Netanyahu Channels Tufte at United Nations

This is not a political blog, and I don't intend for this to be a political post. I recently watched Israeli Prime Minster Benjamin Netanyahu's speech to the United Nations on Thursday. I watched it because I am worried about Iran's nuclear weapons program and the Iranian security situation, to be sure. However, what really intrigued me was the red line he actually drew on a diagram, in front of the United Nations. In the video I linked, it takes...

Read More

Celebrate Packt Publishing's 1000th Title

I'm pleased to announce a special event involving Packt Publishing. The company told me, as a way to celebrate their 1000th title, that those who have registered at https://www.packtpub.com/login by 30 September will receive one free e-book. To help you make your choice, Packt is also opening its online library for a week for free to members. I'm interested in two recent titles: Metasploit Penetration Testing Cookbook by Abhinav Singh Advanced...

Read More

Top Ten Ways to Stir the Cyber Pot

I spent a few minutes just now thinking about the digital security issues that people periodically raise on their blogs, or on Twitter, or at conferences. We constantly argue about some of these topics. I don't think we'll ever resolve any of them. If you want to start a debate/argument/flamewar in security, pick any of the following. "Full disclosure" vs "responsible disclosure" vs whatever elseThreat intelligence sharingValue of security certificationsExploit...

Read More

Unrealistic "Security Advice"

I just read a blog post (no need to direct traffic there with a link) that included the following content: This week, I had the opportunity to interview the hacking teams that used zero-day vulnerabilities and clever exploitation techniques to compromise fully patched iPhone 4S and Android 4.0.4 (Samsung S3) and the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the...

Read More

To Be Hacked or Not To Be Hacked?

People often ask me how to tell if they might be victims of state-serving adversaries. As I've written before, I don't advocate the position that "everyone is hacked." How then can an organization make informed decisions about their risk profile? A unique aspect of Chinese targeted threat operations is their tendency to telegraph their intentions. They frequently publish the industry types they intend to target, so it pays to read these announcements....

Read More

Understanding Responsible Disclosure of Threat Intelligence

Imagine you're hiking in the woods one day. While stopping for a break you happen to find a mysterious package off to the side of the trail. You open the package and realize you've discovered a "dead drop," a clandestine method to exchange messages. You notice the contents of the message appear to be encoded in some manner to defy casual inspection. You decide to take pictures of the package and its contents with your phone, then return the items...

Read More

Over Time, Intruders Improvise, Adapt, Overcome

From TaoSecurityToday I read a well-meaning question on a mailing list asking for help with the following statement: "Unpatched systems represent the number one method of system compromise."This is a common statement and I'm sure many of you can find various reports that claim to corroborate this sentiment. I'm not going to argue that point. Why am I still aggravated by this statement then? This sentiment reflects static thinking. It ignores activity...

Read More

Does Anything Really "End" In Digital Security?

Adam Shostack wrote an interesting post last week titled Smashing the Future for Fun and Profit. He said in part: 15 years ago Aleph One published “Smashing the Stack for Fun and Profit.” In it, he took a set of bugs and made them into a class, and the co-evolution of that class and defenses against it have in many ways defined Black Hat. Many of the most exciting and cited talks put forth new ways to reliably gain execution by corrupting memory,...

Read More

Less Thrashing; Better Queries (Part V)

# Using [System.Diagnostics.EventLog] for Powershell 3.0 Beta# Code #Creating $a specific to the 'GetEventLogs()'  # method for [System.Diagnostics.EventLog] $a=[System.Diagnostics.EventLog]::GetEventLogs() $a | gm -s # List the event logs $a # Creating $a as generic to the .NET class; Querying active # Eventlog for a local(or remote?)computer name: $a=[System.Diagnostics.EventLog] $a::GetEventLogs("rmfvpc") $a::GetEventLogs("rmfvpc") | gm -s # Creating $B as the result of mahine...

Read More