Article: Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem - published almost 4 years ago.
Content: PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensiv...
Copy Link: https://taosecurity.blogspot.com/2021/02/digital-offense-capabilities-are.html   
Published: 2021 02 18 15:30:00
Received: 2024 10 18 20:19:28
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: My First Book Is 20 Years Old Today - published 4 months ago.
Content: On this day in 2004, Addison-Wesley/Pearson published my first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection.This post from 2017 explains the differences between my first four books and why I wrote Tao. Today, I'm always thrilled when I hear that someone found my books useful. I am done writing books on security, but I believe the ...
Copy Link: https://taosecurity.blogspot.com/2024/07/my-first-book-is-20-years-old-today.html   
Published: 2024 07 15 13:00:00
Received: 2024 10 11 17:59:03
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: What Are Normal Users Supposed to Do with IDS Alerts from Network Gear? - published about 1 month ago.
Content: Probably once a week, I see posts like this in the r/Ubiquiti subreddit. Ubiquiti makes network gear that includes an "IDS/IPS" feature. I own some older Ubiquiti gear so I am familiar with the product.When you enable this feature, you get alerts like this one, posted by a Redditor:This is everything you get from Ubiquiti.  The Redditor is concerned that the...
Copy Link: https://taosecurity.blogspot.com/2024/10/what-are-normal-users-supposed-to-do.html   
Published: 2024 10 11 17:37:00
Received: 2024 10 11 17:59:03
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: My First Book is 20 Years Old Today - published 4 months ago.
Content: On this day in 2004, Addison-Wesley/Pearson published my first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection.This post from 2017 explains the differences between my first four books and why I wrote Tao. Today, I'm always thrilled when I hear that someone found my books useful. I am done writing books on security, but I believe the ...
Copy Link: https://taosecurity.blogspot.com/2024/07/my-first-book-is-20-years-old-today.html   
Published: 2024 07 15 13:00:00
Received: 2024 07 15 13:04:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: MITRE ATT&CK Tactics Are Not Tactics - published about 4 years ago.
Content: Just what are "tactics"?IntroductionMITRE ATT&CK is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else.The MITRE ATT&CK Design and Philosophy document from March 2020 says the following:At a high-level, ATT&CK is a...
Copy Link: https://taosecurity.blogspot.com/2020/10/mitre-att-tactics-are-not-tactics.html   
Published: 2020 10 23 14:00:00
Received: 2024 07 14 03:04:06
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Retrieving Deleted Files on the Commodore C64 in 1987 - published 6 months ago.
Content: When I was a sophomore in high school, from 1987 to 1988, my friend Paul and I had Commodore C64 computers. There was a new graphical user interface called GEOS that had transformed the way we interacted with our computers. We used the C64 to play games but also write papers for school.One day Paul called me. He was clearly troubled. He had somehow dragged h...
Copy Link: https://taosecurity.blogspot.com/2024/05/retrieving-deleted-files-on-commodore.html   
Published: 2024 05 29 18:42:00
Received: 2024 05 29 19:03:28
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Skill Levels in Digital Security - published over 4 years ago.
Content: Two posts in one day? These are certainly unusual times. I was thinking about words to describe different skill levels in digital security. Rather than invent something, I decided to review terms that have established meaning. Thanks to Google Books I found this article in a 1922 edition of the Archives of Psychology that mentioned four key terms: The ...
Copy Link: https://taosecurity.blogspot.com/2020/03/skill-levels-in-digital-security.html   
Published: 2020 03 27 15:15:00
Received: 2024 03 14 12:46:09
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Seeing Book Shelves on Virtual Calls - published over 4 years ago.
Content: I have a confession... for me, the best part of virtual calls, or seeing any reporter or commentator working for home, is being able to check out their book shelves. I never use computer video, because I want to preserve the world's bandwidth. That means I don't share what my book shelves look like when I'm on a company call. Therefore, I thought I'd shar...
Copy Link: https://taosecurity.blogspot.com/2020/04/seeing-book-shelves-on-virtual-calls.html   
Published: 2020 04 02 23:03:00
Received: 2024 03 14 12:46:08
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: If You Can't Patch Your Email Server, You Should Not Be Running It - published over 4 years ago.
