Wednesday, March 10, 2010

Bejtlich OWASP Podcast Posted

My appearance on OWASP Podcast 61 is available.

The .mp3 is 36 MB. Thanks to Jim Manico for inviting me to participate.

We recorded cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 podcast in late January. Jim asked me cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following questions:
  1. Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se days?
  2. What's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 difference between focusing on threats vs focusing on vulnerabilities?
  3. What is your problem with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "protect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data" mindset?
  4. What do you mean by "building visibility in"?
  5. What is your take on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Aurora/Google hack?
  6. You just tweeted that "Network Security Monitoring ideology is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 proper mechanism to combat APT/APA". Do you think network IPS/IDS/WAF can help defend insecure web applications? What are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 limits of Network Security Monitoring?
  7. How important a role do you think secure coding and secure software development life-cycle play in defending cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enterprise?
  8. Have HIPAA, PCI, SOX and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r regulations helped reduce risk in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 average enterprise?
  9. Is seems pretty clear that attackers have a clear advantage. Why is that? How can we turn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tide?
  10. Any thoughts on OWASP? Are we helping cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cause?
  11. Where are we going to be as an industry in 10 years?
  12. You blogged that "The trustworthiness of a digital asset is limited by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 owner's capability to detect incidents compromising cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 integrity of that asset." Given that we don't have any high integrity database, identities or application servers - how do you detect a breach of integrity when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no verifiable integrity in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first place?

Monday, March 08, 2010

Traffic Talk 10 Posted

I just noticed that my tenth edition of Traffic Talk, titled Pcapr.net -- where Web 2.0 meets network packet analysis, has been posted. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:

Solution provider takeaway: Pcapr.net is a free packet collaboration site hosted by Mu Dynamics. Solution providers can participate in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 community to exchange, analyze and gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r traces for testing products or processes for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir customers, including network packet analysis.

Not many networking solution providers are happy with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 apparently limited number of network traces available for testing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir products or processes. Hardly a day goes by on a network-focused mailing list without a participant asking, "Where can I download network traffic to test X?" Fortunately for anyone who wants to take network traffic exchange to a new level, Mu Dynamics has answered cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 call. Its Pcapr.net site is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 self-proclaimed "Web 2.0 for packets." In this edition of Traffic Talk, we'll take a tour of Pcapr.net to see what features it offers networking solution providers, including network packet analysis.

Saturday, March 06, 2010

Einstein 3 Coming to a Private Network Near You?

In my Predictions for 2008 I wrote:

Expect greater military involvement in defending private sector networks... The plan calls for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSA to work with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Department of Homeland Security (DHS) and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "Cyber Initiative."

Now in Feds weigh expansion of Internet monitoring we read:

Homeland Security and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 National Security Agency may be taking a closer look at Internet communications in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future.

The Department of Homeland Security's top cybersecurity official told CNET on Wednesday that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 department may eventually extend its Einstein technology, which is designed to detect and prevent electronic attacks, to networks operated by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 private sector. The technology was created for federal networks.

Greg Schaffer, assistant secretary for cybersecurity and communications, said in an interview that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 department is evaluating whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Einstein "makes sense for expansion to critical infrastructure spaces" over time.

Not much is known about how Einstein works, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 House Intelligence Committee once charged that descriptions were overly "vague" because of "excessive classification." The White House did confirm this week that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest version, called Einstein 3, involves attempting to thwart in-progress cyberattacks by sharing information with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 National Security Agency.


The first step towards creating Cyber NORAD is instrumentation. Stay tuned.

Making a Point with Pressure Points

Imagine you're a martial arts student. One day you have a guest instructor, accompanied by some of his black belts. They're experts in so-called "pressure point fighting." You've heard a little of this system, whereby practitioners can knock out adversaries with a series of precise strikes that lack cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 power of a brute-force approach. Until today you've had no direct experience. You may be skeptical, or maybe you believe such techniques are possible.

The seminar starts. You watch cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 guest instructor explain his techniques. He starts knocking out his black belts. Maybe you believe what you see, or maybe you don't. Then cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instructor asks for volunteers, and several of your fellow students agree. The instructor knocks cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m all out, including a student you really trust to not "take a fall" to make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 guest "look good." You ask cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 student "what happened?" and he replies "that dude knocked me out!"

Next cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 black belts fan out through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class to help teach pressure point techniques. They ask you if you want to get knocked out with a three-strike technique, or if you just want to feel disoriented with a two-strike technique. You decide you're a believer at this point, but you want to see what it feels like to receive a two-strike technique. Sure enough, two rapid strikes later, you're wondering what happened but are still conscious. That's all you need to believe; you're glad you're not lying on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 floor, out cold!

The class ends. Several bystanders were watching through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 studio's windows. Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m are laughing. They think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole class was fake, a joke, or stupid. Some witnesses are curious. They believe what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y saw and want to know more. A few ask questions. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs mumble to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves incoherently, probably intoxicated or mentally ill.

One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 students decides to talk to a famous yet local news reporter about his experience. This widely-read newspaper reports cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 story cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next day, attracting a lot of attention.

