Yoda-in-Star-Wars-Revenge-of-the-Sith

DDOS Trends Changing – More Effective Attack Classes.

I will giving an interview today that the industry has done a poor job in communicating the changes in Denial of Service (DOS) attacks. CERT-FI‘s release of the “Sockstress” details yesterday has a few people confused.  Outpost24 discovered some new TCP state abuse technique which can cause a range of issue on a TCP stack Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

Beware, Liability does roll down hill

In my own work, I mention to my peers how everything has changed in today’s Converged Internet/Global Telecommunications world. Liability and accountability rolls down hill. If something happens where the operator is found at fault, that finding does not stop with the operator. It will ‘roll down hill’ to the vendors and now the auditors. Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

Is the “Full Disclosure” vs “Non-Disclosure” Debate Dead? NOT

I was watching Matthew Watchinski walk through the events and activities behind our Adobe vulnerability this past Feb (see US CERT’s “Adobe Acrobat and Reader Vulnerability TA09-051A“). What struck me about Matt’s talk is a statement he made near the end: “… Full Disclosure vs Non-Disclosure debate is dead. I leaned this because my E-mail Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

Reflections on “X.805” Certification?

While walking through E-mail, doing my morning [[SITREP]], and sipping coffee I was surprise to see a request from a peer asking about X.805 Certification info.  What is “X.805 Certification?” For those who have never run into [[X.805]], it is a [[ITU]] security reference model submitted by Lucent from their security practices team. As seen Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

Understanding “DDOS”

In the operational security community, Distributed Denial of Service (DDOS) is the “gun” used in extortion. Extortion is a human crime – where one group (or individual) preys on another. We mitigate extortion through civic society’s rules (laws) and enforcement (justice system). This dual system of laws and enforcement is further reinforced with education – Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

Highlights of Mobile World Congress 2009

With about 47,000 attendees to the exhibition and conference in Barcelona, Mobile World Congress was quite a vibrant experienced indeed. What was of particular interest to me, was the Internet revolution on mobile- finally! How bringing the Internet (and its related applications such as social networking) has brought a brave new frontier for the mobile Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

Pulling Practices and Techniques from Experience – “Pathetic DDoS vs Security Sites”

Read through Metasploit’s blog titled Pathetic DDoS vs Security Sites. It documents several key steps that many companies do not know with how to mitigate some of the impact of a DDOS attack. In this case we have a DDOS targeting a specific domain – metasploit.com.  Step 1 is to classify the attack. Traffic analysis Read More