Content: CVE-2020-0688 Scan Results, per Rapid7 tl;dr -- it's the title of the post: "If You Can't Patch Your Email Server, You Should Not Be Running It." I read a disturbing story today with the following news: "Starting March 24, Rapid7 used its Project Sonar internet-wide survey tool to discover all publicly-facing Exchange servers on the Internet and the nu...
Copy Link: https://taosecurity.blogspot.com/2020/04/if-you-cant-patch-your-email-server-you.html   
Published: 2020 04 07 15:28:00
Received: 2024 03 14 12:46:08
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: New Book! The Best of TaoSecurity Blog, Volume 1 - published over 4 years ago.
Content: I'm very pleased to announce that I've published a new book! It's The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice. It's available now in the Kindle Store, and if you're a member of Kindle Unlimited, it's currently free. I may also publish a print version. If you're interested, please tell me on Twitter. ...
Copy Link: https://taosecurity.blogspot.com/2020/05/new-book-best-of-taosecurity-blog.html   
Published: 2020 05 04 15:51:00
Received: 2024 03 14 12:46:08
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: I Did Not Write This Book - published over 4 years ago.
Content: Fake Book  Someone published a "book" on Amazon and claimed that I wrote it! I had NOTHING to do with this. I am working with Amazon now to remove it, or at least remove my name. Stay away from this garbage! Update: Thankfully, within a day or so of this post, the true author of this work removed it from Amazon. It has not returned, at least as far as...
Copy Link: https://taosecurity.blogspot.com/2020/07/i-did-not-write-this-book.html   
Published: 2020 07 16 15:04:00
Received: 2024 03 14 12:46:08
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: New Book! The Best of TaoSecurity Blog, Volume 2 - published about 4 years ago.
Content:  I published a new book!The Best of TaoSecurity Blog, Volume 2: Network Security Monitoring, Technical Notes, Research, and China and the Advanced Persistent ThreatIt's in the Kindle Store, and if you're Unlimited it's free. Print edition to follow.The book lists as having 413 pages (for the Kindle edition at least) at it's almost 95,000 words. I started wor...
Copy Link: https://taosecurity.blogspot.com/2020/09/new-book-best-of-taosecurity-blog.html   
Published: 2020 09 01 12:30:00
Received: 2024 03 14 12:46:08
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Greg Rattray Invented the Term Advanced Persistent Threat - published about 4 years ago.
Content:  I was so pleased to read this Tweet yesterday from Greg Rattray:"Back in 2007, I coined the term “Advanced Persistent Threat” to characterize emerging adversaries that we needed to work with the defense industrial base to deal with... Since then both the APT term and the nature of our adversaries have evolved. What hasn’t changed is that in cyberspace, adva...
Copy Link: https://taosecurity.blogspot.com/2020/10/greg-rattray-invented-term-advanced.html   
Published: 2020 10 10 15:30:00
Received: 2024 03 14 12:46:08
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: MITRE ATT&CK Tactics Are Not Tactics - published about 4 years ago.
Content: Just what are "tactics"?IntroductionMITRE ATT&CK is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else.The MITRE ATT&CK Design and Philosophy document from March 2020 says the following:At a high-level, ATT&CK is a...
Copy Link: https://taosecurity.blogspot.com/2020/10/mitre-att-tactics-are-not-tactics.html   
Published: 2020 10 23 14:00:00
Received: 2024 03 14 12:46:07
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Security and the One Percent: A Thought Exercise in Estimation and Consequences - published about 4 years ago.
Content: There's a good chance that if you're reading this post, you're the member of an exclusive club. I call it the security one percent, or the security 1% or #securityonepercent on Twitter. This is shorthand for the assortment of people and organizations who have the personnel, processes, technology, and support to implement somewhat robust digital security prog...
Copy Link: https://taosecurity.blogspot.com/2020/10/security-and-one-percent-thought.html   
Published: 2020 10 31 20:11:00
Received: 2024 03 14 12:46:07
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: New Book! The Best of TaoSecurity Blog, Volume 3 - published about 4 years ago.
