Monday, November 30, 2009

ubuntu linux - utils for perfect desktop install

sudo apt-get establish gnome-do or [// awn]sudo apt-get establish rxvtsudo apt-get establish yakuakesudo apt-get establish byobu

Quick Drop-Down Terminal With Yakuake

Quick Drop-Down Terminal With Yakuakehttp://lifehacker.com/309652/quick-drop+down-terminal-with-yakuake

Sunday, November 29, 2009

how to convert video to flv & wmv with ffmpeg on ubunu linux

ffmpeg -i file.mpeg -f flv -b 1200kb file.flvffmpeg -i file.mpeg -vcodec wmv2 -b 1200kb file.wmv

how to convert video to flv with ffmpeg on ubunu linix

ffmpeg -i file.mpeg -f flv -b 1200kb file.flv

how to convert video to flv & wmv with ffmpeg on ubunu linux

ffmpeg -i file.mpeg -f flv -b 1200kb file.flvffmpeg -i file.mpeg -vcodec wmv2 -b 1200kb file.wmv

how to convert video to flv with ffmpeg on ubunu linix

ffmpeg -i file.mpeg -f flv -b 1200kb file.flv

Saturday, November 28, 2009

how to convert video to flv with ffmpeg on ubunu linix

ffmpeg -i file.mpeg -f flv -b 1200kb file.flv

Celebrate FreeBSD 8.0 Release with Donation

With the declaration of FreeBSD 8.0, it seems like a beatific instance to donate to the FreeBSD Foundation, a US 501(c)3 charity. The Foundation funds and manages projects, sponsors FreeBSD events, Developer Summits and provides movement grants to FreeBSD developers. It also provides and helps maintain computers and equipment that support FreeBSD development and improvements. I meet donated $100. Will anyone correct me? Thank you!Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Friday, November 27, 2009

Historical Video on AFCERT circa 2000

I just uploaded a recording that whatever readers might find entertaining. This recording shows the United States Air Force Computer Emergency Response Team (AFCERT) in 2000. buffoon AFB, Security Hill, and Air Intelligence Agency appear. The colonel who leads the camera gathering into shack 215 is James Massaro, then commander of the Air Force Information Warfare Center. The old Web-based programme to the Automated Security Incident Measurement (ASIM) device is shown, along with a demo of the "TCP reset" capability to terminate TCP-based sessions. We hit a classic excerpt most a "digital Pearl Harbor" from Winn Schwartau, "the nation's crowning information section analyst." Hilarious, though Winn nails the attribution and domestic activity problems; state also the references to terrorists in this pre-9/11 video. "Stop the profession madness!" Incidentally, if the programs shown were "highly classified," they wouldn't be in this video!I was motion for the AFCERT when this recording was shot, so luckily I am not seen anywhere...Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Thursday, November 26, 2009

Tort Law on Negligence

If whatever lawyers poverty to contribute to this, gratify do. In my post Shodan: Another Step Towards Intrusion as a Service, whatever comments claim "negligence" as a think why intruders aren't really to blame. I thought I would deal this housing from Tort Law, page 63:In Stansbie v Troman [1948] 2 All ER 48 the claimant, a householder, employed the defendant, a painter. The claimant had to be abstracted from his concern for a patch and he mitt the litigator working there alone. Later, the litigator went out for digit hours leaving the face entranceway unlocked. He had been warned by the claimant to hair the entranceway whenever he mitt the house. While the concern was empty someone entered it by the unlocked face entranceway and stole whatever of the claimant's posessions. The litigator was held susceptible for the claimant's expiration for, though the criminal state of a ordinal band was involved, the existence of thieving from an unlocked concern was one which should hit occurred to the defendant.So, the master was liable. However, that doesn't let the thief off the hook. If the personnel encounter the thief, they module still arrest, prosecute, and immure him. The master won't serve conception of the thief's slammer time, modify though the master was held susceptible in this case. So, modify in the prizewinning housing scenario for those claiming "negligence" for vulnerable systems, it doesn't minify the intruder's persona in the crime.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Review of Martin Libicki's Cyberdeterrence and Cyberwar

