SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, March 6, 2010

Making a Point with Pressure Points

Posted on 1:33 PM by Unknown
Imagine you're a martial arts student. One day you have a guest instructor, accompanied by some of his black belts. They're experts in so-called "pressure point fighting." You've heard a little of this system, whereby practitioners can knock out adversaries with a series of precise strikes that lack the power of a brute-force approach. Until today you've had no direct experience. You may be skeptical, or maybe you believe such techniques are possible.

The seminar starts. You watch the guest instructor explain his techniques. He starts knocking out his black belts. Maybe you believe what you see, or maybe you don't. Then the instructor asks for volunteers, and several of your fellow students agree. The instructor knocks them all out, including a student you really trust to not "take a fall" to make the guest "look good." You ask the student "what happened?" and he replies "that dude knocked me out!"

Next the black belts fan out through the class to help teach pressure point techniques. They ask you if you want to get knocked out with a three-strike technique, or if you just want to feel disoriented with a two-strike technique. You decide you're a believer at this point, but you want to see what it feels like to receive a two-strike technique. Sure enough, two rapid strikes later, you're wondering what happened but are still conscious. That's all you need to believe; you're glad you're not lying on the floor, out cold!

The class ends. Several bystanders were watching through the studio's windows. Some of them are laughing. They think the whole class was fake, a joke, or stupid. Some witnesses are curious. They believe what they saw and want to know more. A few ask questions. Others mumble to themselves incoherently, probably intoxicated or mentally ill.

One of the students decides to talk to a famous yet local news reporter about his experience. This widely-read newspaper reports the story the next day, attracting a lot of attention.

With a wider audience, an extended discussion takes place about this pressure-point fighting activity.

One company conducts a Webcast and a spokesperson says "my mom used to knock me out with a frying pan when I was a kid!" He also says there's no difference between pressure-point fighting and getting punched in the face.

Another company decides to register a domain name called "pressurepointfighting.biz" and starts talking about how it works, applying what they know from Western boxing. This misses the mark but uninformed observers can't really tell the difference.

A third company jumps on the pressure point fighting bandwagon, issuing supposedly original research, inventing its own analysis, and integrating the technique into its marketing material. It turns out someone at the company had a confidential agreement with the original pressure point fighting instructor, but unilaterally decided to take a few pages out of his notebook and run to the market to make a fast buck.

A fourth company knows a lot about pressure point fighting. It writes original reporting based on its experience. Critics claim this company is just offering marketing based on the new craze.

Reaction to the news among those without direct experience is mixed, as might be expected.

Some readers are martial artists themselves. They fear being irrelevant. They are afraid their skills are not sufficient. They decide to ridicule anyone who participated in the seminar, or who has knowledge.

Some readers distrust authority. They think these techniques are just a government conspiracy to justify additional police powers. The only reason anyone is talking about such affairs is their need to get greater budgets for their oppressive police powers, man!

Some readers think the whole affair is "fear, uncertainty, and doubt" (FUD). Who could knock out a person by hitting a few pressure points? It's all a lie, or just the latest craze. It must be fake.

Some readers have been learning and practicing pressure point fighting for the last several years. They know it isn't a joke, and it is real. Also, some readers without experience realize they should learn more about pressure point fighting. That knowledge could save their lives, or the lives of those close to them. These like-minded people communicate privately, since the public arenas are now clogged with too many false discussions.

Aside from the fact that advanced persistent threat is an adversary, and not a fighting technique, this story explains the last 6 weeks of APT activity in the security industry. Not all factors are included, but enough to make my point.

Incidentally, the pressure point class is true, at least as far as the class content is described.
Email ThisBlogThis!Share to XShare to Facebook
Posted in apt | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • SANS WhatWorks Summit in Forensics and Incident Response
    I wanted to remind everyone about the SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. The Agenda looks gre...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • Sguil 0.7.0 on Ubuntu 9.10
    Today I installed a Sguil client on a fresh installation of Ubuntu 9.10. It was really easy with the exception of one issue I had to troubl...
  • Microsoft Updates MS09-048 to Show XP Vulnerable to 2 of 3 CVEs
    Microsoft published a Major Revision of MS09-048 to show that Windows XP Service Pack 2 and Windows XP Service Pack 3* are now Affected So...
  • Understanding Responsible Disclosure of Threat Intelligence
    Imagine you're hiking in the woods one day. While stopping for a break you happen to find a mysterious package off to the side of the t...
  • Embedded Hardware and Software Pen Tester Positions in GE Smart Grid
    I was asked to help locate two candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetr...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...
  • Human Language as the New Programming Language
    If you've read the blog for a while you know I promote threat-centric security in addition to vulnerability-centric security. I think ...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ▼  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ▼  March (16)
      • GE-CIRT Joins FIRST
      • Bejtlich in April Wired Magazine
      • Bejtlich Returns to PaulDotCom Podcast
      • Ways to Justify Security Programs: 13 Cs
      • Forget ROI and Risk. Consider Competitive Advantage
      • Time and Cost to Defend the Town
      • Guest Post on SecureThinking about Cyber Shockwave
      • Verizon Incident Sharing Framework
      • Bejtlich Keynote at VizSec 2010
      • Bejtlich OWASP Podcast Posted
      • Traffic Talk 10 Posted
      • Einstein 3 Coming to a Private Network Near You?
      • Making a Point with Pressure Points
      • Keeping FreeBSD Applications Up-to-Date in BSD Mag...
      • Bejtlich Teaching at Black Hat EU and USA 2010
      • Bejtlich to Speak at FIRST 2010
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile