Tuesday, August 30, 2005

Sun Tzu on Network Security

I'm a big Sun Tzu fan. I've got a small collection of different translations and interpretations of his work, as well as a few other similar texts. I've also long harbored a secret desire to do an updated infosec interpretation of The Art of War, so when I saw this link, of course I was immediately interested.

Overall, I like this paper. Though I don't agree with all of Mr. Toderick's points, it's well worth a read.

Monday, August 29, 2005

Titan Rain: Scary as it Gets

Are Chinese cyberspies massively hacking US government and military networks? Perhaps. Read this. Then read Richard Bejtlich's take on it.

The theory that the Chinese government is behind this campaign seems very plausible. China has a well documented history of espionage, going back more than 2,000 to the time of Sun Tzu. If you're interested, I'd recommend The Seven Military Classics of Ancient China, Including The Art of War and (far more recently), The Tao of Spycraft: Intelligence Theory and Practice in Traditional China.

Monday, August 22, 2005

A week in the life...

I enjoyed this short piece on what it's like to be part of the F-Secure response team during a global worm outbreak. Glad I'm not them!

PS: 100th post!

PC World profiles professional cybercriminals

PCWorld just published the first of a five part series on the professionalization of crime on the Internet. Looks like a good overview of the subject. Should be an interesting series.

Wednesday, August 03, 2005

LinuxWorld get-together

If you're going to be at LinuxWorld next week in San Francisco, why not drop by and say hi?

Defcon's Wall of Sheep

This is hillarious. People, if you go to a hacker conference, make sure you practice safe computing. I would have thought this was just common sense.

Tuesday, August 02, 2005

How to pwn a planet

Reuters (and many other sources) are reporting that astronomers at CalTech may have been pressured by hackers to reveal their discovery before they had completed their analysis.

I must have missed this statement when I first read about the planet, but I think this is pretty interesting. Apparently attackers had compromised a "secure server" and determined that the astronomers had made this discovery, and threatened to make the information public if the researchers didn't do it themselves. It makes me wonder what they got access to. I'm betting it was email, because I'm not sure I'd buy the idea that they'd be able to make sense of the scientific data itself. Anyone know?