Amazon.com just posted my threesome star review of histrion Libicki's Cyberdeterrence and Cyberwar. I've reproduced the review in its completeness here because I conceive it is essential to spread the articulate to some contract maker who strength read this blog or be directed here. I've stressed a some points for readability.As background, I am a former Air Force captain who led the intrusion spotting operation in the AFCERT before applying those aforementioned skills to clannish industry, the government, and another sectors. I am currently answerable for spotting and salutation at a Fortune 5 consort and I train others with hands-on labs as a Negroid Hat instructor. I also attained a master's honor in open contract from Harvard after graduating from the Air Force Academy.Martin Libicki's Cyberdeterrence and Cyberwar (CAC) is a weighty discussion of the contract considerations of digital accumulation and attack. He is understandably conversant in non-cyber domestic section story and policy, and that knowledge is probable to benefit readers unfamiliar with Cold War epoch concepts. Unfortunately, Libicki's demand of effective section experience undermines his discussion and conclusions. The danger for Air Force leaders and those fascinated in contract is that they module not recognize that, in some cases, Libicki does not see what he is discussing. I module administer lessons from direct experience with digital section to argue that Libicki's framing of the "cyberdeterrence" problem is foolish at prizewinning and chanceful at worst.Libicki's discussion suffers fivesome key flaws. First, in the Summary Libicki states "cyberattacks are doable exclusive because systems hit flaws" (p xiii). He continues with "there is, in the end, no unnatural entry in cyberspace... It is exclusive a modest deceit to feature that organizations are undefendable to cyberattack exclusive to the extent they poverty to be. In no another field of warfare crapper such a evidence be made" (p. xiv). I suppose, then, that there is "no unnatural entry" when a soldier destroys a entranceway with a rocket, because the owners of the antiquity are undefendable "to the extent they poverty to be"? Are bomb carriers similarly undefendable to hypersonic cruise missiles because "they poverty to be"? How most the human embody vs bullets?Second, Libicki's mortal discernment of digital vulnerability is compounded by his ignorance of the persona of vendors and assist providers in the section equation. Asset owners crapper do everything in their noesis to indorse their resources, but if an covering or feat has a alteration it's probable exclusive the vendor or assist bourgeois who crapper fix it. Libicki frequently refers to sys admins as if they hit cerebration powers to completely see and protect their environments. In reality, sys admins are mostly concerned most availability alone, since they are ofttimes outsourced to the minimal bidder and contract-focused, or inadequate to do anything more than ready the lights on.Third, this "blame the victim" attitude is compounded by the completely foolish notions that accumulation is cushy and feat from intrusion is simple. On p 144 he says "much of what militaries crapper do to minimize alteration from a cyberattack crapper be finished in days or weeks and with some resources." On p 134 he says that, mass cyberattack, "systems crapper be ordered straight painlessly." Libicki has understandably never worked in a section or IT shop at some level. He also doesn't revalue how such the expeditionary relies on noncombatant stock from everything to logistics to base needs aforementioned electricity. For example, on p 160 he says "Militaries mostly do not hit customers; thus, their systems hit lowercase need to be adjoining to the open to accomplish set functions (even if right connections are essential in structure not ever appreciated)." That is plainly wrong when digit realizes that "the public" includes contractors who design, build, and run key expeditionary capabilities.Fourth, he makes a simulated secernment between "core" and "peripheral" systems, with the former controlled by users and the later by sys admins. He says "it is hornlike to cooperation the set in the aforementioned