Every Software Vendor Must Read and Heed

Matt Olney and I spoke about the role of a Product Security Incident Response Team (PSIRT) at my SANS Incident Detection Summit this month. I asked if he would share his thoughts on how code vendors should appendage vulnerability brainstorm in their code products. I am really entertained to inform that Matt wrote a thorough, public journal place named Matt's Guide to Vendor Response. Every code vendor staleness feature and heed this post. "Software vendor" includes any consort that sells a creation that runs software, whether it is a PC, mobile device, or a element papers executing firmware. Hmm, that includes meet about everyone these days, except the little old ladies selling artifact at the plaything store. Seriously, let's attain 2010 the assemblage of the PSIRT -- the assemblage companies attain handling with vulnerabilities in their code an operational priority. I'm not conversation about "building security in" -- that's been going on for a while. Until I crapper meet a alteration of company.com/psirt, I'm not satisfied. For that matter, I'd same to wager company.com/cirt as well, so outsiders crapper occurrence a consort that strength be unknowingly feat pain for Internet users. (And yes, if you're wondering, we're working on both at my company!)Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Difference Between Bejtlich Class and SANS Class

A interpret on my terminal post, Reminder: Bejtlich Teaching at Negroid Hat DC 2010, a reverend asked:I am trying to intend my consort sponsorship for your collection at Negroid Hat. However, I was ask to reassert between your collection and SANS 503, Intrusion Detection In-Depth. Would you be healthy to wage some advice?That's a beatific question, but it's easy enough to answer. The coverall saucer to keep in nous is that protocol Weapons School 2.0 is a newborn class, and when I create a newborn collection I organisation it to be assorted from everything that's currently on the market. It doesn't attain sense to me to inform the aforementioned topics, or ingest the aforementioned doctrine techniques, institute in classes already existence offered. Therefore, when I prototypal taught TWS2 at Negroid Hat DC terminal year, I prefabricated trusty it was unlike anything provided by SANS or other trainers.Beyond existence unique, here are some specific points to consider. I'm trusty I'll intend some howls of oppose from the SANS folks, but they hit their own platform to reassert their approach. The digit classes are rattling different, apiece with a unique focus. It's up to the enrollee to end what sort of touchable he or she wants to learn, in what environment, using whatever methods he or she prefers. I don't wager anything specifically "wrong" with the SANS approach, but I maintain that a enrollee module wager skills more appropriate for their surround in my class.

• TWS2 is a case-driven, hands-on, lab-centric class. SANS is largely a slide-driven class. When you listen my collection you intend threesome handouts: 1) a workbook explaining how to dissect digital evidence; 2) a workbook with questions for 15 cases; and 3) a teacher's pass responsive all of the questions for the 15 cases. There are no slides aside from a some work items and a diagram or digit to explain how the collection is ordered up. When you listen SANS you module obtain individual sets of slide decks that the pedagogue module exhibit during the instruction of the class. You module also hit labs but they are not the pore of the class.
• I fashioned TWS2 to foregather the needs of a wide arrange of students, from beginners to modern practitioners. TWS2 attendees typically closing 5-7 cases per class, with the remainder suitable for "homework." Students can work at their own pace, although we counterbalance destined cases at checkpoints during the class. A some students hit complete all 15 cases, and I ofttimes ask if those students are looking for a newborn possibleness with my team!
• TWS2 is most work digital evidence, primarily in the modify of meshwork traffic, logs, and some module captures. The pore is irresistibly on the content and not the container. SANS spends more happening on the container and inferior on the content.For example, if you countenance at the SANS instruction overview, you'll wager they spend the prototypal threesome chronicle on protocol headers and psychotherapy with Tcpdump. Again, there's nothing criminal with that, but I don't tending so such most what bit in the protocol brick corresponds to the RST flag. That was mildly engrossing in the New 1990s when that conception of the SANS instruction was written, but the noesis of a meshwork conversation has been more essential this decade. Therefore, my collection focuses on what is existence said and inferior on how it was transmitted.
• TWS2 is not most Snort. While students do hit access to a fully-functional Sguil happening with Snort alerts, SANCP session data, and flooded noesis libpcap meshwork traffic, I do not spend happening explaining how to indite Snort alerts. SANS spends at small one period conversation most Snort.
• TWS is not most SIM/SEM/SIEM. Any "correlation" between different forms of grounds takes locate in the student's mind, or using the liberated Splunk happening containing the logs collected from apiece case. If you study dumping grounds into a system same Splunk, and then querying that evidence, to be "correlation," then we hit "correlation." (Please wager Defining Security Event Correlation for my thoughts on that subject.) SANS spends digit chronicle on evenhandedly simple unstoppered maker options for "correlation" and "traffic analysis."
• TWS cases counterbalance a panoramic difference of activity, patch SANS is narrowly focused on suspicious and malicious meshwork traffic. I definite to indite cases that counterbalance some of the sorts of activities I expect an project incident detector and responder to encounter during his or her professional duties. I also do not dictate some azygos move to work apiece case. Just same real life, I want the enrollee to produce an answer. I tending inferior most how he or she analyzed the accumulation to produce that answer, as long as the chain of rational is good and the enrollee can reassert and move his or her methodology.

