Top Influencers on IT Security

Bruce Schneier: Securing iPads for Exams

Fri, 10 Feb 2012 04:21:14 PST

Interesting blog post about locking down an iPad so students can take exams on them....

Bruce Schneier: Security Implications of "Lower-Risk Aircraft"

Thu, 09 Feb 2012 04:10:35 PST

Interesting paper: Paul J. Freitas (2012), "Passenger aviation security, risk management, and simple physics," Journal of Transportation Security. Abstract: Since the September 11, 2001 suicide hijacking attacks on the United States, preventing similar attacks from recurring has been perhaps the most important goal of aviation security. In addition to other measures, the US government has increased passenger screening requirements to...

by ashimmy@hotmail.com (Alan Shimel)Last Chance To RSVP For Security Bloggers Meet up

Wed, 08 Feb 2012 05:43:06 PST

If you have received an invite to the Security Bloggers Meet up at RSA Conference this year and have not RSVP'd yet, what are you waiting for? Time is running out, as our available space is running out! We only...

Bruce Schneier: Solving the Underlying Economic Problem of Internet Piracy

Wed, 08 Feb 2012 04:46:04 PST

This essay is definitely thinking along the correct directions....

Bruce Schneier: Error Rates of Hand-Counted Voting Systems

Tue, 07 Feb 2012 03:53:41 PST

The error rate for hand-counted ballots is about two percent. All voting systems have nonzero error rates. This doesn't surprise technologists, but does surprise the general public. There's a myth out there that elections are perfectly accurate, down to the single vote. They're not. If the vote is within a few percentage points, they're likely a statistical tie. (The problem,...

Bruce Schneier: The Failure of Two-Factor Authentication

Mon, 06 Feb 2012 11:23:27 PST

In 2005, I wrote an essay called "The Failure of Two-Factor Authentication," where I predicted that attackers would get around multi-factor authentication systems with tools that attack the transactions in real time: man-in-the-middle attacks and Trojan attacks against the client endpoint. This BBC article describes exactly that: After logging in to the bank's real site, account holders are being tricked...

C. Warren Axelrod: Pump and Dump and Pump Again

Mon, 06 Feb 2012 03:00:17 PST

In the January 27, 2012 issue of The Wall Street Journal, Jean Eaglesham and Andrew Ackerman wrote an article with the title “SEC Says Latvian Hacked Accounts: Commission Alleges Four Firms Helped Trader Make Unauthorized Online Stock Purchases and Sales.” The article describes the apparent unwitting complicity by four U.S.-based electronic trading firms in a [...]

Richard Bejtlich: Impressions: Network Warrior, 2nd Ed

Richard Bejtlich — Sat, 04 Feb 2012 07:18:00 PST

Five years ago I reviewed the first edition of Network Warrior by Gary A. Donahue. Thank to O'Reilly I can post my "impressions" of the second edition of this great book. Although I read almost all of it, I am unable to post another review because Amazon.com has my previous review attached to the new edition. In brief, Network Warrior, 2nd Ed is the book to read if you are a network administrator trying to get to the next level. All of my praise from the previous review apply to the new book. The book is really that good, primarily because it combines very clear explanations with healthy...

Richard Bejtlich: Impressions: Windows Sysinternals Administrator's Reference

Richard Bejtlich — Sat, 04 Feb 2012 07:01:00 PST

Mark Russinovich and Aaron Margosis have written another awesome addition to the Microsoft Press catalog, Windows Sysinternals Administrator's Reference. Per my policy, because I did not read the whole book I am only posting "impressions" here and not a full Amazon.com review. In brief this book will tell you more about the awesome Sysinternals tools than you might have thought possible. One topic that caught my attention was using Process Monitor to summarize network activity (p 139). This reminded me of Event Tracing for Windows and Network Tracing in Windows 7. I remain interested in...

Richard Bejtlich: Impressions: The Tangled Web

Richard Bejtlich — Sat, 04 Feb 2012 06:23:00 PST

Six years ago I reviewed Michal Zalewski's first book, Silence on the Wire. Michal is a security researcher who has consistently created high-quality content for a very long time, so I was pleased to receive a review copy of his newest book The Tangled Web. I did not read the whole book, hence I'm posting only my "impressions" here. I recommend reading this book if you want to know a lot, and I mean a lot, about how screwed up Web browsers, protocols, and related technologies truly are. Because many points of the book are tied to specific browser versions, I suspect its shelf life to...

Richard Bejtlich: The Toughest Question in Digital Security

Richard Bejtlich — Sat, 04 Feb 2012 05:35:00 PST

The toughest question in digital security is "who cares?" The recent Tweet by hogfly (@4n6ir) made me ponder this question. He points to an Aviation Week story by David Fulghum, Bill Sweetman, and Amy Butler titled China's Role In JSF's Spiraling Costs. It says in part: How much of the F-35 Joint Strike Fighter’s spiraling cost in recent years can be traced to China’s cybertheft of technology and the subsequent need to reduce the fifth-generation aircraft’s vulnerability to detection and electronic attack? That is a central question that budget planners are asking, and their queries appear...

Bruce Schneier: Friday Squid Blogging: Clothing that Keeps an Exercise Journal

Fri, 03 Feb 2012 14:18:41 PST

It's called Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Bruce Schneier: The Problems of Too Much Information Sharing

Fri, 03 Feb 2012 12:49:54 PST

Funny. Fake, but funny. Edited to add (2/3): The rest of the story....

Bruce Schneier: VeriSign Hacked, Successfully and Repeatedly, in 2010

Fri, 03 Feb 2012 08:49:08 PST

Reuters discovered the information: The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published. The company, unsurprisingly,...

Bruce Schneier: Prisons in the U.S.

