SecureSlinger

In November I wrote SEC Guidance Emphasizes Materiality for Cyber Incidents, my thoughts after reading an article by Senator Jay Rockefeller and former DHS Secretary Michael Chertoff. They explained...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

If you've been reading this blog for a while, you know I don't think very highly of mathematical valuations of "risk." I think even less highly of the clowns in the financial sector who call security...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Today I joined a panel held at FOSE chaired by Mischel Kwon and featuring Amit Yoran. One of the attendees asked the following: At another session I heard that "80% of all breaches are preventable."...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

This morning I testified at the U.S.-China Economic and Security Review Commission at a hearing on Developments in China’s Cyber and Nuclear Capabilities. In the picture taken by Mrs Bejtlich...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Fuzzing by Michael Sutton, Adam Greene and Pedram Amini struck me as a good overview of many types of fuzzing techniques. If you read the Amazon.com reviews, particularly the verdict by Chris Gates,...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

I don't hunt security bugs for a living, but I've worked on teams that do and I find the process important to understand. A defender should appreciate the work that an adversary must perform in...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

In late 2009 I reviewed the first edition of The Web Application Hacker's Handbook. It was my runner-up for Best Book Bejtlich Read 2009. Now authors Dafydd Stuttard and Marcus Pinto have returned...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

As you might remember, when I write impressions of a book it means I didn't read the book thoroughly enough (in my mind) to write a review. In that spirit, I read Web Application Security: A...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Amazon.com just published my five star review of SSH Mastery by Michael W. Lucas. From the review: This is not an unbiased review. Michael W. Lucas cites my praise for two of his previous books, and...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Last week I attended RSA 2012 in San Francisco. I believe it was my third RSA conference; I noted on my TaoSecurity News page speaking at RSA in 2011 and 2006. This year I spoke at the Executive...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

A recent issue of the Economist featured an article titled Corporate fraud: Mind your language -- How linguistic software helps companies catch crooks. It offered the following excerpts: To spot...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

I'm pleased to announce that TaoSecurity Blog won Most Educational Security Blog at the 2012 Social Security Bloggers Awards. I attended the event held near RSA and spent time talking with a lot of...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

I'm very pleased to share news of an awesome new book titled Practical Malware Analysis by Michael Sikorski and Andrew Honig. The authors will present a Webinar on their book on Wednesday 29...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

"I want to detect and respond to intruders but I don't know where to start!" This is a common question. Maybe you have a new security role in an organization, or a new service or business in your...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

"I want to detect and respond to intruders but I don't know where to start!" This is a common question. Maybe you have a new security role in an organization, or a new service or business in your...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Five years ago I reviewed the first edition of Network Warrior by Gary A. Donahue. Thank to O'Reilly I can post my "impressions" of the second edition of this great book. Although I read almost all...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Five years ago I reviewed the first edition of Network Warrior by Gary A. Donahue. Thank to O'Reilly I can post my "impressions" of the second edition of this great book. Although I read almost all...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Mark Russinovich and Aaron Margosis have written another awesome addition to the Microsoft Press catalog, Windows Sysinternals Administrator's Reference. Per my policy, because I did not read the...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Mark Russinovich and Aaron Margosis have written another awesome addition to the Microsoft Press catalog, Windows Sysinternals Administrator's Reference. Per my policy, because I did not read the...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Six years ago I reviewed Michal Zalewski's first book, Silence on the Wire. Michal is a security researcher who has consistently created high-quality content for a very long time, so I was pleased...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Six years ago I reviewed Michal Zalewski's first book, Silence on the Wire. Michal is a security researcher who has consistently created high-quality content for a very long time, so I was pleased...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

The toughest question in digital security is "who cares?" The recent Tweet by hogfly (@4n6ir) made me ponder this question. He points to an Aviation Week story by David Fulghum, Bill Sweetman, and...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

The toughest question in digital security is "who cares?" The recent Tweet by hogfly (@4n6ir) made me ponder this question. He points to an Aviation Week story by David Fulghum, Bill Sweetman, and...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

It's time to name the winner of the Best Book Bejtlich Read award for 2011! I've been reading and reviewing digital security books seriously since 2000. This is the 6th time I've formally...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

It's time to name the winner of the Best Book Bejtlich Read award for 2011! I've been reading and reviewing digital security books seriously since 2000. This is the 6th time I've formally...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]