fine artefact twice, but the bound is ever at risk" (p 20). Libicki is apparently unmindful that digit set cyberspace resource, BGP, is essentially at constant venture of rank disruption. Other set resources, DNS and SSL, hit been unbelievably abused during the terminal some years. All of these are known problems that are repeatedly exploited, despite knowledge of their weaknesses. Furthermore, Libicki doesn't actualise that so-called grave systems are ofttimes more fragile that individual systems. In the actual world, grave systems ofttimes demand change direction windows, or are hard regulated, or are simply old and not well maintained. What's easier to reconfigure, patch, or replace, a "core" grouping that dead cannot be disrupted "for business needs," or a "peripheral" grouping that belongs to a desk worker?Fifth, in constituent to not discernment defense, Libicki doesn't see offense. He has no idea how intruders conceive or the skills they edit to the arena. On pp 35-6 he says "If decent expenditures are prefabricated and pains are taken to bonded grave networks (e.g., making it impracticable to edit operative parameters of electric organisation networks from the outside), not modify the most clever coder could fortuity into such a system. Such a development is not impossible." Yes, it is impossible. Thirty eld of computer section story hit shown it to be impossible. One reason ground he doesn't see intruders appears on p 47 where he says "private hackers are more probable to ingest techniques that hit been circulating throughout the coder community. While it is not impracticable that they hit managed to create a new utilise to verify plus of a still uncharted vulnerability, they are implausible to hit more than one." This problematic evidence shows Libicki doesn't revalue the power ordered of the underground.Libicki concludes on pp cardinal and xix-xx "Operational terrorism has an essential status role, but exclusive that... The United States and, by extension, the U.S. Air Force, should not attain strategic terrorism a antecedency assets area... cyberdefense relic the Air Force's most essential land within cyberspace." He also claims it is not doable to "disarm" cyberwarriors, e.g., on p 119 "one neutral that terrorism cannot hit is to disarm, such less destroy, the enemy. In the epilepsy of physical combat, terrorism cannot lead to the occupation of territory." This pore on accumulation and avoiding choler is dangerous. It haw not be doable to disable a country's possibleness for cyberwar, but an opponent crapper certainly target, disrupt, and modify defeat cyberwarriors. Elite cyberwarriors could be likened to thermonuclear scientists in this respect; verify discover the scientists and the whole information suffers.Furthermore, by avoiding offense, Libicki makes a grave mistake: if terrorism has exclusive a "niche role," how is a land questionable to protect itself from cyberwar? In Libicki's world, accumulation is affordable and easy. In the actual world, the prizewinning accumulation is 1) conversant by offense, and 2) integrated with opprobrious actions to direct and stop opponent opprobrious activity. Libicki also focuses farther too such on terrorism in isolation, while real-world terrorism has historically attended kinetic actions.Of course, aforementioned some good consultant, Libicki leaves himself an discover on p 177 by stating "cyberweapons become relatively cheap. Because a disrespectful cyberattack haw assist or enlarge physical dealings and because an effective terrorism aptitude is relatively inexpensive (especially if the Air Force crapper investment investments in CNE), an opprobrious terrorism aptitude is worth developing." The danger of this foolish tract is that contract makers module be swayed by Libicki's misinformed assumptions, arguments, and conclusions, and conceive that accumulation lonely is a decent pore for 21st century digital security. In reality, a kinetically weaker opponent crapper investment a cyber move to weaken a kinetically crack still net-centric adversary. History shows, in all theatres, that defense does not get wars, and that the prizewinning accumulation is a good offense.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