Thu, 02 Feb 2012 07:04:12 PST

Really good article on the huge incarceration rate in the U.S., its causes, its effects, and its value: Over all, there are now more people under "correctional supervision" in America -- more than six million -- than were in the Gulag Archipelago under Stalin at its height. That city of the confined and the controlled, Lockuptown, is now the second...

by Monthly Blog Round-Up – January 2012

anton@chuvakin.org (Anton Chuvakin) — Wed, 01 Feb 2012 14:37:25 PST

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “On Free Log Management Tools” is a companion to the checklist below (updated version) “Simple Log Review Checklist Released!” is often at the top – the checklist is still a very useful tool for many people “Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2”, “SANS Top 5 Essential Log Reports Update!” and their predecessor “Top5 SANS Log Reports Update DRAFT” also show up close to the top. IF YOU WANT TO VOLUNTEER TO FINISH THIS DOCUMENT- PLEASE EMAIL...

Bruce Schneier: The Idaho Loophole

Wed, 01 Feb 2012 04:05:59 PST

Brian C. Kalt (2005), "The Perfect Crime," Georgetown Law Journal, Vol. 93, No. 2. Abstract: This article argues that there is a 50-square-mile swath of Idaho in which one can commit felonies with impunity. This is because of the intersection of a poorly drafted statute with a clear but neglected constitutional provision: the Sixth Amendment's Vicinage Clause. Although lesser criminal...

Bruce Schneier: Possibly the Most Incompetent TSA Story Yet

Tue, 31 Jan 2012 15:03:31 PST

The storyline: TSA screener finds two pipes in passenger's bags. Screener determines that they're not a threat. Screener confiscates them anyway, because of their "material and appearance." Because they're not actually a threat, screener leaves them at the checkpoint. Everyone forgets about them. Six hours later, the next shift of TSA screeners notices the pipes and -- not being able...

by ashimmy@hotmail.com (Alan Shimel)Now Its B-sides and RSA

Tue, 31 Jan 2012 10:22:39 PST

When I last wrote about B-sides a few weeks ago there was the drama of “show me the money”, as some folks questioned where money from sponsors was going. As a result the B-sides group seems to have emerged stronger...

Bruce Schneier: Biases in Forensic Science

Tue, 31 Jan 2012 09:13:27 PST

Some errors in forensic science may be the result of the biases of the examiners: Though they cannot prove it, Dr Dror and Dr Hampikian suspect the difference in contextual information given to the examiners was the cause of the different results. The original pair may have subliminally interpreted ambiguous information in a way helpful to the prosecution, even though...

by Jeff LowderHow to be a Software Engineer without Understanding Software

Mon, 30 Jan 2012 03:00:52 PST

Imagine a world where the majority of people who claim to “do” software engineering do not know even basic concepts that are taught in computer science 101 classes, such as basic data structures and why they matter. A world in which most accountants didn’t know how to read a P&L or a tax return. From an information [...]

by ashimmy@hotmail.com (Alan Shimel)Just Another Risk Podcast NOT

Mon, 23 Jan 2012 10:54:33 PST

Continuing my series of podcasts on all things Risk, I have another great one in this episode. I am joined by an all star panel of HD Moore, CSO of Rapid7 and founder of Metasploit, Ron Gula, CEO and CTO...

C. Warren Axelrod: China Chamber Hack

Mon, 23 Jan 2012 03:00:33 PST

Siobhan Gorman is back in strong form on the front page of the December 21, 2011 Wall Street Journal with her article “China Hackers Hit U.S. Chamber,” which suggests at first glance that hackers made from porcelain were successfully thrown into some U.S. person’s bedroom. However, the subtitle, “Attacks Breach Computer System of Business Lobbying [...]

by ashimmy@hotmail.com (Alan Shimel)Only One Week Left To Vote For Blogger Awards

Fri, 20 Jan 2012 07:03:03 PST

Wow, January is flying by! Today is the 20th of the month already. That means there is only one week left to vote for this years Social Security Bloggers Awards. Of course winners will be announced at the Security Bloggers...

by ashimmy@hotmail.com (Alan Shimel)How Come My Blog/Podcast Wasnt Nominated?

Thu, 12 Jan 2012 16:12:45 PST

With last weeks announcement of the finalists for this years Social Security Bloggers Awards there has been the usual buzz about the awards, the Security Bloggers Network and the bloggers meet up. I want to say from the outset that...

Richard Bejtlich: Best Book Bejtlich Read in 2011

Richard Bejtlich — Mon, 09 Jan 2012 13:40:00 PST

It's time to name the winner of the Best Book Bejtlich Read award for 2011! I've been reading and reviewing digital security books seriously since 2000. This is the 6th time I've formally announced a winner; see my bestbook label for previous winners. Compared to 2010 (31 books), 2011 saw a decrease to 22 books. Remember all reading is neither equal nor fast. When I review a book, I am sure to read it and not just skim it. For 10 books last year, I chose not to read them but to instead post impressions. Posts called "impressions" provide my sense of the book but I do not publish them...

C. Warren Axelrod: Printer Too Ready

Mon, 09 Jan 2012 03:00:18 PST

In a December 8, 2011 post to CNET News, Elinor Mills writes, in a piece with the title “HP sued over security flaw in printers,” about how a Columbia University research team was able to compromise the embedded software in HP LaserJet printers. First off, the photograph of a printer, which is prominently displayed at the [...]

Richard Bejtlich: Telling a Security Story with Charts

Richard Bejtlich — Sun, 08 Jan 2012 09:10:00 PST

The image at left appeared in the 31 December 2011 edition of The Economist magazine in the article Economics focus -- How to get a date: The year when the Chinese economy will truly eclipse America’s is in sight. It depicts 15 measurements of the US and Chinese economies, with historical and projected data. There is a version available at this page with more statistics comparing the two nations. The Economist presents these charts for the following reason: In the spring of 2011 the Pew Global Attitudes Survey asked thousands of people worldwide which country they thought was the leading...

