, allows Snort to operate faster and minimize packet loss.

Unified2 output first appeared in Snort 2.8.0, released in September 2007.


I came across this comparison of Unified and Unified2 format at SecurixLive.com but didn't get to include it in my article.

If you're worried about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Barnyard2 implementation at SecurixLive having licensing issues, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author is addressing those as we speak; he did not intend to cause any trouble. So, I am looking forward to seeing greater adoption of Unified2 formats once solutions like those in my article are tested.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.