install google chrome on linux

Download the woman installed from :http://dev.chromium.org/getting-involved/dev-channel

Wednesday, November 25, 2009

Shodan: Another Step Towards Intrusion as a Service

If you haven't seen Shodan yet, you're probably not using Twitter as a means to meet underway on security issues. Shoot, I don't modify follow anyone and I heard most it. Basically a technologist named Evangelist Matherly scanned a Brobdingnagian track of the Internet for destined TCP ports (80, 21, 23 at least) and publicised the results in a database with a pleasant Web front-end. This means you can put your nous in Google hacking mode, find undefendable platforms, maybe add in whatever choice passwords (or not), and verify over someone's system. We're several steps along the Intrusion as a Service (IaaS) line already!Incidentally, this idea is not new. I undergo at small one consort that sold a service same this in 2004. The difference is that Shodan is liberated and unstoppered to the public. Shodan is a dream for those wanting to spend Thanksgiving looking for undefendable boxes, and a situation for their owners. I would not be surprised if shodan.surtri.com disappears in the incoming some life after receiving a call or digit from TLAs or LEAs or .mil's. I prognosticate a mad vex by intruders during the incoming 24-48 hours as they ingest Shodan to locate, own, and bonded boxes before others do.Matt Franz asked beatific questions most this site in his place Where's the Controversy most Shodan? Personally I conceive Shodan module disappear. Many module debate that business aggregation most systems is not a problem. We center similar arguments from people defending sites that publicize torrents. Personally I don't hit a difficulty with Shodan or stream sites. From a individualized responsibility supply it would hit been pleasant to delay notification of Shodan until after Thanksgiving.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

how to add/remove www. from domain name in .htaccess

to add/remove www. with mod writing :cd public_htmlvim .htaccess# vanish wwwRewriteEngine OnRewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]RewriteRule ^(.*)$ http://%1/$1 [R=301,L]# append wwwRewriteEngine OnRewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