Richard Bejtlich: Happy 9th Birthday TaoSecurity Blog

Richard Bejtlich — Sun, 08 Jan 2012 08:07:00 PST

Today, 8 January 2012, is the 9th birthday of TaoSecurity Blog. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. 2843 posts later, I am still blogging. Looking at all 9 years of blogging, I averaged 315 per year, but in the age of Twitter (2009-2011) I averaged only 171 blog posts per year. I plan to continue blogging, but I expect around the same number as last year -- somewhere in the 60 to 100 post range. I spend a lot more time expressing my views to the press and market researchers and analysts, so I'm often less inclined to...

by ashimmy@hotmail.com (Alan Shimel)And The Nominees Are . . .

Fri, 06 Jan 2012 14:16:09 PST

No I am not announcing the choices for the Oscars. Something even better. It is time to announce the nominees for the 2012 Social Security Bloggers Awards. Voting will open today and remain open until January 30th. Of course the...

by Annual Blog Round-Up – 2011

anton@chuvakin.org (Anton Chuvakin) — Wed, 04 Jan 2012 11:11:00 PST

Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2011. This list covers the posts most popular in 2011, not necessarily only those written in 2011. Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. “Simple Log Review Checklist Released!” was again the most popular this year. The checklist, a list of critical things to look for while reviewing system, network and security logs when responding to a security incident PCI DSS...

by Monthly Blog Round-Up – December 2011

anton@chuvakin.org (Anton Chuvakin) — Tue, 03 Jan 2012 08:59:21 PST

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month. Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. “On Free Log Management Tools” is a companion to the checklist below (updated version) “Simple Log Review Checklist Released!” is often at the top; it is the case this month – the checklist is still a very useful tool for many people “On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well...

by ashimmy@hotmail.com (Alan Shimel)The B-sides Affair

Wed, 21 Dec 2011 07:38:59 PST

So the security twittersphere is a buzz this morning about a post by Brian Martin on SecurityErrata raising some serious questions about the Security B-sides “organization” and Mike Dahn in particular. Let me say from the outset that I don’t...

by ashimmy@hotmail.com (Alan Shimel)Risk, Risk, Risk

Mon, 19 Dec 2011 09:22:04 PST

In order to effectively manage risk, we need to be able to effectively measure risk. Before we can ever hope to effectively measure risk, we should all agree on exactly what is the definition of risk. When something as elementary...

C. Warren Axelrod: The Personalization of Risk

Mon, 19 Dec 2011 03:00:46 PST

I realized when I received several comments regarding my September 12, 2011 column “Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring” from Doug Hubbard and others, that I hadn’t been clear enough in my description of what I had termed “subjective risk.” It also seems that it was not readily apparent to readers whether I supported risk scoring [...]

by ashimmy@hotmail.com (Alan Shimel)Its That Magical Time of the Year

Fri, 16 Dec 2011 08:40:47 PST

This is copied from the post I just put up at the RSA Conference Blog at: https://365.rsaconference.com/blogs/security-blogger-meetup/2011/12/16/its-that-time-of-the-year Christmas is just a week or so away, New Years is just around the corner. You know what is next? Of course you...

by ashimmy@hotmail.com (Alan Shimel)Its That Magical Time of the Year

Fri, 16 Dec 2011 08:33:03 PST

by ashimmy@hotmail.com (Alan Shimel)Social Security Blogger Awards 2012

Thu, 15 Dec 2011 07:42:39 PST

Cooperstown, Canton, Springfield, Cleveland, what do all of these places have in common? They all are homes to a Hall of Fame. Now the Security Bloggers Awards will be joining them with Security Bloggers Hall of Fame too! It is...

by ashimmy@hotmail.com (Alan Shimel)The Sleazy Dark Side of Product Reviews

Wed, 14 Dec 2011 05:33:48 PST

Yesterday I wrote in response to Bill Brenner’s Salted Hash post about the Google-funded, Accuvant conducted browser security study which found (surprise) Chrome on top. In my post yesterday I mentioned that one company that I thought is doing product...

by ashimmy@hotmail.com (Alan Shimel)The Death of Product Reviews

Tue, 13 Dec 2011 12:57:01 PST

Image via Wikipedia My friend Bill Brenner has a post up on his Salted Hash blog today about a recent browser security study done by Accuvant LABS. The study shows that Google Chrome was the safest browser tested. Like Bill,...

by ashimmy@hotmail.com (Alan Shimel)Blogging is a Conversation

Mon, 12 Dec 2011 08:47:55 PST

For those of you who may be wondering, yes there will be a killer Security Bloggers Meet up at RSA this year. There will also be another Social Security Blogger Awards with some new categories as well. More on those...

Amrit Williams: Searching for Privacy in a World Without Secrets

Thu, 08 Dec 2011 21:51:36 PST

“I am not a number, I am a free man” IDC reported that we generated and replicated 1.8 zettabytes – that’s 1.8 trillion gigabytes – of data in 2011. To give you an example of scale you would need to stack CDs from Earth to the Moon and Back again – twice – to represent [...]

Amrit Williams: Class-action Lawsuit Against HP for Not Disclosing Security Vulnerabilities Has Huge Implications

Thu, 08 Dec 2011 01:58:53 PST

On December 1, 2011 a Class-action lawsuit was filed in United States District Court Northern District of California against Hewlett-Packard, alleging violations of The California Consumer Legal Remedies Act for Injunctive Relief and the California Unfair Competition Law based on non-disclosure of a known security vulnerability (read the filing here) Nature of the Action l. [...]