Content:  Introduction I published a new book!The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It's in the Kindle Store, and if you have an Unlimited account, it's free. I also published a print edition, which is 485 pages. Book DescriptionThe book features the followi...
Copy Link: https://taosecurity.blogspot.com/2020/11/new-book-best-of-taosecurity-blog.html   
Published: 2020 11 09 13:30:00
Received: 2024 03 14 12:46:07
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem - published almost 4 years ago.
Content: PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensiv...
Copy Link: https://taosecurity.blogspot.com/2021/02/digital-offense-capabilities-are.html   
Published: 2021 02 18 15:30:00
Received: 2024 03 14 12:46:07
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO - published over 3 years ago.
Content:  What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI've been reading Nicole Perlroth's new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some...
Copy Link: https://taosecurity.blogspot.com/2021/04/the-origins-of-names-taosecurity-and.html   
Published: 2021 04 01 18:00:00
Received: 2024 03 14 12:46:07
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: New Book! The Best of TaoSecurity Blog, Volume 4 - published over 3 years ago.
Content:  I've completed the TaoSecurity Blog book series.The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It's available now for Kindle, and I'm working on the print edition. I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up.I d...
Copy Link: https://taosecurity.blogspot.com/2021/04/new-book-best-of-taosecurity-blog.html   
Published: 2021 04 13 15:00:00
Received: 2024 03 14 12:46:07
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Zeek in Action Videos - published over 3 years ago.
Content: This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project. Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on. I am especially pleased with Video...
Copy Link: https://taosecurity.blogspot.com/2021/07/zeek-in-action-videos.html   
Published: 2021 07 29 18:34:00
Received: 2024 03 14 12:46:07
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: My Last Email with W. Richard Stevens - published over 1 year ago.
Content:  In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens. About a year later I exchanged emails with Mr. Stevens. Here is the last exchange, as forwarded from my AFCERT email address to my home email.From "Capt Richard Bejtlich - Real Time Chief" Mon Sep  6 18:27:35 ...
Copy Link: https://taosecurity.blogspot.com/2023/06/my-last-email-with-w-richard-stevens.html   
Published: 2023 06 25 19:02:00
Received: 2023 06 25 19:02:18
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Bejtlich Skills and Interest Radar from July 2005 - published over 1 year ago.
Content: This is unusual. I found this "skills and interest radar" diagram I created in July 2005. It looks like my attempt to capture and prioritize technical interests. At the time I was about to start consulting on my own, IIRC.Copyright 2003-2020 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)...
Copy Link: https://taosecurity.blogspot.com/2023/06/bejtlich-skills-and-interest-radar-from.html   
Published: 2023 06 25 18:36:00
Received: 2023 06 25 18:42:33
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Key Network Questions - published over 1 year ago.
Content:  I wrote this on 7 December 2018 but never published it until today. The following are the "key network questions" which "would answer many key questions about [a] network, without having to access a third party log repository. This data is derived from mining Zeek log data as it is created, rather than storing and querying Zeek logs in a third party reposit...
Copy Link: https://taosecurity.blogspot.com/2023/06/key-network-questions.html   
Published: 2023 06 25 16:23:00
Received: 2023 06 25 16:43:03
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Core Writing Word and Page Counts - published over 1 year ago.
Content: I want to make a note of the numbers of words and pages in my core security writings.The Tao of Network Security Monitoring / 236k words / 833 pagesExtrusion Detection / 113k words / 417 pagesThe Practice of Network Security Monitoring / 97k words / 380 pagesThe Best of TaoSecurity Blog, Vol 1 / 84k words / 357 pagesThe Best of TaoSecurity Blog, Vol 2 / 96k ...
Copy Link: https://taosecurity.blogspot.com/2023/06/core-writing-word-and-page-counts.html   
Published: 2023 06 25 16:13:00
Received: 2023 06 25 16:22:00
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Cybersecurity Is a Social, Policy, and Wicked Problem - published over 1 year ago.