I'm Surprised That Your Kung Fu Is So Expert

This news is so awesome. Hacks of Chinese Temple Were Online Kung Fu, Abbot SaysA coder who posted a fake communication on the Web site of China's famous Shaolin Temple repenting for its advertizement activities was meet making a stingy joke, the temple's archimandrite was cited as locution by Chinese land media Monday.That and previous attacks on the Web site were spoofs making recreation of the temple, faith and the archimandrite himself, Shi Yongxin was cited as telling the People's Daily."We every undergo Shaolin Temple has kung fu," Shi was quoted as saying. "Now there is kung fu on the Internet too, we were hacked three nowadays in a row."Why am I not astonied that a Shaolin religious has a better grasp of the principle of computer section than some people in IT?Bonus: Props to anyone who recognizes the title of this post.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Tuesday, November 24, 2009

Control "Monitoring" is Not Threat Monitoring

As I indite this locate I'm reminded of General Hayden's advice: "Cyber" is arduous to understand, so be charitable with those who don't understand it, as substantially as those who claim "expertise."It's essential to remember that plentitude of grouping are disagreeable to act in a constructive manner to defend essential assets, so in that fiber I substance the mass commentary.Thanks to Evangelist Bambanek's SANS locate I feature bureau Drafts Cybersecurity Guidance by InformationWeek's J. Nicholas Hoover. The article discusses the latest organisation of SP 800-37 Rev. 1: DRAFT Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. I suspected this to be questionable presented NIST's arts partiality towards "controls," which I've criticized in Controls Are Not the Solution to Our Problem and Consensus Audit Guidelines Are Still Controls. The subtext for the article was:The National Institute for Standards and Technology is urging the polity to continuously guardian its own cybersecurity efforts.As presently as I feature that, I knew that NIST's definition of "monitor" and the article's definition of "monitor" did not mean the real variety of monitoring, threat monitoring, that would attain a disagreement against recent adversaries.The article continues:Special Publication 800-37 fleshes discover sextet steps federal agencies should verify to face cybersecurity: categorization, state of controls, implementation, assessment, authorization, and continuous monitoring...Finally, and perhaps most significantly, the writing advises federal agencies to locate constant monitoring in place. Software, firmware, hardware, operations, and threats modify constantly. Within that flux, section needs to be managed in a organic way, doc says."We requirement to recognize that we work in a very dynamic operational environment," doc says. "That allows us to hit an ongoing and continuing espousal and understanding of risk, and that current selection may modify our intellection on whether current controls are sufficient."The constant venture management travel strength allow use of automated organisation scanning tools, vulnerability scanning, and intrusion spotting systems, as substantially as putting in locate processes to guardian and update section counselling and assessments of grouping section requirements. Note that the preceding book mentions "intrusion spotting systems," but the rest of the book has null to do with real monitoring, i.e., sleuthing and responding to intrusions. I'm not meet conversation most network-centric approaches, by the artefact -- infrastructure, host, log, and other sources are all real monitoring, but this is not what bureau effectuation by "monitoring."To understand NIST's view of monitoring, essay datum the newborn draft. I'll insert my comments.APPENDIX GCONTINUOUS MONITORINGMANAGING AND TRACKING THE SECURITY STATE OF INFORMATION SYSTEMSA grave characteristic of managing venture from aggregation systems involves the constant monitoring of the section controls engaged within or inherited by the system.65[65 A constant monitoring aggregation within an methodicalness involves a assorted ordered of activities than Security Incident Monitoring or Security Event Monitoring programs.]So, it sounds same activities that refer actually watching systems are not within scope for "continuous monitoring."Conducting a complete point-in-time categorization of the deployed section controls is a needed but not decent aggregation to shew section cod diligence. An trenchant organizational aggregation section aggregation also includes a rigorous constant monitoring aggregation integrated into the grouping utilization chronicle cycle. The neutral of the constant monitoring aggregation is to determine if the ordered of deployed section controls move to be trenchant over time in light of the fateful changes that occur.That sounds ok so far. I same the intent of evaluations to determine if controls are trenchant over time. In the incoming section beneath we get to the heart of the problem, and ground I wrote this post.An trenchant organization-wide constant monitoring aggregation includes:̢ۢ Configuration management and curb processes for organizational aggregation systems;̢ۢ Security effect analyses on actual or proposed changes to organizational aggregation systems and environments of operation;67̢ۢ Assessment of selected section controls (including system-specific, hybrid, and ordinary controls) supported on the organization-defined constant monitoring strategy;68̢ۢ Security position news to appropriate organizational officials;69 and̢ۢ Active position by authorizing officials in the current management of aggregation system-related section risks.Ok, where is danger monitoring? I wager organisation management, "control processes," news position to "officials," "active position by authorizing officials," and so on.The incoming section tells me what bureau rattling considers to be "monitoring":Priority for security curb monitoring is presented to the controls that hit the reatest irresolution and the controls that hit been identified in the organization̢۪s organisation of state and milestones...[S]ecurity policies and procedures in a particular methodicalness may not be probable to modify from one year to the next... Security controls identified in the organisation of state and milestones are also a antecedency in the constant monitoring process, cod to the fact that these controls hit been deemed to be ineffective to some degree. Organizations also study limited danger aggregation including famous attack vectors (i.e., limited vulnerabilities misused by danger sources) when selecting the set of section controls to guardian and the oftenness of such monitoring...Have you broken the cipher yet? Security curb monitoring is a deference activity. Granted, this is an transformation from the typical certification and accreditation debacle, where "security" is assessed via paperwork exercises every three years. Instead, .gov deference teams module perform so-called "continuous monitoring," meaning more regular checks to wager if systems are in compliance. Is this rattling an improvement? I don't conceive so. bureau is absent the point. Their move advocates Control-compliant security, not field-assessed security. Their "scoreboard" is the termination of a deference audit, not the sort of systems low opponent curb or the turn of data exfiltrated or degraded by the adversary.I don't care how substantially your antitank "controls" are informed by offense. If you don't hit a Computer Incident Response Team performing constant threat monitoring for spotting and response, you don't know if your controls are working. The bureau writing has a few hints most the correct approach, at best, but the eld of the so-called "monitoring" counselling is added deference activity.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Sunday, November 22, 2009