Richard Bejtlich: Mandiant Webinar Wednesday; Help Us Break a Record!

Richard Bejtlich — Tue, 06 Dec 2011 14:06:00 PST

I'm back for the last Mandiant Webinar of the year, titled State of the Hack: It's The End of The Year As We Know It - 2011. And you know what? We feel fine! That's right, join Kris Harms and me Wednesday at 2 pm eastern as we discuss our reactions to noteworthy security stories from 2011. Register now and help Kris and me beat the attendee count from last month's record-setting Webinar. If you have questions about and during the Webinar, you can always send them via Twitter to @mandiant and use the hashtag m_soh. TweetCopyright 2003-2011 Richard Bejtlich and TaoSecurity...

Richard Bejtlich: Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security"

Richard Bejtlich — Tue, 06 Dec 2011 13:52:00 PST

I've been listed in other "top whatever" security lists a few times in my career, but appearing in Tripwire's Top 25 Influencers in Security You Should Be Following today is pretty cool! Tripwire is one of those technologies and companies that everyone should know. It's almost like the "Xerox" of security because so many people equate the idea of change monitoring with Tripwire. So, I was happy to see my twitter.com/taosecurity feed and the taosecurity.blogspot.com blog make their cut. David Spark asked for my "security tip for 2012," which I listed as: Improve your incident detection...

C. Warren Axelrod: Security in the Dark

Tue, 06 Dec 2011 03:00:43 PST

I attended a roundtable recently at which someone mentioned that, in their experience, those familiar contractual requirements requesting third-party service providers to tell their customers about security breaches within a short time frame (within three hours, say) are often not conveyed to the service provider’s person or team that is supposed to notify the customer [...]

Richard Bejtlich: Become a Hunter

Richard Bejtlich — Mon, 05 Dec 2011 08:44:00 PST

Earlier this year SearchSecurity and TechTarget published a July-August 2011 issue (.pdf) with a focus on targeted threats. Prior to joining Mandiant as CSO I wrote an article for that issue called "Become a Hunter": IT’S NATURAL FOR members of a technology-centric industry to see technology as the solution to security problems. In a field dominated by engineers, one can often perceive engineering methods as the answer to threats that try to steal, manipulate, or degrade information resources. Unfortunately, threats do not behave like forces of nature. No equation can govern a threat’s...

by ashimmy@hotmail.com (Alan Shimel)Have We Got Risk All Wrong?

Thu, 01 Dec 2011 08:08:54 PST

Most of us in the information security industry long ago recognized that we could not eliminate every risk and threat to our data and networks. Instead we have tried to manage that risk to acceptable levels, with acceptable being in...

by Monthly Blog Round-Up – November 2011

anton@chuvakin.org (Anton Chuvakin) — Thu, 01 Dec 2011 07:36:33 PST

Richard Bejtlich: National Public Radio Talks Chinese Digital Espionage

Richard Bejtlich — Tue, 29 Nov 2011 11:34:00 PST

When an organization like National Public Radio devotes an eleven minute segment to Chinese digital espionage, even the doubters have to realize something is happening. Rachel Martin's story China's Cyber Threat A High-Stakes Spy Game is excellent and well worth your listening (.mp3) or reading time. Rachel interviews three sources: Ken Lieberthal of the Brookings Institution, Congressman Mike Rogers (chairman of the House Intelligence Committee), and James Lewis from the Center for Strategic and International Studies. If you listen to the report you'll hear James Lewis mention "a famous...

Richard Bejtlich: Dustin Webber Creates Network Security Monitoring with Siri

Richard Bejtlich — Sat, 26 Nov 2011 06:43:00 PST

Dustin Webber just posted a really cool video called Network Security Monitoring with Siri. He shows how he uses his iPhone 4S and SiriProxy to interact with his Snorby Network Security Monitoring platform. The following screenshot shows Dustin asking "Can you show me what the last severity medium event was?" and Siri answering. Later he asks Siri to tell him about "incident 15": Near the end Dustin asks Siri if she likes Network Security Monitoring: This is just about the coolest thing I've seen all year. Ten years ago I thought it was cool to listen to Festival read Sguil events...

Richard Bejtlich: Trying NetworkMiner Professional 1.2

Richard Bejtlich — Sat, 26 Nov 2011 04:26:00 PST

Erik Hjelmvik was kind enough to send an evaluation copy of the latest version of his NetworkMiner traffic analysis software. You can download the free edition from SourceForge as well. I first mentioned NetworkMiner on this blog in September 2008. NetworkMiner is not a protocol analyzer like Wireshark. It does not take a packet-by-packet approach to representing traffic. Instead, NetworkMiner displays traffic in any one of the following ways: as hosts, frames, files, images, messages, credentials, sessions, DNS records, parameters, keywords, or cleartext. To demonstrate a few of these...

Richard Bejtlich: Thoughts on 2011 ONCIX Report

Richard Bejtlich — Wed, 23 Nov 2011 11:47:00 PST

Many of you have probably seen coverage of the 2011 ONCIX Reports to Congress: Foreign Economic and Industrial Espionage. I recommend every security professional read the latest edition (.pdf). I'd like to highlight the key findings of the 2011 version: Pervasive Threat from Adversaries and Partners Sensitive US economic information and technology are targeted by the intelligence services, private sector companies, academic and research institutions, and citizens of dozens of countries. • Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US...

Richard Bejtlich: Tao of Network Security Monitoring, Kindle Edition

Richard Bejtlich — Wed, 23 Nov 2011 05:01:00 PST

I just noticed there is now a Kindle edition of my first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection, published in July 2004. Check out what I wrote in the first paragraphs now available online. Welcome to The Tao of Network Security Monitoring: Beyond Intrusion Detection. The goal of this book is to help you better prepare your enterprise for the intrusions it will suffer. Notice the term "will." Once you accept that your organization will be compromised, you begin to look at your situation differently. If you've actually worked through an intrusion -- a real...