Content: Cybersecurity is a social and policy problem, not a scientific or technical problem. Cybersecurity is also a wicked problem. In a landmark 1973 article, Dilemmas in a General Theory of Planning, urban planners Horst W. J. Rittel and Melvin M. Webber described wicked problems in these terms:“The search for scientific bases for confronting problems of social p...
Copy Link: https://taosecurity.blogspot.com/2023/06/cybersecurity-is-social-policy-and.html   
Published: 2023 06 25 16:17:00
Received: 2023 06 25 16:22:00
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Happy Birthday TaoSecurity.com - published over 5 years ago.
Content: Nineteen years ago this week I registered the domain taosecurity.com: Creation Date: 2000-07-04T02:20:16Z This was 2 1/2 years before I started blogging, so I don't have much information from that era. I did create the first taosecurity.com Web site shortly thereafter. I first started hosting it on space provided by my then-ISP, Road Runner of ...
Copy Link: https://taosecurity.blogspot.com/2019/07/happy-birthday-taosecuritycom.html   
Published: 2019 07 01 14:00:00
Received: 2023 03 31 15:03:39
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Five Thoughts on the Internet Freedom League - published about 5 years ago.
Content: In the September/October issue of Foreign Affairs magazine, Richard Clarke and Rob Knake published an article titled "The Internet Freedom League: How to Push Back Against the Authoritarian Assault on the Web," based on their recent book The Fifth Domain. The article proposes the following: The United States and its allies and partners should stop worryin...
Copy Link: https://taosecurity.blogspot.com/2019/09/five-thoughts-on-internet-freedom-league.html   
Published: 2019 09 13 15:00:00
Received: 2023 03 31 15:03:39
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Seven Security Strategies, Summarized - published about 5 years ago.
Content: This is the sort of story that starts as a comment on Twitter, then becomes a blog post when I realize I can't fit all the ideas into one or two Tweets. (You know how much I hate Tweet threads, and how I encourage everyone to capture deep thoughts in blog posts!) In the interest of capturing the thought, and not in the interest of thinking too deeply or com...
Copy Link: https://taosecurity.blogspot.com/2019/11/seven-security-strategies-summarized.html   
Published: 2019 11 06 21:10:00
Received: 2023 03 31 15:03:39
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: COVID-19 Phishing Tests: WRONG - published over 4 years ago.
Content: Malware Jake Tweeted a poll last night which asked the following: "I have an interesting ethical quandary. Is it ethically okay to use COVID-19 themed phishing emails for assessments and user awareness training right now? Please read the thread before responding and RT for visibility. 1/" Ultimately he decided: "My gut feeling is to not use COVID-19 theme...
Copy Link: https://taosecurity.blogspot.com/2020/03/covid-19-phishing-tests-wrong.html   
Published: 2020 03 12 13:29:00
Received: 2023 03 31 15:03:39
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: When You Should Blog and When You Should Tweet - published over 4 years ago.
Content: I saw my like-minded, friend-that-I've-never-met Andrew Thompson Tweet a poll, posted above. I was about to reply with the following Tweet: "If I'm struggling to figure out how to capture a thought in just 1 Tweet, that's a sign that a blog post might be appropriate. I only use a thread, and no more than 2, and hardly ever 3 (good Lord), when I know I'v...
Copy Link: https://taosecurity.blogspot.com/2020/03/when-you-should-blog-and-when-you.html   
Published: 2020 03 27 12:54:00
Received: 2023 03 31 15:03:39
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Skill Levels in Digital Security - published over 4 years ago.
Content: Two posts in one day? These are certainly unusual times. I was thinking about words to describe different skill levels in digital security. Rather than invent something, I decided to review terms that have established meaning. Thanks to Google Books I found this article in a 1922 edition of the Archives of Psychology that mentioned four key terms: The ...
Copy Link: https://taosecurity.blogspot.com/2020/03/skill-levels-in-digital-security.html   
Published: 2020 03 27 15:15:00
Received: 2023 03 31 15:03:39
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Seeing Book Shelves on Virtual Calls - published over 4 years ago.
Content: I have a confession... for me, the best part of virtual calls, or seeing any reporter or commentator working for home, is being able to check out their book shelves. I never use computer video, because I want to preserve the world's bandwidth. That means I don't share what my book shelves look like when I'm on a company call. Therefore, I thought I'd shar...
