My appearance on OWASP Podcast 61 is available. The .mp3 is 36 MB. Thanks to Jim Manico for inviting me to participate. We recorded the podcast in late January. Jim asked me the following questions: Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days? What’s the difference between focusing on threats vs focusing on vulnerabilities? What is your problem... 

I just noticed that my tenth edition of Traffic Talk , titled Pcapr.net — where Web 2.0 meets network packet analysis , has been posted. From the article: Solution provider takeaway: Pcapr.net is a free packet collaboration site hosted by Mu Dynamics. Solution providers can participate in the community to exchange, analyze and gather traces for testing products or processes for their customers, including network packet analysis. Not many... 

In my Predictions for 2008 I wrote: Expect greater military involvement in defending private sector networks… The plan calls for the NSA to work with the Department of Homeland Security (DHS) and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the “Cyber Initiative.” Now in Feds weigh expansion of Internet monitoring we read:... 

Imagine you’re a martial arts student. One day you have a guest instructor, accompanied by some of his black belts. They’re experts in so-called “pressure point fighting.” You’ve heard a little of this system, whereby practitioners can knock out adversaries with a series of precise strikes that lack the power of a brute-force approach. Until today you’ve had no direct experience. You may be skeptical, or maybe... 

The March 2010 BSD Magazine includes an article I wrote titled Keeping FreeBSD Applications Up-to-Date . It’s a sequel to my article in the January 2010 BSD Magazine titled Keeping FreeBSD Up-to-Date: OS Essentials . With these two articles published, they replace the versions I wrote in 2005. I wrote these articles to demonstrate the variety of ways a system administrator can keep the FreeBSD operating system and applications up-to-date,... 

Black Hat was kind enough to invite me back to teach multiple sessions of my 2-day course this year. Next is Black Hat EU 2010 Training on 12-13 April 2010 at Hotel Rey Juan Carlos I in Barcelona, Spain. I will be teaching TCP/IP Weapons School 2.0 . Registration is now open. Black Hat has three price points and deadlines for registration remaining. Regular ends 1 Apr Late ends 11 Apr Onsite starts at the conference Finally we have Black Hat... 

I’m happy to report that I will present Building a Fortune 5 CIRT Under Fire at FIRST 2010 on 16 Jun 10 in Miami, FL. I plan to attend the majority of the conference, since it is one of the few focused on incident detection and response. I hope to see you there! Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)  Read More →

I’m hiring for my team (GE-CIRT) again. The following summarizes open positions: Information Security Incident Handler (1145304); serious skills required Information Security Incident Analyst (1147842); intermediate skills required Information Security Event Analyst (1147849); extreme willingness to learn required Security Assurance Team Senior Analyst (1147811); intermediate skills required Security Assurance Team Analyst (1147853); extreme... 

I just finished watching Cyber Shockwave, in the form of a two hour CNN rendition of the 16 February 2010 simulation organized by the Bipartisan Policy Center (BPC). The event simulated, in real time, a meeting of the US National Security Council, with former government, military, and security officials role-playing various NSC participants. The simulation was created by former CIA Director General Michael …  Read More →

Amazon.com just posted my five star review of Intelligence: From Secrets to Policy, 4th Ed by Mark Lowenthall . From the review : I was an Air Force military intelligence officer in the late 1990s. I’ve been working in computer security since then. I read Intelligence, 4th Ed (I4E) to determine if I could recommend this book to those who doubt or don’t understand the US intelligence community (IC). I am very pleased to say that I…  Read More →

A blog reader emailed the following question. We recently had a CISO change, and in the process of doing an initial ops review and looking at organizational structure, one of the questions the new CISO has is about the viability of offshoring incident response… I would be very interested in your views on this matter, and would appreciate any feedback you can offer. As background, I’ve been involved in incident response in many different... 

A blog and book reader emailed the following question: I am an info sec undergrad and have been granted a scholarship to continue my studies towards a phd with the promise of DoD service at the other end. It is critical for me to research and select the most important area of security from the Defense Department’s perspective. My question to you is this: Drawing upon your knowledge, what specific area(s) of information security do you... 

Once in a while I’m asking my Thoughts on Military Service . An anonynous blog reader sent the following questions. It’s been a while since I wore the uniform, but at least some of you readers might care to offer your own thoughts? I’ll try to answer what I can. I got into IT after graduating from college with non-technical majors and decided that I was actually interested in areas of practical science, such as: physical computing,... 

In late 2007 I blogged Max Ray Butler in Trouble Again . Please see that post and Kevin Poulsen’s June 2009 story for details. According to ComputerWorld , you don’t want to be Max Ray Butler: A former security researcher turned criminal hacker has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers. Max Ray Butler, who used the hacker pseudonym Iceman, was... 

I read Hacker ‘Mudge’ gets DARPA job by Elinor Mills: Peiter Zatko–a respected hacker known as “Mudge”–has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks, CNET has learned. Zatko will become a program manager in mid-March within the Strategic Technologies Office at DARPA (Defense...