Richard Bejtlich: Why DIARMF, "Continuous Monitoring," and other FISMA-isms Fail

Richard Bejtlich — Tue, 22 Nov 2011 11:29:00 PST

I've posted about twenty FISMA stories over the years on this blog, but I haven't said anything for the last year and a half. After reading Goodbye DIACAP, Hello DIARMF by Len Marzigliano, however, I thought it time to reiterate why the newly "improved" FISMA is still a colossal failure. First, a disclaimer: it's easy to be a cynic and a curmudgeon when the government and security are involved. However, I think it is important for me to discuss this subject because it represents an incredible divergence between security people. On one side of the divide we have "input-centric,"...

C. Warren Axelrod: The Security of Fools

Mon, 21 Nov 2011 03:00:55 PST

No, I’m NOT saying that security professionals are fools … far from it. But many of the folks whom they serve may well be overconfident in their judgments about security. Overconfidence in the face of undisputable evidence to the contrary is described in Daniel Kahneman’s article “The Surety of Fools” in the October 23, 2011 [...]

Richard Bejtlich: SEC Guidance Emphasizes Materiality for Cyber Incidents

Richard Bejtlich — Sat, 19 Nov 2011 08:02:00 PST

Senator Jay Rockefeller and Secretary Michael Chertoff wrote the best article I've seen yet on the CF Disclosure Guidance: Topic No. 2, Cybersecurity issued by the SEC last month in their article A new line of defense in cybersecurity, with help from the SEC: Managing cybersecurity risk has always been, and always will be, in large part a private sector responsibility... Until recently, this responsibility may have been unclear — or unknown — to the directors and officers of publicly traded companies. But on Oct. 13, the Securities and Exchange Commission issued groundbreaking guidance to...

by ashimmy@hotmail.com (Alan Shimel)Microsofts Trustworthy Computing Supports the SBN

Tue, 08 Nov 2011 05:23:29 PST

I am really happy to report that the Trustworthy Computing Group at Microsoft has decided to partner with and sponsor the Security Bloggers Network. On behalf of the 300+ blogs in the SBN we are happy to have Microsoft as...

C. Warren Axelrod: SEC-urity’s Catch 22

Mon, 07 Nov 2011 03:00:56 PST

On October 13, 2011, the Division of Corporation Finance (DCF) of the Securities and Exchange Commission (SEC) issued CF Disclosure Guidance: Topic No. 2 – Cybersecurity, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm . It provides the DCF’s “views regarding disclosure obligations relating to cybersecurity risks and cyber incidents.” So far, so good. However, when it is suggested that companies [...]

Amrit Williams: One Warm Coat…Two Changed Lives

Thu, 03 Nov 2011 12:13:00 PDT

<Warning: This post has nothing to do with technology, information security, or anything else I normally blog about> This post is dedicated to the memory of Stephanie Renee Fong When I was in my early 20s I met a young women named Stephanie, we quickly grew very close. Stephanie was special to me in many [...]

by Monthly Blog Round-Up – October 2011

anton@chuvakin.org (Anton Chuvakin) — Tue, 01 Nov 2011 07:49:24 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month. Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. “Simple Log Review Checklist Released!” is often at the top; it is the case this month – the checklist is still a very useful tool for many people “On Free Log Management Tools” is a companion to the above checklist (updated version) “Top 10 Criteria for a SIEM?” is an EXAMPLE criteria list for choosing a...

Richard Bejtlich: MANDIANT Webinar Friday

Richard Bejtlich — Tue, 25 Oct 2011 23:15:00 PDT

Join me and Lucas Zaichkowsky on Friday at 2 pm eastern as we talk about what happened at our annual MANDIANT conference, MIRCon! Registration is free and I expect you'll enjoy the discussion! We plan to review what we saw and heard, and how those lessons will help your security program. TweetCopyright 2003-2011 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

C. Warren Axelrod: Normative Cyber Security

Mon, 24 Oct 2011 03:00:31 PDT

Joel Brenner’s new book, America the Vulnerable – Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare (The Penguin Press, 2011), is another book of the genre of Richard Clarke’s several volumes of non-fiction, such as his most recent book, published with Robert Knake, Cyber War: The Next Threat to National Security and [...]

Richard Bejtlich: Review of America the Vulnerable Posted

Richard Bejtlich — Sun, 23 Oct 2011 16:02:00 PDT

Amazon.com just posted my five star review of America the Vulnerable by Joel Brenner. I reproduce the review in its entirety below. I've added bold in some places to emphasize certain areas. America the Vulnerable (ATV) is one of the best "big picture" books I've read in a long while. The author is a former NSA senior counsel and inspector general, and was the National Counterintelligence Executive (NCIX). In these roles he could "watch the fireworks" (not his phrase, but one popular in the intel community) while the nation suffered massive data exfiltration to overseas adversaries. ATV...

by ashimmy@hotmail.com (Alan Shimel)Podcast: Can Open Source Provide The Protein For Security Below The Poverty Line

Thu, 20 Oct 2011 10:30:54 PDT

Reprinted from my Network World Blog Security costs too much for many organizations, is open source security the answer? By Alan Shimel on Mon, 10/17/11 - 12:44pm. Having been in the infosec world for more than 10 years, I have...

C. Warren Axelrod: Will Cloud Security Drive You Insane?

Mon, 17 Oct 2011 03:00:15 PDT

First, the transparency … I have known Jim Reavis, co-founder of the Cloud Security Alliance (CSA), for a dozen years or so. He is a true visionary. He met with me before creating the CSA and asked me what I thought. I told him to go for it. He did and has had remarkable success [...]