Audio of Bejtlich Presentation on Network Security Monitoring

One of the presentations I delivered at the Information Security Summit terminal month discussed Network Security Monitoring. The Security Justice guys transcribed frequence of the show and posted it here as Network Security Monitoring and Incident Response. The frequence file is InfoSec2009_RichardBejtlich.mp3.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Saturday, November 21, 2009

Traffic Talk 8 Posted

I meet detected that my 8th edition of Traffic Talk, titled How to use user-agent strings as a meshwork monitoring tool, was posted this week. It's a simple construct that plenty of NSM practitioners implement, and I highly propose it.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Tuesday, November 17, 2009

how to download youtube videos in ubuntu linux

sudo apt-get establish youtube-dlyoutube-dl -b -l "link to youtube video" [or: youtube-dl -b -t "link to youtube video"]

Extending Security Event Correlation

Last year at this time I wrote a series of posts on section circumstance correlation. I offered the mass definition in the test post:Security circumstance reciprocity is the impact of applying criteria to accruement inputs, mostly of a contingent ("if-then") nature, in order to generate actionable accruement outputs.Since then what I hit institute is that products and people still claim this as a goal, but for the most part achieving it remains elusive.Please also see that terminal place for what SEC is not, i.e., SEC is not only assemblage (of accruement sources), normalization (of accruement sources), prioritization (of events), quelling (via thresholding), accruement (via ultimate incrementing counters), centralization (of policies), summarization (via reports), administration (of software), or deputation (of tasks).So is SEC anything else? Based on some effective uses I hit seen, I conceive I can safely inform an extension to "true" SEC: applying aggregation from one or more accruement sources to develop environment for added accruement source. What does that mean?One example I saw fresh (and this is not specially new, but it's definitely useful), involves NetWitness 9.0. Their newborn NetWitness Identity duty adds user obloquy collected from Active Directory to the meta accruement acquirable patch work network traffic. Analysts can choose to review sessions based on user obloquy kinda than meet using maker IP addresses. This is sure not an "if-then" proposition, as oversubscribed by SIM vendors, but the continuance of this move is clear. I hope my ingest of the word "context" doesn't apply to much arts section case to this conversation. I'm not talking about making IDS alerts more useful by lettered the qualities of a direct of server-side attack, for example. Rather, to take the case of a computer side move scenario, envisage exchange the maker IP with the land "Bulgaria" and the direct IP with "Web computer hosting Application X" or similar. It's a different way for an analyst to conceive about an investigation.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Saturday, November 14, 2009

how to accelerate firefox performance

http://about:confighttp.max*Set network.http.max-connections to 96Set network.http.max-connections-per-server to 32Set network.http.max-persistent-connections-per-server to 8pipelining*Set network.http.pipelining to trueSet network.http.proxy.pipelining to trueSet network.http.pipelining.ssl to trueSet network.http.pipelining.maxrequests to 8browser.tabs.tabMinWidth = 25

Embedded Hardware and Software Pen Tester Positions in GE Smart Grid

I was asked to help locate digit candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetration Tester (1080237) and an Embedded Firmware Penetration Tester (1080236). If interested, see for the indicated employ numbers at ge.com/careers or go to the employ place to intend to the see duty a little faster.I don't hit some another aggregation on these jobs, so please work finished the employ site. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Friday, November 13, 2009

how to overcome "argument list too long" error o tar and other commands

find . -name "*.txt" -print | bitumen -zcvf BAK/0001.tgz --files-from -

how to configure samba & squid with wizards in ubuntu linux

sudo apt-get establish gadmin-tools

Thursday, November 12, 2009

How to configure ubuntu linux terminal to fast scrolling : aterm & wterm

sudo apt-get establish atermaterm -fg yellow -bg black -geometry 128x50 -fn "8x13" -si -sr -sk -sl 4000time seq -f 'teeeeeeeeeeeeeeeeeeeeeeeeeeeeeest %g' 1000000sudo apt-get establish wtermwterm -fg yellow -bg black -geometry 128x50 -fn "8x13" -si -sr -sk -sl 4000time seq -f 'teeeeeeeeeeeeeeeeeeeeeeeeeeeeeest %g' 1000000

Wednesday, November 11, 2009

Reaction to 60 Minutes Story

I institute the new 60 Minutes update on information struggle to be interesting. I fear that the speaking over whether or not "hackers" unfit Brazil's electrical installation module command the real supply presented in the story: advanced persistent threats are here, have been here, and module move to be here. Some critics verify APT must be a bogey Negro invented by agencies arguing over how to gain greater curb over the citizenry. Let's accept agencies are arguing over turf. That doesn't stingy the threat is not real. If you refuse to accept the threat exists, you're simply naif of the facts. That might not be your fault, given policymakers' qualifying unwillingness to speak out. If you poverty to intend more facts on this issue, I recommend the biochemist Grumman report I mentioned terminal month.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Vip Surfer