Copy Link: https://taosecurity.blogspot.com/2020/04/seeing-book-shelves-on-virtual-calls.html   
Published: 2020 04 02 23:03:00
Received: 2023 03 31 15:03:39
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: If You Can't Patch Your Email Server, You Should Not Be Running It - published over 4 years ago.
Content: CVE-2020-0688 Scan Results, per Rapid7 tl;dr -- it's the title of the post: "If You Can't Patch Your Email Server, You Should Not Be Running It." I read a disturbing story today with the following news: "Starting March 24, Rapid7 used its Project Sonar internet-wide survey tool to discover all publicly-facing Exchange servers on the Internet and the nu...
Copy Link: https://taosecurity.blogspot.com/2020/04/if-you-cant-patch-your-email-server-you.html   
Published: 2020 04 07 15:28:00
Received: 2023 03 31 15:03:39
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: New Book! The Best of TaoSecurity Blog, Volume 1 - published over 4 years ago.
Content: I'm very pleased to announce that I've published a new book! It's The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice. It's available now in the Kindle Store, and if you're a member of Kindle Unlimited, it's currently free. I may also publish a print version. If you're interested, please tell me on Twitter. ...
Copy Link: https://taosecurity.blogspot.com/2020/05/new-book-best-of-taosecurity-blog.html   
Published: 2020 05 04 15:51:00
Received: 2023 03 31 15:03:39
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: I Did Not Write This Book - published over 4 years ago.
Content: Fake Book  Someone published a "book" on Amazon and claimed that I wrote it! I had NOTHING to do with this. I am working with Amazon now to remove it, or at least remove my name. Stay away from this garbage! Update: Thankfully, within a day or so of this post, the true author of this work removed it from Amazon. It has not returned, at least as far as...
Copy Link: https://taosecurity.blogspot.com/2020/07/i-did-not-write-this-book.html   
Published: 2020 07 16 15:04:00
Received: 2023 03 31 15:03:38
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Happy 20th Birthday TaoSecurity Blog - published almost 2 years ago.
Content: Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you BloggerBlogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security content that was born at the same time, or earlier. Bruce Schneie...
Copy Link: https://taosecurity.blogspot.com/2023/01/happy-20th-birthday-taosecurity-blog.html   
Published: 2023 01 08 15:00:00
Received: 2023 01 08 15:00:24
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Best of TaoSecurity Blog Kindle Edition Sale - published about 2 years ago.
Content:  I'm running a #BlackFriday #CyberMonday sale on my four newest #Kindle format books. Volumes 1-4 of The Best of TaoSecurity Blog will be half off starting 9 pm PT Tuesday 22 Nov and ending 9 pm PT Tueday 29 Nov. They are here.  There also appears to be a daily deal right now for the paperback of Volume 2, 45% off at $8.96. Copyright 2003-2020 Richard Bejtli...
Copy Link: https://taosecurity.blogspot.com/2022/11/best-of-taosecurity-blog-kindle-edition.html   
Published: 2022 11 20 14:30:00
Received: 2022 11 20 14:40:17
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: TaoSecurity on Mastodon - published about 2 years ago.
Content: I am now using Mastodon as a replacement for the blue bird. This is my attempt to verify myself via my blog. I am no longer posting to my old bird account.Copyright 2003-2020 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)...
Copy Link: https://taosecurity.blogspot.com/2022/11/taosecurity-on-mastodon.html   
Published: 2022 11 18 20:35:00
Received: 2022 11 18 20:40:47
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: The Humble Hub - published over 2 years ago.
Content:  Over the weekend I organized some old computing equipment. I found this beauty in one of my boxes. It's a Netgear EN104TP hub. I've mentioned this device before, in this blog and my books. This sort of device was the last of the true hubs. In an age where cables seem reserved for data centers or industrial facilities, and wireless rules the home and office,...
Copy Link: https://taosecurity.blogspot.com/2022/08/the-humble-hub.html   
Published: 2022 08 10 13:30:00
Received: 2022 08 10 13:48:52
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Zeek in Action Videos - published over 3 years ago.
Content: This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project. Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on. I am especially pleased with Video...
Copy Link: https://taosecurity.blogspot.com/2021/07/zeek-in-action-videos.html   
Published: 2021 07 29 18:34:00
Received: 2021 07 29 19:00:40
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Dissecting Weird Packets - published over 5 years ago.
Content: I was investigating traffic in my home lab yesterday, and noticed that about 1% of the traffic was weird. Before I describe the weird, let me show you a normal frame for comparison's sake.This is a normal frame with Ethernet II encapsulation. It begins with 6 bytes of the destination MAC address, 6 bytes of the source MAC address, and 2 bytes of an Ethertype...
Copy Link: https://taosecurity.blogspot.com/2019/05/dissecting-weird-packets.html   
Published: 2019 05 09 14:30:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Know Your Limitations - published over 5 years ago.
Content: At the end of the 1973 Clint Eastwood movie Magnum Force, after Dirty Harry watches his corrupt police captain explode in a car, he says "a man's got to know his limitations."I thought of this quote today as the debate rages about compromising municipalities and other information technology-constrained yet personal information-rich organizations.Several year...
Copy Link: https://taosecurity.blogspot.com/2019/05/know-your-limitations.html   
Published: 2019 05 29 13:55:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Reference: TaoSecurity News - published over 5 years ago.
Content: I started speaking publicly about digital security in 2000. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here.2017 Mr. Bejtlich led a podcast titled Threat Hunting: Past, Present, and Future, in early July 2017. He interviewed four of the original six GE-CIRT ...
Copy Link: https://taosecurity.blogspot.com/2019/07/reference-taosecurity-news.html   
Published: 2019 07 01 12:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Reference: TaoSecurity Research - published over 5 years ago.
Content: I started publishing my thoughts and findings on digital security in 1999. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here.2015 and later: Please visit Academia.edu for Mr. Bejtlich's most recent research.2014 and earlier: Seven Tips for Small Business Security, in the Huff...
Copy Link: https://taosecurity.blogspot.com/2019/07/reference-taosecurity-research.html   
Published: 2019 07 01 12:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Reference: TaoSecurity Press - published over 5 years ago.
Content: I started appearing in media reports in 2000. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here. As of 2017, Mr. Bejtlich generally declines press inquiries on cybersecurity matters, including those on background.2016Mr. Bejtlich was cited in the Forture story Meet the US's F...
Copy Link: https://taosecurity.blogspot.com/2019/07/reference-taosecurity-press.html   
Published: 2019 07 01 12:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Happy Birthday TaoSecurity.com - published over 5 years ago.
Content: Nineteen years ago this week I registered the domain taosecurity.com:Creation Date: 2000-07-04T02:20:16ZThis was 2 1/2 years before I started blogging, so I don't have much information from that era. I did create the first taosecurity.com Web site shortly thereafter.I first started hosting it on space provided by my then-ISP, Road Runner of San Antonio, TX. ...
Copy Link: https://taosecurity.blogspot.com/2019/07/happy-birthday-taosecuritycom.html   
Published: 2019 07 01 14:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Five Thoughts on the Internet Freedom League - published about 5 years ago.
Content: In the September/October issue of Foreign Affairs magazine, Richard Clarke and Rob Knake published an article titled "The Internet Freedom League: How to Push Back Against the Authoritarian Assault on the Web," based on their recent book The Fifth Domain. The article proposes the following:The United States and its allies and partners should stop worrying ab...
Copy Link: https://taosecurity.blogspot.com/2019/09/five-thoughts-on-internet-freedom-league.html   
Published: 2019 09 13 15:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Seven Security Strategies, Summarized - published about 5 years ago.
Content: This is the sort of story that starts as a comment on Twitter, then becomes a blog post when I realize I can't fit all the ideas into one or two Tweets. (You know how much I hate Tweet threads, and how I encourage everyone to capture deep thoughts in blog posts!)In the interest of capturing the thought, and not in the interest of thinking too deeply or compr...
Copy Link: https://taosecurity.blogspot.com/2019/11/seven-security-strategies-summarized.html   
Published: 2019 11 06 21:10:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: COVID-19 Phishing Tests: WRONG - published over 4 years ago.
Content: Malware Jake Tweeted a poll last night which asked the following:"I have an interesting ethical quandary. Is it ethically okay to use COVID-19 themed phishing emails for assessments and user awareness training right now? Please read the thread before responding and RT for visibility. 1/"Ultimately he decided:"My gut feeling is to not use COVID-19 themed emai...
Copy Link: https://taosecurity.blogspot.com/2020/03/covid-19-phishing-tests-wrong.html   
Published: 2020 03 12 13:29:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: When You Should Blog and When You Should Tweet - published over 4 years ago.
Content: I saw my like-minded, friend-that-I've-never-met Andrew Thompson Tweet a poll, posted above.I was about to reply with the following Tweet:"If I'm struggling to figure out how to capture a thought in just 1 Tweet, that's a sign that a blog post might be appropriate. I only use a thread, and no more than 2, and hardly ever 3 (good Lord), when I know I've got n...
Copy Link: https://taosecurity.blogspot.com/2020/03/when-you-should-blog-and-when-you.html   
Published: 2020 03 27 12:54:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Skill Levels in Digital Security - published over 4 years ago.
Content: Two posts in one day? These are certainly unusual times.I was thinking about words to describe different skill levels in digital security. Rather than invent something, I decided to review terms that have established meaning. Thanks to Google Books I found this article in a 1922 edition of the Archives of Psychology that mentioned four key terms:The novice i...
Copy Link: https://taosecurity.blogspot.com/2020/03/skill-levels-in-digital-security.html   
Published: 2020 03 27 15:15:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Seeing Book Shelves on Virtual Calls - published over 4 years ago.
Content: I have a confession... for me, the best part of virtual calls, or seeing any reporter or commentator working for home, is being able to check out their book shelves. I never use computer video, because I want to preserve the world's bandwidth. That means I don't share what my book shelves look like when I'm on a company call. Therefore, I thought I'd share m...
Copy Link: https://taosecurity.blogspot.com/2020/04/seeing-book-shelves-on-virtual-calls.html   
Published: 2020 04 02 23:03:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: If You Can't Patch Your Email Server, You Should Not Be Running It - published over 4 years ago.
Content: CVE-2020-0688 Scan Results, per Rapid7tl;dr -- it's the title of the post: "If You Can't Patch Your Email Server, You Should Not Be Running It."I read a disturbing story today with the following news:"Starting March 24, Rapid7 used its Project Sonar internet-wide survey tool to discover all publicly-facing Exchange servers on the Internet and the numbers are...
Copy Link: https://taosecurity.blogspot.com/2020/04/if-you-cant-patch-your-email-server-you.html   
Published: 2020 04 07 15:28:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: New Book! The Best of TaoSecurity Blog, Volume 1 - published over 4 years ago.
Content: I'm very pleased to announce that I've published a new book!It's The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice. It's available now in the Kindle Store, and if you're a member of Kindle Unlimited, it's currently free. I may also publish a print version. If you're interested, please tell me on Twitter.The book li...
Copy Link: https://taosecurity.blogspot.com/2020/05/new-book-best-of-taosecurity-blog.html   
Published: 2020 05 04 15:51:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: I Did Not Write This Book - published over 4 years ago.
Content: Fake Book Someone published a "book" on Amazon and claimed that I wrote it! I had NOTHING to do with this. I am working with Amazon now to remove it, or at least remove my name. Stay away from this garbage!Update: Thankfully, within a day or so of this post, the true author of this work removed it from Amazon. It has not returned, at least as far as I have s...
Copy Link: https://taosecurity.blogspot.com/2020/07/i-did-not-write-this-book.html   
Published: 2020 07 16 15:04:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: One Weird Trick for Reviewing Zeek Logs on the Command Line! - published over 4 years ago.
Content: Are you a network security monitoring dinosaur like me? Do you prefer to inspect your Zeek logs using the command line instead of a Web-based SIEM?If yes, try this one weird trick!I store my Zeek logs in JSON format. Sometimes I like to view the output using jq.If I need to search directories of logs for a string, like a UID, I might* use something like zgre...
Copy Link: https://taosecurity.blogspot.com/2020/08/one-weird-trick-for-reviewing-zeek-logs.html   
Published: 2020 08 19 15:17:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: New Book! The Best of TaoSecurity Blog, Volume 2 - published about 4 years ago.
Content:  I published a new book!The Best of TaoSecurity Blog, Volume 2: Network Security Monitoring, Technical Notes, Research, and China and the Advanced Persistent ThreatIt's in the Kindle Store, and if you're Unlimited it's free. Print edition to follow.The book lists as having 413 pages (for the Kindle edition at least) at it's almost 95,000 words. I started wor...
Copy Link: https://taosecurity.blogspot.com/2020/09/new-book-best-of-taosecurity-blog.html   
Published: 2020 09 01 12:30:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: The FBI Intrusion Notification Program - published about 4 years ago.
Content: The FBI intrusion notification program is one of the most important developments in cyber security during the last 15 years. This program achieved mainstream recognition on 24 March 2014 when Ellen Nakashima reported on it for the Washington Post in her story U.S. notified 3,000 companies in 2013 about cyberattacks. The story noted the following:"Federal age...
Copy Link: https://taosecurity.blogspot.com/2020/09/the-fbi-intrusion-notification-program.html   
Published: 2020 09 03 15:07:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Greg Rattray Invented the Term Advanced Persistent Threat - published about 4 years ago.
Content:  I was so pleased to read this Tweet yesterday from Greg Rattray:"Back in 2007, I coined the term “Advanced Persistent Threat” to characterize emerging adversaries that we needed to work with the defense industrial base to deal with... Since then both the APT term and the nature of our adversaries have evolved. What hasn’t changed is that in cyberspace, adva...
Copy Link: https://taosecurity.blogspot.com/2020/10/greg-rattray-invented-term-advanced.html   
Published: 2020 10 10 15:30:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: MITRE ATT&CK Tactics Are Not Tactics - published about 4 years ago.
Content: Just what are "tactics"?IntroductionMITRE ATT&CK is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else.The MITRE ATT&CK Design and Philosophy document from March 2020 says the following:At a high-level, ATT&CK is a...
Copy Link: https://taosecurity.blogspot.com/2020/10/mitre-att-tactics-are-not-tactics.html   
Published: 2020 10 23 14:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Security and the One Percent: A Thought Exercise in Estimation and Consequences - published about 4 years ago.
Content: There's a good chance that if you're reading this post, you're the member of an exclusive club. I call it the security one percent, or the security 1% or #securityonepercent on Twitter. This is shorthand for the assortment of people and organizations who have the personnel, processes, technology, and support to implement somewhat robust digital security prog...
Copy Link: https://taosecurity.blogspot.com/2020/10/security-and-one-percent-thought.html   
Published: 2020 10 31 20:11:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: New Book! The Best of TaoSecurity Blog, Volume 3 - published about 4 years ago.
Content:  Introduction I published a new book!The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It's in the Kindle Store, and if you have an Unlimited account, it's free. I also published a print edition, which is 485 pages. Book DescriptionThe book features the followi...
Copy Link: https://taosecurity.blogspot.com/2020/11/new-book-best-of-taosecurity-blog.html   
Published: 2020 11 09 13:30:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem - published almost 4 years ago.
Content: PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensiv...
Copy Link: https://taosecurity.blogspot.com/2021/02/digital-offense-capabilities-are.html   
Published: 2021 02 18 15:30:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO - published over 3 years ago.
Content:  What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI've been reading Nicole Perlroth's new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some...
Copy Link: https://taosecurity.blogspot.com/2021/04/the-origins-of-names-taosecurity-and.html   
Published: 2021 04 01 18:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Article: New Book! The Best of TaoSecurity Blog, Volume 4 - published over 3 years ago.
Content:  I've completed the TaoSecurity Blog book series.The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It's available now for Kindle, and I'm working on the print edition. I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up.I d...
Copy Link: https://taosecurity.blogspot.com/2021/04/new-book-best-of-taosecurity-blog.html   
Published: 2021 04 13 15:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security