Richard Bejtlich: Republican Presidential Candidates on China

Richard Bejtlich — Thu, 13 Oct 2011 14:38:00 PDT

(Photo: Business Insider) This is not a political blog, so I'm not here to endorse candidates. However, I do want to point out another example of high-level policymakers discussing ongoing activities by China against the US and other developed economies. First, the Washington Post published an editorial by Mitt Romney which included the following: China seeks advantage through systematic exploitation of other economies. It misappropriates intellectual property by coercing “technology transfers” as a condition of market access; enables theft of intellectual property, including patents,...

by ashimmy@hotmail.com (Alan Shimel)Great Job For A PR Security Pro

Thu, 13 Oct 2011 13:53:17 PDT

Trainer Communications and Susan Thomas who is always there to help out with the Security Bloggers Network and Bloggers Meet up is looking for an Account Director for their security practice. Here is the description from Trainer: Does the concept...

by ashimmy@hotmail.com (Alan Shimel)Marketing Security

Thu, 13 Oct 2011 11:08:27 PDT

No this is not about a new VP of marketing at some security vendor. I was reading an article today about a presentation at RSA Europe by Lee Parrish, VP and CISO of construction firm Parsons Corporation. At a time...

Richard Bejtlich: Bejtlich in "The expanding cyber industrial complex"

Richard Bejtlich — Tue, 11 Oct 2011 15:49:00 PDT

Christopher Booker interviewed me and several other policy-oriented security people for his video Financial Times story The expanding cyber industrial complex. This was a different experience for me for two reasons. First, Christopher conducted the interviews via Skype. Second, you can see what appear to be the home offices of several of the contributors, including me. One technical note on the video: I had some trouble getting it to play. To get it working I selected another video then went back to this one. Thank you again to Christopher Booker for the opportunity to offer my...

Richard Bejtlich: Computer Incident Response Team Organizational Survey, 2011

Richard Bejtlich — Tue, 11 Oct 2011 15:38:00 PDT

Today at MIRCon I mentioned that one of my colleagues, Jeff Yeutter, had updated the somewhat famous CERT/CC study of CIRT characteristics as part of his degree program. Jeff posted the survey online as Computer Incident Response Team Organizational Survey, 2011 with this description: In 2003, the CERT CSIRT Development Team (www.CERT.org) released a study on the state of international computer security incident response teams with the goal of providing "better insight into various CSIRT organizational structures and best practices" for new and existing members of the CSIRT community...

Richard Bejtlich: Interview with One of My Three Wise Men

Richard Bejtlich — Fri, 07 Oct 2011 16:36:00 PDT

Tony Sager from the NSA is one of my Three Wise Men. (Dan Geer and Ross Anderson are the other two.) Eric Parizo from SearchSecurity.com interviewed Tony this week and posted the video online. Tony notes that the escalation in threat activity during the last few years is real. He is in a position to know, given he has worked at NSA since the 1970s. Tony says the threat activity is getting people's attention now, especially at more senior levels of the government and industry. Now targeted organizations are thinking beyond the question "does this affect my company" to "does this affect...

Richard Bejtlich: Russia v China -- Sound Familiar?

Richard Bejtlich — Fri, 07 Oct 2011 00:27:00 PDT

Thanks to a source who wishes to remain anonymous, I read Chinese spy mania sweeps the world, an article not from a Western publication. Rather, it's from Voice of Russia. Does any of this sound familiar? [T]his is the most powerful secret service based on the principle of attracting all ethnic Chinese, wherever they may live. An adherent of the “total espionage” strategy, Beijing even encourages emigration in the hope that its citizens will remain loyal to and useful for their historical homeland after moving to another country... "The history of China’s espionage activities on Russian...

Richard Bejtlich: It's All About the Engines

Richard Bejtlich — Thu, 06 Oct 2011 15:49:00 PDT

(Photo credit: AINOnline) I just read Big New Chinese Order for Russian Fighter Engines at China Defense Blog, which quoted AINOnline: China has placed additional orders for Russian AL-31-series fighter engines. State arms trade agency Rosoboronexport clinched two big contracts earlier this year... To serve them, Salut has established partnerships with Limin Corp. and Tyan Li company in Chengdu on deliveries and manufacturing of spare parts for both the AL-31F and the AL-31FN. Russia has also agreed to provide all necessary maintenance and repair documentation to the Chinese partners. To...

by ashimmy@hotmail.com (Alan Shimel)Steve Jobs: It can happen to you

Wed, 05 Oct 2011 21:38:53 PDT

Image via Wikipedia First of all let me wish my condolences and sympathies to the family, friends and colleagues of Steve Jobs. To say he was a visionary with a profound effect on the technology world for years to come,...

by Monthly Blog Round-Up – September 2011

anton@chuvakin.org (Anton Chuvakin) — Mon, 03 Oct 2011 10:35:59 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month. Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. “Simple Log Review Checklist Released!” is often at the top; it is the case this month “Log Management at $0 and 1hr/week?” is pretty much what it is. How to do log management under extreme budget AND time constraints? “Top 10 Criteria for a SIEM?” is an EXAMPLE criteria list for choosing a SIEM. “On Choosing...

by ashimmy@hotmail.com (Alan Shimel)Fixmo for Mobile Security

Fri, 23 Sep 2011 11:41:43 PDT

I just wanted to give a shout out to a new mobile security company I became aware of called Fixmo. Fixmo has several solutions around mobile security including some powered by technology acquired via a technology transfer agreement with the...

by Cloud HELP NEEDED: Cloud PCI Class Trainer(s)!