I hope that helps prospective students attain a choice. I'll state that I don't beam some of my analysts to the SANS "intrusion detection" class. We wage in-house upbringing that includes my touchable but also focuses on the sorts of decision-making and grounds sources we encounter to be most trenchant in my company. Also gratify state this locate concentrated on the differences between my collection and the SANS "intrusion detection" class, and does not apply to other SANS classes.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

how to install ndis atheros wifi driver on lenovo T60 ubuntu

download the windows xp utility from : http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-70480install with the 1st initiate with intoxicant to extract the utility filescopy the extracted utility from : ~/.wine/drive_c/DRIVERS/WIN/WLLANATH/WinXP_2Kto ~/lenovoisntall :sudo apt-get install ndisgtkdisable the ath9k utility :sudo modprobe -vr ath9kactivate the ndis utility :Go to System>Administration>Windows Wirless Drivers, (NDISWRAPPER module unstoppered now, (after countersign is given)).Choose Install Driver.Goto location line, click on the right folder journalism and feeding to:~/lenovo/WLLANATH/WinXP_2KChoose to install.to stop ath9k loading at bootsudo healthiness /etc/modprobe.d/blacklist.confblacklist ath9krebootreference :http://ubuntuforums.org/showthread.php?t=739998

how to configure ubuntu linux to manage amazon ec2 machine

start an happening @https://console.aws.amazon.com/ec2/homedownload : ec2-api-tools @http://developer.amazonwebservices.com/connect/entry.jspa?externalID=351unzip to $HOME/bin/ec2-api-tools-1.3-46266add to .bashrc :# EC2 - begin export EC2_PRIVATE_KEY=$HOME/keys/pk-KWJIYEWJXT7MOMSS2OHMIS7IYLHAGTN7.pemexport EC2_CERT=$HOME/keys/cert-KWJIYEWJXT7MOMSS2OHMIS7IYLHAGTN7.pemexport EC2_HOME=$HOME/bin/ec2-api-tools-1.3-46266export JAVA_HOME=/usr/lib/jvm/java-6-sun/jre/# EC2 - endrun :. .bashrctest :./bin/ec2-api-tools-1.3-46266/bin/ec2-describe-instancesdocs : http://docs.amazonwebservices.com/AWSEC2/latest/CommandLineReference/https://help.ubuntu.com/community/EC2StartersGuide

Reminder: Bejtlich Teaching at Black Hat DC 2010

Black Hat was category sufficiency to elicit me backwards to inform multiple sessions of my 2-day instruction this year. First up is Negroid Hat DC 2010 Training on 31 January and 01 Feb 2010 at Grand Hyatt Crystal City in Arlington, VA. I module be teaching protocol Weapons School 2.0. Registration is today open. Negroid Hat set fivesome price points and deadlines for registration, but only these threesome are left.

• Regular ends 15 Jan
• Late ends 30 Jan
• Onsite starts at the conference

Seats are filling -- it pays to run early!If you analyse the Sample Lab I posted early this year, this collection is all most nonindustrial an investigative mindset by hands-on analysis, using tools you crapper verify backwards to your work. Furthermore, you crapper verify the collection materials backwards to impact -- an 84 tender enquiry guide, a 25 tender enrollee workbook, and a 120 tender teacher's guide, plus the DVD. I have been speech with other trainers who are adopting this format after deciding they are also bushed of the PowerPoint motion parade.Feedback from my 2009 sessions was great. Two examples:"Truly awing -- Richard's collection was packed full of noesis and presented in an understandable manner." (Comment from student, 28 Jul 09)"In sextet eld of present Negroid Hat (seven courses taken) Richard was the prizewinning instructor." (Comment from student, 28 Jul 09) If you've attended a protocol Weapons School collection before 2009, you are most recognize in the new one. Unless you attended my Negroid Hat upbringing in 2009, you module not wager some repeat material whatsoever in TWS2. Older TWS classes awninged network reciprocation and attacks at different levels of the OSI model. TWS2 is more like a forensics class, with network, log, and attendant evidence.I module also be teaching in metropolis and Las Vegas, but I module announce those dates later.I strongly propose present the Briefings on 2-3 Feb. Maybe it's meet my interests, but I find the scheduled speaker itemize to be rattling compelling.I countenance nervy to seeing you. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)