All Reading Is Not Equal or Fast

Four years ago I posted Reading Tips, where I offered some ideas on how to read technical books.Recently I've received emails and questions via Twitter on the same subject. In this post I'd like to offer another perspective. Here I will introduce different "types of reading." In other words, I don't see all reading as equal, and what some people might call "reading," I don't consider to be reading at all!After reading this post you may find you...

Read More

Review of Hacking Exposed: Web Applications, 3rd Ed

Amazon.com just published my four star review of Hacking Exposed: Web Applications, 3rd Ed by Joel Scambray, Vincient Liu, and Caleb Sima. From the review:This is the third Hacking Exposed: Web Applications (HE:WA) book I've reviewed, having reviewed the second edition in 2006 and the first edition in 2002. While I gave the earlier editions each five stars, I don't think HE:WA3E quite meets my expectations of a five star web application security...

Read More

Review of iOS Forensic Analysis Posted

Amazon.com just posted my three star review of iOS Forensic Analysis by Sean Morrissey. From the review:I've read many forensics books over the last decade and written one as well. I believe that iOS Forensic Analysis (IFA) offers some useful information, but the manner in which the author presents it is not as effective as it could be. If the author were to write a second edition that structures the material in the way I recommend, I believe it...

Read More

Review of Computer Incident Response and Product Security Posted

Amazon.com just published my three star review of Computer Incident Response and Product Security by Damir Rajnovic. From the review:When I first learned that Cisco Press was publishing a book about product security (Computer Incident Response and Product Security, or CIRAPS), I was excited to see what they might create. Cisco's Product Security Incident Response Team (PSIRT) is one of the best in the industry, with a long history and mature processes....

Read More

Review of pfSense: The Definitive Guide Posted

Amazon.com just posted my five star review of pfSense: The Definitive Guide by Christopher M. Buechler and Jim Pingle and published by Reed Media. From the review:I have to admit that pfSense: The Definitive Guide (pTDG) caught me off guard. I expected the book to mainly discuss installing and using the pfSense firewall appliance, which would have been enough for me to enjoy the book. However, I was pleased to see coverage of many issues related...

Read More

Mini-Review of The Book of Pf Posted

Because I wrote a three star review of the first edition of The Book of Pf by Peter N.M. Hansteen, Amazon.com won't allow me to write a review of the second edition. So, I added the following comment to my old review indicating that I think the second edition deserves four out of five stars:Amazon won't allow me to write a review of the second edition of this book, so I'm adding this comment. I'm pleased to say that I believe the author accepted...

Read More

Best Collection of Gimp Brushes

This is ongoing collection I am creating to make it easier to download brushes for the Gimp. I have included the link to the source as well as the direct download. Please note that most of these brushes have different restrictions. Please visit the site link to know the proper usage. Read article...

Read More

Chrome OS - My thoughts on the CR-48 after a month of use

So I have been using the Google Chrome OS Cr-48 for about a month now. Here are some of my thoughts:This computer has been great as a backup computer. I have my laptop basically stationary as a desktop with a mouse and external hard drive plugged in. When I need a mobile computer, I would much rather take the CR-48. I don't even need to worry about the power cord since the battery power is so good. It is small and portable. I enjoy the keyboard and it is a fun computer to use and showoff.That is about all the good I have to say.Unfortunately, the...

Read More

Review of Kingpin Posted

Amazon.com just posted my four star review of Kingpin by Kevin Poulsen. I read this book by checking it out of my library! From the review:I've read and reviewed almost all of the non-fiction computer crime and espionage books written since the 1980s. Kingpin by Kevin Poulsen is one of my favorites. I will recommend this book to fellow digital security professionals and those who would like insights into our world. Kingpin's coverage of Max Ray...

Read More

Report on Declarations of War

Similar to my post Report on Instances of US Forces Abroad, I again thank Steven Aftergood for his post No-Fly Zones: Considerations for Congress. He points to a new report titled Declarations of War and Authorizations for the Use of Military Force: Historical Background and Legal Implications (.pdf). This is a good resource for those trying to determine what is war, what isn't war, and what happens in each situation. From the report summary:From...

Read More

Create a Flag of Japan using Inkscape - Show your support for the relief efforts in Japan

Following the devastating earthquake in Japan, there has been an outpour of love and relief effort going to that country. You have probably seen people tweet, commercials made, or Facebook statuses giving you an opportunity to help in some way. Perhaps you want to make your own flier to show your support toward a certain program or relief effort going to Japan. This tutorial will show you how to make a basic flag of Japan using Inkscape. You can...

Read More

Requesting Comments on Open Information Security Foundation

Thank you to anyone who voted for me to join the board of the Open Information Security Foundation. They are most famous for their Suricata intrusion detection engine, but I expect additional outputs as time passes. I appreciate those of you who supported my goal to join their board. I will try to provide fair and useful input to the project.I believe we will have our first board phone call next week. Are there any issues you would like me to...

Read More

Initial Thoughts on RSA "APT" Announcement

Today RSA's Art Coviello announced the following:Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA...Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related...

Read More

Bejtlich Joining MANDIANT as CSO and Security Services Architect

In June 2007 I posted that I was joining General Electric as Director of Incident Response. Since then I helped build and lead GE-CIRT from an "army of one" into a team of 40 analysts. It was an honor and a privilege to work with my team, but today I am announcing that I've accepted a new challenge.Effective 1 April I will be Chief Security Officer and Security Services Architect for MANDIANT, where I will build teams, tools, and capabilities to...

Read More

Report on Instances of US Forces Abroad

Thanks to Steven Aftergood's post Instances of US Forces Abroad I learned of a new Congressional Research Service report of the same name -- Instances of Use of United States Armed Forces Abroad, 1798-2010 (pdf). From the introduction:Eleven times in its history the U.S. has formally declared war against foreign nations. These eleven U.S. war declarations encompassed five separate wars: the war with Great Britain declared in 1812; the war with Mexico...

Read More

How to make a simple and free plant waterer

Yesterday I was filling up my plant waterer and realized that I have been using it for over 15 years. I made it when I was a kid and it has worked great! It is simple and free so I thought I would show how you can make it. Read article...

Read More

GIMPons - Gimp tutorial website

I just discovered a new Gimp tutorial website. The site is called GIMPons. The site is in French, but if you are using Google Chrome, you can easily translate the website. This page is full of many great Gimp tutorials, many of which I have never seen before. You should definitely give the site a lo...

Read More

Bejtlich Teaching Special Session of TCP/IP Weapons School at GTEC DC

Through a custom arrangement with Black Hat I am pleased to announce that I will teach a special session of TCP/IP Weapons School 3.0 at the Government Technology Expo & Conference (GTEC) on Tuesday 31 May and Wednesday 1 June 2011 in Washington, DC. The conference organizers set the price for my class at $2200. I am not sure if the price increases as we get closer to the class date. This is a good opportunity for people in the DC area to...

Read More

Experts Talk US-China Security Issues, Part 2

Several weeks ago I attended an outstanding one day conference by the Jamestown Foundation titled China Defense & Security 2011. The conference consisted of a series of speakers discussing various aspects of US-China national defense and security. Only one speaker concentrated on digital (or "cyber," love that word) items. The rest dealt with a wide range of topics. I took several pages of notes that I thought my benefit those not in attendance....

Read More

Experts Talk US-China Security Issues, Part 1

Several weeks ago I attended an outstanding one day conference by the Jamestown Foundation titled China Defense & Security 2011. The conference consisted of a series of speakers discussing various aspects of US-China national defense and security. Only one speaker concentrated on digital (or "cyber," love that word) items. The rest dealt with a wide range of topics. I took two pages of notes that I thought my benefit those not in attendance....

Read More

Review of Cyber Attacks Posted

Amazon.com just posted my three star review of Cyber Attacks by Edward Amoroso. From the review:Writing a book isn't easy, especially when you're trying to develop a framework and solutions that apply to a topic as vast as protecting national infrastructure. I applaud Dr Amoroso's efforts in Cyber Attacks, but I fear he is solving yesterday's problems with yesterday's answers. This book might have been more relevant in 2006 when one could have plausibly...

Read More

Bejtlich Teaching Two Sessions at Black Hat USA 2011

In January I taught the first TCP/IP Weapons School 3.0 class at Black Hat DC 2011. This is a completely new class written from the ground up. I'm very pleased with how it has developed and the students enjoyed the new content. For example, one of the feedback comments was the following:"I felt that the pace and level of difficulty was well managed, and the defense-then-offense aspect was a great way to learn!"I'm happy to announce that registration...

Read More

How to create an icon or logo from an existing drawing using Inkscape

A while ago my brother came up to me and handed me a scratch piece of paper. It was something that he had drawn years ago and he just found it as he was cleaning up some things. He mentioned that he always thought it was an interesting looking creature(?) and that he wondered what it would look like as a logo.I thought that would be fun idea to see what necessary steps one would need to take using Inkscape to create an icon or logo from an existing...

Read More

Tip of The Day - Create an RSS feed with any Website (Create Online Classifieds RSS Feed)

Here is a hypothetical situation (not really, I was in this exact situation for the past three weeks). Suppose you are looking for a really sweet deal for a DSLR camera or perhaps a phone. You want the cheapest possible so you obviously are looking for something used. Perhaps online classifieds. Well, to make sure that you are the fist person to find the sweet deal, you need to check the online classifieds frequently. Too bad there is not a way to set up something that would search for you and come up in your RSS feed reader.... bwa ha ha! THERE...

Read More

Tip of The Day - How To Force Yourself To Exercise (lose weight)

Replacing my desk chair for an exercise bike works wonders!The other day I was talking to my brother and he had mentioned how even though he plays sports frequently, it is hard for him to find time to exercise otherwise. I am the same way. Tell me to run after a Frisbee and that is no problem; I can do that for hours. Tell me to run because it is good for me, and I will tell you to take a hike (or I will in fact go on a hike myself).I thought I would...

Read More