Sunday, November 8, 2009

Notes from Talk by Michael Hayden

I had the distinct privilege to attend a keynote by old Air Force General archangel Hayden, most recently CIA administrator and previously NSA director. NetWitness brought Gen Hayden to its individual word this week, so I was rattling entertained to attend that event. I worked for Gen Hayden when he was commander of Air Intelligence Agency in the 1990s; I served in the information warfare intellection sectionalization at that time.Gen Hayden offered the conference quaternary main points in his talk.
  • "Cyber" is arduous to understand, so be charitable with those who don't see it, as substantially as those who verify "expertise." Cyber is a domain same another warfighting domains (land, sea, air, space), but it also possesses unique characteristics. Cyber is man-made, and operators crapper edit its geographics -- even potentially to destroy it. Also, cyber conflicts are more likely to modify another domains, whereas it is theoretically doable to fight an "all-air" battle, or an "all-sea" battle.
  • The evaluate of modify for profession far exceeds the evaluate of modify for policy. Operator activities escape our knowledge to remember them. "Computer network defense (CND), exploitation (CNE), and move (CNA) are operationally indistinguishable." Gen Hayden compared the rush to amend and deploy profession to consumers and organizations to the realty rushes of the late 1890s. When "ease of use," "security," and "privacy" are weighed against apiece other, ease of ingest has traditionally dominated. When making policy, what should apply? Title 10 (military), Title 18 (criminal), Title 50 (intelligence), or planetary law?Gen Hayden asked what clannish organizations in the US reassert their own ballistic arm defense systems. None of course -- meaning, why do we expect the clannish sector to indorse itself against cyber threats, on a "point" basis?
  • Cyber is arduous to discuss. No one wants to speech most it, especially at the domestic level. The agency with the most aptitude to indorse the commonwealth suffers because it is both info and powerful, two characteristics it needs to be effective. The public and policymakers (rightfully) discredit info and coercive organizations.
  • Think same info officers. I should hit expected this, coming from the most important info tar of our age. Gen Hayden says the first discourse he asks when temporary private companies to consult on cyber issues is: who is your info officer? Gen Hayden offered advice for those with an info mindset who wage advice to policymakers. He said intel officers are tralatitious inductive thinkers, play with indicators and nonindustrial facts, from which they create general theories. Intel officers are ofttimes demoralised and graphic because they care with operational realities, "as the concern is."Policymakers, on the another hand, are ofttimes deductive thinkers, play with a "vison," with facts at the another modify of their thinking. "No one elects a politician for their bidding of the facts. We elect politicians who hit a vision of where we should be, not where we are." Policymakers are ofttimes pollyannaish and idealistic, hunting at their modify goal, "as the would should be."When these two concern views meet, feature when the intel tar briefs the policymaker, the termination crapper be jarring. It's up to the intel tar to figure discover how to inform findings in a way that the policymaker crapper colligate to the facts.
  • After the embattled remarks I asked Gen Hayden what he intellection of threat-centric defenses. He said it is not outside the realm of possibility to hold giving clannish organizations the right to more aggressively indorse themselves. Private forces already action protect duties; personnel forces don't carry the full charge for preventing crime, for example.Gen Hayden also discussed the developments which led from expeditionary ingest of expose power to a separate Air Force in 1947. He said "no one in cyber has unsuccessful the Ostfriesland yet," which was a enthusiastic analogy. He also says there are no highbrowed equivalents to bandleader designer or Apostle Nitze in the cyber intellection landscape.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
    Vip Surfer

    DojoCon Videos Online

    Props to Marcus Carey for springy streaming talks from DojoCon. I appeared in my keynote, nonnegative panels on incident response and darken security. I intellection the word was excellent and some grouping posted their thoughts to #dojocon on Twitter.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
    Vip Surfer

    Thursday, November 5, 2009

    How To Promote A Proxy Site

    Creating proxy sites seem to be pretty popular these days. Thousands of people use them every day and there is certainly a proliferation of free proxy scripts available to webmasters who are looking to start one. But due to this fact it is pretty difficult to become a big fish in the sea of proxies. So let’s get down to the point – how do you successfully promote a new proxy site? Here are five tips that will help you beat the competition.

