Cause and Effect

Date

A bit of a philosophical question to the reader:  What is the relationship of security defenders to offense/criminals?  I submit the current accepted belief sees us (the defenders) as a reaction to offensive tactics.  More precisely, security folk tend to observe “defense” as an effect of it’s cause …

more ...

stuxnet 2

Date
he suggestion that stuxnet puts forth: If you provide critical infrastructure or resources to a country and/or government you may want to consider yourself on the front lines if another country decides to launch an attack. stuxnet example iraq freedom russian pipeline russian georgian conflict isrealie attacks?

Two examples …
more ...

Clausewitz and Defense in Depth

Date
 I want to introduce and examine Clausewitzian ideas of friction.
In an attempt to explain why the seemingly simple concepts of warfare are actually quite complex Clausewitz(in 1832) suggested a mechanism called ‘friction‘ to help distinguish ’war on paper‘ and ‘real war‘ in a book titled “On War”.  This …
more ...

Utilizing the casebook method

Date

I’m wrapping up Allen Dulles’ book “The Craft of Intelligence“.  The book focuses on the historical context to intelligence agencies however Dulles briefly touched on two methods used in training case officers which resonated with me.

First, he referenced the casebook method.  This is used heavily in law school …

more ...

Bazaar vs Cathedral

Date
Damballa recently released a report entitled The Command Structure of the Aurora Botnet.  It’s a good whitepaper.  I like this section:
… Botnet operators also increasingly trade or sell segments of the botnets they build. Once sold, the owner of the botnet typically deploys a new suite of malware onto …
more ...

Red Team Journal

Date
I have been accepted as a contributing editor for Red Team Journal. rtj focuses on the practice of red teaming, and I will be contributing my knowledge from an information security perspective.
I have been reading rtj for the last 5 months and have enjoyed their articles. I am looking …
more ...

Security Incident Tracking

Date
This is a draft post I just ran across. I’m publishing it “as is” in case it may be useful to someone; sorry for the fragmented post.
Over the last year and a half (and arguably three) years I have been wrapping my head around tracking and reporting of …
more ...

shmoocon 2009 recap

Date
Apparently people actually read my 2008 recap/rant. If you condone such activities then they will continue on.
I sat in fewer talks this year but walked the floor a bit more and met and hung out with folks instead. As always the event ran very smoothly. All the content …
more ...

Beyond operational security

Date
An observation. The detection and response to incidents is regarded as completely operational. I generally introduce myself as “leading a security ops team” as that conveys the right responsibilities to anyone I may be talking to. What are those operations?
  • analyze alerts or escalations
  • create documentation trails (chain of custody …
more ...

Recognizing False Arguments

Date
Change is hard. And improving security will create change. This creates resistance in various ways. One of my favorite types of resistance (eg, most frustrating) is the problem of induction. Let’s create a scenario where you find a gaping vulnerability (say, incorrect firewall rules, SQL injection vulnerability, architecture issues …
more ...