All Reading Is Not Equal or Fast

Four years ago I posted Reading Tips, where I offered some ideas on how to read technical books.Recently I've received emails and questions via Twitter on the same subject. In this post I'd like to offer another perspective. Here I will introduce different "types of reading." In other words, I don't see all reading as equal, and what some people might call "reading," I don't consider to be reading at all!After reading this post you may find you...

Read More

Review of Hacking Exposed: Web Applications, 3rd Ed

Amazon.com just published my four star review of Hacking Exposed: Web Applications, 3rd Ed by Joel Scambray, Vincient Liu, and Caleb Sima. From the review:This is the third Hacking Exposed: Web Applications (HE:WA) book I've reviewed, having reviewed the second edition in 2006 and the first edition in 2002. While I gave the earlier editions each five stars, I don't think HE:WA3E quite meets my expectations of a five star web application security...

Read More

Review of iOS Forensic Analysis Posted

Amazon.com just posted my three star review of iOS Forensic Analysis by Sean Morrissey. From the review:I've read many forensics books over the last decade and written one as well. I believe that iOS Forensic Analysis (IFA) offers some useful information, but the manner in which the author presents it is not as effective as it could be. If the author were to write a second edition that structures the material in the way I recommend, I believe it...

Read More

Review of Computer Incident Response and Product Security Posted

Amazon.com just published my three star review of Computer Incident Response and Product Security by Damir Rajnovic. From the review:When I first learned that Cisco Press was publishing a book about product security (Computer Incident Response and Product Security, or CIRAPS), I was excited to see what they might create. Cisco's Product Security Incident Response Team (PSIRT) is one of the best in the industry, with a long history and mature processes....

Read More

Review of pfSense: The Definitive Guide Posted

Amazon.com just posted my five star review of pfSense: The Definitive Guide by Christopher M. Buechler and Jim Pingle and published by Reed Media. From the review:I have to admit that pfSense: The Definitive Guide (pTDG) caught me off guard. I expected the book to mainly discuss installing and using the pfSense firewall appliance, which would have been enough for me to enjoy the book. However, I was pleased to see coverage of many issues related...

Read More

Mini-Review of The Book of Pf Posted

Because I wrote a three star review of the first edition of The Book of Pf by Peter N.M. Hansteen, Amazon.com won't allow me to write a review of the second edition. So, I added the following comment to my old review indicating that I think the second edition deserves four out of five stars:Amazon won't allow me to write a review of the second edition of this book, so I'm adding this comment. I'm pleased to say that I believe the author accepted...

Read More

Review of Kingpin Posted

Amazon.com just posted my four star review of Kingpin by Kevin Poulsen. I read this book by checking it out of my library! From the review:I've read and reviewed almost all of the non-fiction computer crime and espionage books written since the 1980s. Kingpin by Kevin Poulsen is one of my favorites. I will recommend this book to fellow digital security professionals and those who would like insights into our world. Kingpin's coverage of Max Ray...

Read More

Report on Declarations of War

Similar to my post Report on Instances of US Forces Abroad, I again thank Steven Aftergood for his post No-Fly Zones: Considerations for Congress. He points to a new report titled Declarations of War and Authorizations for the Use of Military Force: Historical Background and Legal Implications (.pdf). This is a good resource for those trying to determine what is war, what isn't war, and what happens in each situation. From the report summary:From...

Read More

Requesting Comments on Open Information Security Foundation

Thank you to anyone who voted for me to join the board of the Open Information Security Foundation. They are most famous for their Suricata intrusion detection engine, but I expect additional outputs as time passes. I appreciate those of you who supported my goal to join their board. I will try to provide fair and useful input to the project.I believe we will have our first board phone call next week. Are there any issues you would like me to...

Read More

Initial Thoughts on RSA "APT" Announcement

Today RSA's Art Coviello announced the following:Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA...Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related...

Read More

Bejtlich Joining MANDIANT as CSO and Security Services Architect

In June 2007 I posted that I was joining General Electric as Director of Incident Response. Since then I helped build and lead GE-CIRT from an "army of one" into a team of 40 analysts. It was an honor and a privilege to work with my team, but today I am announcing that I've accepted a new challenge.Effective 1 April I will be Chief Security Officer and Security Services Architect for MANDIANT, where I will build teams, tools, and capabilities to...

Read More

Report on Instances of US Forces Abroad

Thanks to Steven Aftergood's post Instances of US Forces Abroad I learned of a new Congressional Research Service report of the same name -- Instances of Use of United States Armed Forces Abroad, 1798-2010 (pdf). From the introduction:Eleven times in its history the U.S. has formally declared war against foreign nations. These eleven U.S. war declarations encompassed five separate wars: the war with Great Britain declared in 1812; the war with Mexico...

Read More

Bejtlich Teaching Special Session of TCP/IP Weapons School at GTEC DC

Through a custom arrangement with Black Hat I am pleased to announce that I will teach a special session of TCP/IP Weapons School 3.0 at the Government Technology Expo & Conference (GTEC) on Tuesday 31 May and Wednesday 1 June 2011 in Washington, DC. The conference organizers set the price for my class at $2200. I am not sure if the price increases as we get closer to the class date. This is a good opportunity for people in the DC area to...

Read More

Experts Talk US-China Security Issues, Part 2

Several weeks ago I attended an outstanding one day conference by the Jamestown Foundation titled China Defense & Security 2011. The conference consisted of a series of speakers discussing various aspects of US-China national defense and security. Only one speaker concentrated on digital (or "cyber," love that word) items. The rest dealt with a wide range of topics. I took several pages of notes that I thought my benefit those not in attendance....

Read More

Experts Talk US-China Security Issues, Part 1

Several weeks ago I attended an outstanding one day conference by the Jamestown Foundation titled China Defense & Security 2011. The conference consisted of a series of speakers discussing various aspects of US-China national defense and security. Only one speaker concentrated on digital (or "cyber," love that word) items. The rest dealt with a wide range of topics. I took two pages of notes that I thought my benefit those not in attendance....

Read More

Review of Cyber Attacks Posted

Amazon.com just posted my three star review of Cyber Attacks by Edward Amoroso. From the review:Writing a book isn't easy, especially when you're trying to develop a framework and solutions that apply to a topic as vast as protecting national infrastructure. I applaud Dr Amoroso's efforts in Cyber Attacks, but I fear he is solving yesterday's problems with yesterday's answers. This book might have been more relevant in 2006 when one could have plausibly...

Read More

Bejtlich Teaching Two Sessions at Black Hat USA 2011

In January I taught the first TCP/IP Weapons School 3.0 class at Black Hat DC 2011. This is a completely new class written from the ground up. I'm very pleased with how it has developed and the students enjoyed the new content. For example, one of the feedback comments was the following:"I felt that the pace and level of difficulty was well managed, and the defense-then-offense aspect was a great way to learn!"I'm happy to announce that registration...

Read More