anton@chuvakin.org (Anton Chuvakin) — Fri, 23 Sep 2011 10:20:06 PDT

Are proficient in BOTH PCI DSS compliance and cloud computing security? If yes, you can help Cloud Security Alliance as well as build your security reputation AND make some money in the process! Here is how: a few months ago, when I was still consulting, I have created a comprehensive full-day class on PCI DSS and cloud computing. More information is here and a brief description is pasted below: “The first ever class dedicated to assessing and implementing PCI DSS controls in cloud computing environments covers how to think of and how to do PCI DSS in various cloud computing environments....

by ashimmy@hotmail.com (Alan Shimel)How About A Schmear With Lo(x)cks

Thu, 22 Sep 2011 11:09:09 PDT

Having gone to my share of security conferences over the years, I have seen more than my share of the “uniqueness” of the security industry. I passed through the stage of the large multi-color Mohawks, the piercings that set off...

by ashimmy@hotmail.com (Alan Shimel)An Open Letter To The Security Industry: We Live In Amazing Times

Wed, 21 Sep 2011 11:41:58 PDT

I just returned home from the UNITED Security Summit in San Francisco. Besides speaking myself at the show I had a chance to sit in on some great presentations by some familiar and some not so familiar (to me anyway)...

Amrit Williams: Incomplete Thought: Are You Really Data-Driven or Just Using Data To Prove a Point?

Wed, 21 Sep 2011 11:10:09 PDT

I love data, I love the benefits that data analysis offers, and I love the concept of large amounts of data being massaged, queried, and providing insights through a whole new set of technical innovations – and there are many in data right now. In fact I believe that this year has probably been the [...]

Amrit Williams: Top 10 Most Overhyped Technology Terms

Tue, 20 Sep 2011 17:14:41 PDT

We have entered a new era of information technology, an era where the clouds are moist, the data is obese and incontinent, and the threats are advanced, persistent, and the biggest ever. Of course with all the paradigm-shifting, next generation, FUD vs. ROI marketing, its important to remember that sometimes we need to balance innovation [...]

by ashimmy@hotmail.com (Alan Shimel)If ATT Really Gave A Crap About Customers

Fri, 16 Sep 2011 20:40:58 PDT

Image via Wikipedia I had yet another eye opening experience today dealing with AT&T. It showed me once again why at the end of the day AT&T could care less about their customers and just want to grab as much...

by ashimmy@hotmail.com (Alan Shimel)Calling All Security/Tech Media in the Bay Area UNITED Summit

Wed, 14 Sep 2011 09:16:58 PDT

I wanted to drop a quick note to all of my friends and acquaintances in the Bay Area. Especially those in the tech/security media and analyst space. A cool new security summit is being put on by Rapid7, Firemon and...

Amrit Williams: Why I Suck at Blogging…and Twitter

Fri, 09 Sep 2011 23:59:30 PDT

So recently I posted some thoughts on big data and the increasing usage of Hadoop, the general theme was data management != data analysis…this caused confusion with some folks, as evidenced by the twitter exchange (tweets haven’t been altered but some extraneous ‘noise’ removed to maximize your reading pleasure) @Beaker @amrittsering I’m confused by your last blog. [...]

Amrit Williams: Needles in a Digital Hay Stack; Finding Value in Big Data

Fri, 09 Sep 2011 18:43:50 PDT

Big data is a scorching hot topic, currently capturing a lions share of the markets available stock of hyperbole and for good reason, data is growing at a meteoric rate. As we continue to innovate, as business accelerates technology adoption, as the line bleeds between corporate and personal computing and as we interact more in digital mediums [...]

Amrit Williams: Big Data; Are You Creating a Garbage Dump or Mountains of Gold

Sat, 03 Sep 2011 18:13:18 PDT

You’re not really sure how it happened, but some time between last year and the summer of 2011 you were suddenly facing a big data problem, or you were being told you were facing a big data problem, or more accurately you were being told that you needed a big data solution. Funny thing was [...]

by Monthly Blog Round-Up – August 2011

anton@chuvakin.org (Anton Chuvakin) — Sat, 03 Sep 2011 11:51:00 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month. Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. “The Last Blog Post!” is obviously BY FAR the most popular post in August. It announces my departure from consulting business in order to join Gartner as a Research Director with SRMS team. “Top 10 Criteria for a SIEM?” is an EXAMPLE criteria list for choosing a SIEM. Also see “On Choosing SIEM” which is about the least wrong way of choosing a SIEM tool...

by Monthly Blog Round-Up – July 2011

anton@chuvakin.org (Anton Chuvakin) — Fri, 02 Sep 2011 11:45:14 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month. Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. “Log Management at $0 and 1hr/week?” is pretty much what it is. How to do log management under extreme budget AND time constraints “PCI DSS in the Cloud … By the Council” post is my quick review of recent PCI DSS guidance on virtualization, focusing on cloud computing guidance. “Top 10 Criteria for a SIEM?” is an EXAMPLE criteria list for choosing a SIEM. ...

Amrit Williams: The Good, Bad, and Ugly of Technology Acquisitions

Thu, 01 Sep 2011 11:40:05 PDT

It is the foundation for the free market system and capitalism and it is every entrepreneurs dream; build a great technology, execute and achieve excellence in GTM, deliver fantastic value to customers and take great pride in watching your passion grow – fast. Then it happens; the exit, the liquidation event, the ‘golden ticket’ and in [...]

by Quick Blogging Update

anton@chuvakin.org (Anton Chuvakin) — Wed, 31 Aug 2011 08:18:40 PDT

As I mentioned, due to my joining Gartner, I am not blogging on security here anymore. However, a quick announcement is in order: You can follow what I am reading at http://www.google.com/reader/shared/anton.chuvakin (RSS, Google Reader Likes) and http://www.delicious.com/anton18 (RSS) My Gartner blog is almost ready (there are no posts yet, but feel free to subscribe anyway – RSS) Enjoy! About me: http://www.chuvakin.org

Amrit Williams: Cloud-Computing is Dead, Turn the Internet Off, Amazon Failed – Again!

Tue, 09 Aug 2011 11:04:03 PDT

So it appears the Internet went down, or so many claimed when they were presented with 404 errors when attempting to watch “Georgia Hillbilly Massacre 17: The return of the Banjo Man” on Netflix - Since Netflix is selective on what you can stream they certainly weren’t queuing up the latest and greatest new [...]

by The Last Blog Post!

anton@chuvakin.org (Anton Chuvakin) — Sun, 31 Jul 2011 23:59:00 PDT

This is my last blog post –for the foreseeable future. It is dated 7/31/2011 at 11:59PM. What happens tomorrow? A new life, of course! As only very few of you know, I have accepted a position of Research Director with Gartner, Inc. Tomorrow I am joining a stellar team lead by Phil Schacter, formerly from Burton Group. I spent two VERY successful years consulting, working with companies like Novell, RSA, LogLogic, NitroSecurity, eGestalt, ObserveIT, Tripwire, AlienVault, “Big MSSP”, “Big Insurance Company”, “SaaS Log Management Company”, “IT Management Software Company”, “SMB Security...

by On SIEM Services

anton@chuvakin.org (Anton Chuvakin) — Sun, 31 Jul 2011 11:11:00 PDT

Executive summary: you need to procure services when you buy a SIEM tool, if you don’t – you’d be sorry later. Even if you are amazingly intelligent and have extensive SIEM experience – see above. Even if you saw a successful SIEM project that didn’t include vendor or 3rd party services with your very eyes – see above. Even if your SIEM vendor tells you “you don’t need services” – see above. See above! See above!! See above!!! Let’s analyze this “SIEM services paradox.” A lot of organizations – way too many, in fact – balk at the need to procure related services before, during...

by Old Content Posted: Presentations, Documents, etc

anton@chuvakin.org (Anton Chuvakin) — Sat, 30 Jul 2011 23:11:00 PDT

In preparation for a career change (stand by for an announcement on midnight July 31, 2011), I am posting A LOT of my old presentations and documents online for the community. See http://www.slideshare.net/anton_chuvakin/presentations for such gems as my HITB 2010 keynote “Security Chasm”, Brief SIEM Primer, “Making Log Data Useful” as well as the most recent "Five Best and Five Worst SIEM Practices" See http://www.docstoc.com/profile/anton1chuvakin for a bunch of older documents on security, logging, SIEM, PCI DSS – including such gems as Logging Haiku, firewall...

by On Broken SIEM Deployments

anton@chuvakin.org (Anton Chuvakin) — Fri, 29 Jul 2011 11:23:01 PDT

Imagine you own a broken, dilapidated, failing SIEM crap deployment. What? Really… that, like, never happens, dude! SIEM is what makes unicorns shine and be happy all the time, right? Well…mmm… no comment. In this post, I want to address one common #FAIL scenario: a SIEM that is failing because it was deployed with a goal of real-time security monitoring, all the while the company was nowhere near ready (not mature enough) to have any monitoring process and operations (criteria for it). On my log/SIEM maturity scale (presented here, also see this related post from Raffy),...

by Got A Pile of Logs from an Incident: What to Do?

anton@chuvakin.org (Anton Chuvakin) — Wed, 27 Jul 2011 21:28:31 PDT

As I am going through my backlog of topics I wanted to blog about (but didn’t have time for the last 4-6 months), this is the one I really wanted to explore. Here is the scenario: Something blows up, hits the fan, starts to smell bad, <insert your favorite incident metaphor> … either in your IT environment or at one of your clients’ Logs (mostly) and other evidence is taken from all the components of the affected system and packaged for offline analysis You get a nice 10MB-10GB pile of juicy log data – and they wants “answers” What do you do FIRST? With what tools? Let’s explore...

by Top 10 Criteria for a SIEM?

anton@chuvakin.org (Anton Chuvakin) — Wed, 27 Jul 2011 11:11:00 PDT

OK, this WILL be taken the wrong way! I spent years whining about how use cases and your requirements should be THE MAIN thing driving your SIEM purchase. And suddenly Anton shows up with a simple ‘Top 10 list’, so…. blame it on that cognac. This list is AN EXAMPLE. SAMPLE. ILLUSTRATION. It is here FOR FUN. If you use it to buy a SIEM for your organization, your girlfriend will sleep with your plumber. All sorts of bad things can and likely will happen to you and/or your dog – and even your pet squirrel might go nuts. Please look up the word “EXAMPLE” in the dictionary before...

by NIST EMAP Workshop–Aug 2011

anton@chuvakin.org (Anton Chuvakin) — Tue, 26 Jul 2011 11:11:00 PDT

A lot of good work on logging standards as well as standards for the “surrounding areas” (correlation rules, parsing rules, etc) will happen at this first-ever NIST workshop on EMAP. Please mark your calendars to save the date for an EMAP Developer Workshop to be held August 29-30, 2011 at the NIST Campus in Gaithersburg, Maryland. We are still formalizing the agenda, but topics to be covered will include: · Discussion of target use cases and requirements as identified by EMAP working group. · CEE Overview and in-depth discussion of current issues. · Discussion of...

by Speaking at Catalyst 2011 in San Diego Tomorrow

anton@chuvakin.org (Anton Chuvakin) — Mon, 25 Jul 2011 23:06:25 PDT

Just FYI, I am speaking at Gartner Catalyst 2011 event in San Diego tomorrow. The topic is “Five Best and Five Worst Practices for SIEM.” “Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr. Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM implementation will help maximize security and compliance value, and avoid costly obstacles, inefficiencies, and risks.” Time: Tuesday, 26 July 2011 ...