With a wider audience, an extended discussion takes place about this pressure-point fighting activity.

One company conducts a Webcast and a spokesperson says "my mom used to knock me out with a frying pan when I was a kid!" He also says cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's no difference between pressure-point fighting and getting punched in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 face.

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r company decides to register a domain name called "pressurepointfighting.biz" and starts talking about how it works, applying what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y know from Western boxing. This misses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mark but uninformed observers can't really tell cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 difference.

A third company jumps on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pressure point fighting bandwagon, issuing supposedly original research, inventing its own analysis, and integrating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 technique into its marketing material. It turns out someone at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company had a confidential agreement with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original pressure point fighting instructor, but unilaterally decided to take a few pages out of his notebook and run to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 market to make a fast buck.

A fourth company knows a lot about pressure point fighting. It writes original reporting based on its experience. Critics claim this company is just offering marketing based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new craze.

Reaction to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 news among those without direct experience is mixed, as might be expected.

Some readers are martial artists cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves. They fear being irrelevant. They are afraid cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir skills are not sufficient. They decide to ridicule anyone who participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 seminar, or who has knowledge.

Some readers distrust authority. They think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se techniques are just a government conspiracy to justify additional police powers. The only reason anyone is talking about such affairs is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir need to get greater budgets for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir oppressive police powers, man!

Some readers think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole affair is "fear, uncertainty, and doubt" (FUD). Who could knock out a person by hitting a few pressure points? It's all a lie, or just cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest craze. It must be fake.

Some readers have been learning and practicing pressure point fighting for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last several years. They know it isn't a joke, and it is real. Also, some readers without experience realize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y should learn more about pressure point fighting. That knowledge could save cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir lives, or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lives of those close to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. These like-minded people communicate privately, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 public arenas are now clogged with too many false discussions.

Aside from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact that advanced persistent threat is an adversary, and not a fighting technique, this story explains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last 6 weeks of APT activity in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security industry. Not all factors are included, but enough to make my point.

Incidentally, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pressure point class is true, at least as far as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class content is described.

Keeping FreeBSD Applications Up-to-Date in BSD Magazine

The March 2010 BSD Magazine includes an article I wrote titled Keeping FreeBSD Applications Up-to-Date.

It's a sequel to my article in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 January 2010 BSD Magazine titled Keeping FreeBSD Up-to-Date: OS Essentials.

With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se two articles published, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y replace cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 versions I wrote in 2005.

I wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se articles to demonstrate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 variety of ways a system administrator can keep cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD operating system and applications up-to-date, with examples showing commands and effects.

Thursday, March 04, 2010

Bejtlich Teaching at Black Hat EU and USA 2010

Black Hat was kind enough to invite me back to teach multiple sessions of my 2-day course this year.

Next is Black Hat EU 2010 Training on 12-13 April 2010 at Hotel Rey Juan Carlos I in Barcelona, Spain. I will be teaching TCP/IP Weapons School 2.0.

Registration is now open. Black Hat has three price points and deadlines for registration remaining.

  • Regular ends 1 Apr

  • Late ends 11 Apr

  • Onsite starts at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference


Finally we have Black Hat USA 2010 Training 0n 25-28 July 2010 at Caesars Palace in Las Vegas, NV. I will be teaching two sessions of TCP/IP Weapons School 2.0, one on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 weekend and one during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 week.

Registration is now open. Black Hat has set five price points and deadlines for registration.

  • Super Early ends 15 Mar

  • Early ends 1 May

  • Regular ends 1 Jul

  • Late ends 22 Jul

  • Onsite starts at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference


Seats are filling -- it pays to register early!

If you review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sample Lab I posted earlier this year, this class is all about developing an investigative mindset by hands-on analysis, using tools you can take back to your work. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, you can take cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class materials back to work -- an 84 page investigation guide, a 25 page student workbook, and a 120 page teacher's guide, plus cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DVD. I have been speaking with ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r trainers who are adopting this format after deciding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are also tired of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PowerPoint slide parade.

Feedback from my 2009 sessions was great. Two examples:

"Truly awesome -- Richard's class was packed full of content and presented in an understandable manner." (Comment from student, 28 Jul 09)

"In six years of attending Black Hat (seven courses taken) Richard was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best instructor." (Comment from student, 28 Jul 09)

If you've attended a TCP/IP Weapons School class before 2009, you are most welcome in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new one. Unless you attended my Black Hat training in 2009, you will not see any repeat material whatsoever in TWS2. Older TWS classes covered network traffic and attacks at various levels of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OSI model. TWS2 is more like a forensics class, with network, log, and related evidence.

I plan to retire TWS2 after Vegas this year and teach TWS3 in 2011, if Black Hat invites me back.

I recently described differences between my class and SANS if that is a concern.

I look forward to seeing you. Thank you.

Bejtlich to Speak at FIRST 2010

I'm happy to report that I will present Building a Fortune 5 CIRT Under Fire at FIRST 2010 on 16 Jun 10 in Miami, FL. I plan to attend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference, since it is one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 few focused on incident detection and response. I hope to see you cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re!