In my Predictions for 2008 I wrote: Expect greater military involvement in defending private sector networks… The plan calls for the NSA to work with the Department of Homeland Security (DHS) and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the “Cyber Initiative.” Now in Feds weigh expansion of Internet monitoring we read:... 

Imagine you’re a martial arts student. One day you have a guest instructor, accompanied by some of his black belts. They’re experts in so-called “pressure point fighting.” You’ve heard a little of this system, whereby practitioners can knock out adversaries with a series of precise strikes that lack the power of a brute-force approach. Until today you’ve had no direct experience. You may be skeptical, or maybe... 

While I’m sure Mikko Hypponen, Chief Research Officer at F-Secure , is getting as tired as hearing the term APT* as the rest of us are, he had some insight into what’s really happening with this threat and the fact that it’s not something new, it’s just the acknowledgment that it’s happening that’s new.  Read More →

Note:  Read More →

The March 2010 BSD Magazine includes an article I wrote titled Keeping FreeBSD Applications Up-to-Date . It’s a sequel to my article in the January 2010 BSD Magazine titled Keeping FreeBSD Up-to-Date: OS Essentials . With these two articles published, they replace the versions I wrote in 2005. I wrote these articles to demonstrate the variety of ways a system administrator can keep the FreeBSD operating system and applications up-to-date,... 

I caught up with Pedro Bustamante, Senior Research Analyst from Panda Security , for a brief interview about what his company is doing in 2010.  Read More →

Squid teapot. Could be squiddier….  Read More →

Transportation officials announced Friday 11 more United States airports are to begin receiving full-body imaging machines “By accelerating the deployment of this technology , we are enhancing our capability to detect and disrupt threats of terrorism across the nation,” Homeland Security Secretary Janet Napolitano said in a statement. Despite concerns of privacy and their effectiveness, the 11 airports are to get the 150 machines... 

I gave this one two days ago, at the RSA Conference….  Read More →

The Spanish police arrested three people in connection with the 13-million-computer Mariposa botnet….  Read More →

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing. “There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco. “I think that is a terrible metaphor and I think that is a terrible concept,…  Read More →

The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels. But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic. “The cost factor here is what’s turned... 

Black Hat was kind enough to invite me back to teach multiple sessions of my 2-day course this year. Next is Black Hat EU 2010 Training on 12-13 April 2010 at Hotel Rey Juan Carlos I in Barcelona, Spain. I will be teaching TCP/IP Weapons School 2.0 . Registration is now open. Black Hat has three price points and deadlines for registration remaining. Regular ends 1 Apr Late ends 11 Apr Onsite starts at the conference Finally we have Black Hat... 

I’m happy to report that I will present Building a Fortune 5 CIRT Under Fire at FIRST 2010 on 16 Jun 10 in Miami, FL. I plan to attend the majority of the conference, since it is one of the few focused on incident detection and response. I hope to see you there! Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)  Read More →

Those awaiting a legitimate method to duplicate DVDs for personal use will likely have to wait even longer, perhaps forever, after RealNetworks tossed in the white towel and abandoned its litigation on the matter. RealNetworks spent almost two years in a legal battle with the Motion Picture Association of America, which sued the Seattle company to block the sale of its DVD-copying software and hardware –- generally known as RealDVD. The company...