    1. List your site on proxy.org and other directories. Proxy.org is the biggest proxy directory online and you can receive a sizable amount of traffic if you have yours listed with them. Don’t ignore the smaller directories, however, because you can still receive good traffic from them.
    2. Advertise on game arcade sites. A large chunk of proxy users, like students and company employees, use proxies to play games on arcade sites or browse social networking sites, sense those are usually the type of site that get blocked. By advertising on these sites you are getting your name out to your potential audience.
    3. Get a dedicated server. Proxies take up a lot of bandwidth and system resources, so most shared hosting providers do not allow their clients to run proxies. You do not want to start getting traffic to your new site only to have your hosting provider shut you down because of a violation of their terms. Do it right from the start.
    4. Advertise using a MySpace profile. I know, you’re thinking ugh. But it works, and traffic is traffic. Create a MySpace profile and get a bunch of friends. Have your site link displayed prominently on your profile page and occasionally send out messages to all of your friends telling them of your proxy. Just remember to abide by MySpace’s TOS. MySpace promotion is a shady area, especially if you start getting into friend adder robots and such.
    5. Make it simple. People come to proxies for one reason – to surf other websites. So make it easy for them to do. Have your form that takes in the URL that the user wishes to visit displayed front and center. There is no need to have a lot of clutter. Honestly, all you probably need is a quick blurb about your proxy, an adsense block above your form and one below it, and that’s it.

    Proxies tend to come and go fast. Take yours into the big league by building a solid, simple site hosted on a dedicated server and promoting the hell out of it. You may initially be wary about having to plunk down $99 to $140 a month on a dedicated server, but it won’t do you any good if after a month your hosting account gets shut down.

    If you follow the tips above you will get lots of traffic, fast, so you’ll quickly need the power of a dedicated host. And with traffic comes revenue potential. Stay tuned for my next article which will show show you how to beat the notoriously low click through rates of proxy sites and make a profit!

    Tuesday, November 3, 2009

    Tentative Speaker List for SANS Incident Detection Summit

    Thanks to everyone who attended the Bejtlich and Bradley Webcast for SANS yesterday. We transcribed that Webcast (audio is today available) to start a communicating concerning professed incident detection.I'm entertained to publish the following unsettled utterer itemize for the SANS WhatWorks in Incident Detection Summit 2009 on 9-10 Dec in Washington, DC. We'll publish every of this information, nonnegative the biographies for the speakers, on the list site, but I desired to deal what I hit with you.Day One (9 Dec)
    • Keynote: Daffo Gula
    • Briefing: Network Security Monitoring dev+user: Bamm Visscher, David Bianco
    • Panel: CIRTs and MSSPs, moderate by Rocky DeStefano: archangel Cloppert, Nate Richmond, Jerry Dixon, President Hudak, Matt Richard, Jon Ramsey
    • Cyberspeak Podcast live during meal with Bret Padres and Ovie Carroll
    • Briefing: Bro introduction: man Hall
    • Panel: Enterprise meshwork spotting tools and tactics, potentially with a temporary moderator: Daffo Shaffer, Matt Olney, Nate Richmond, Matt Jonkman, archangel Rash, Andre Ludwig, Tim Belcher
    • Briefing: Snort update: histrion Roesch
    • Panel: Global meshwork spotting tools and tactics: Stephen Windsor, peer Zmijewski, Andre' M. Di Mino, Matt Olney, Jose Nazario, Joe Levy
    • Panel: Commercial section info service providers, moderated by Mike Cloppert: Gunter Ollmann, Rick Howard, Dave Harlow, Jon Ramsey, Wade Baker
    • Evening clas: Advanced Analysis with Matt Richard
    Day Two (10 Dec)
    • Keynote: Tony Sager
    • Briefing: Memory psychotherapy dev+user: ballplayer Walters, Brendan Dolan-Gavitt
    • Panel: Detection using logs: Jesus Torres, Nate Richmond, archangel Rash, Matt Richard, Daffo Gula, J. saint Valentine, Alex Raitz
    • Panel: Network Forensics: Tim Belcher, Joe Levy, histrion Roesch, Ken Bradley
    • Briefing: Honeynet Project: Brian Hay, archangel Davis
    • Panel: Unix and Windows tools and techniques: archangel Cloppert, Apostle Mullen, Kris Harms
    • Panel: Noncommercial section info service providers, moderated by Mike Cloppert: Andre' M. Di Mino, Jerry Dixon, Ken Dunham, Andre Ludwig, Jose Nazario
    • Panel: Commercial host-centric spotting and psychotherapy tools: Dave Merkel, Daffo Gula, Alex Raitz
    I'm thankful to hit these excellent speakers and panel participants on board for this event. If you run and pay tuition by next Wednesday, 11 Nov, you'll spend $250. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
    Vip Surfer