Since Defcon...

Sorry for the complete lack of updates from me since Defcon. I've had plenty to write up, share, and rant about (as is my want), but I'm in somewhat of a tenuious circumstance regarding my blogging, so I figure better safe than sorry, and thus I'm keeping my comments to a minimum. Hopefully some of the other Minds will pick up the slack. We shall see.

At least we're learning

I've spent the past few days taking the SANS 504 course: Hacking Techniques, Exploits, and Incident Handling. I was lucky enough to have the course creator, Ed Skoudis, as my course instructor. I don't know if I know anyone who seems to have Ed's combination of breadth and depth in the information security field. I guess that's how you become one of the senior handlers at the SANS Internet Storm Center.

I plan on doing a write up of my class and what the Vulnerable Minds have been up to for the past few weeks. A short update:

• I've been in training, busy at work, and abusing Yahoo Pipes, something I'll write more about later.
  
• Bacchus has stopped reading anything but Snort alerts, which made Bacon a bit anxious so I think he's trying to make up some new encrypted communication channel. I may help with that a bit.
  
• ev3 has been reversing everything she gets her hands on including, I'm pretty sure, her reversing tools.
  
• No one's really sure what Narc, GPmidi, Norris, or LogicX have been doing, but thats prolly a good thing.
  
• Saijak seems to have forgotten how to use a computer, though with good reason.

Regardless we're all all getting stoaked for Defcon and various Minds will be making it out there Thursday and Friday. We'll be in the Riveria and around various places. More about our plans to come.

By the way check out Ed's incident handler challenges, fun stuff.

AACS takes a hit.

About a week ago, muslix64 gave a short video clip on YouTube of a PoC program he coded up and ran that would remove AACS protection from the likes of HD-DVD and Blu-Ray. (It was a very well produced video, I might add.) YouTube has since removed it "at the request of copyright owner Warner Bros. Entertainment Inc. because its content was used without permission." Of course, WB probably has a bigger problem on their hands than content being used without permission... ;)

As promised, muslix64 has now put his source code online. You can read about it here.

Not to be too direct

In fact, it's downright indirect, though technically a redirect. You may have noticed (or may have not) that if you go to http://vulnerableminds.blogspot.com it now redirects you to the http://blog.vulnerableminds.com domain. This was thanks to a nice little tutorial from the fine folks at Blogger and a lot of DNS muckry on the part of yours truly.

Vulnerable Minds has grown a little bit, first with the addition of my sporadically collaborating Bloggers Alice, Steve, and Tim, and secondly with the expansion of Vulnerable Minds, not just simply as a blog, but hopefully an information security think tank in the vein of the Shmoo, the Ghetto Hackers, and Last Stage of Delirium. In the future we hope to provide more research, tools, and the general information security goodness that we all love.

If you're interested in more than navigate over to http://www.vulnerableminds.com and see whats available. To start I have a few things from the past, two papers by myself one of which I was lucky enough to collaborate with the formidable Sean Coyne. That paper may be worth a read as the two of us are gearing up for a new project, the beginnings of which will be on the site soon. Also it's the place to keep up on whats coming up from the various VM kids, and these kids should be in the smart class.

So keep an eye on both pages, it should be a fun ride.

New Names and New Opinions

For those of you who actually read my site in its browser form you may have noticed some changes recently. From me to us, from mine to ours, from a personal profile to a list of contributors.

After a lot of consideration I've decided to change Vulnerable Minds into a group blog from my sole place on the web, a decision I've been wavering on for a long time, but think I'm ready for at this point. I have a number of associates with good things to say, who's opinions I'm happy to support and put out in the wide world.

The idea of Vulnerable Minds was began as a group, a small collection of young, ambitious, future leaders of the field, banding together to share ideas, work on projects, and generally have a good time. I'm happy to see Vulnerable Minds is heading back towards that, and look forward to seeing what's coming in the future.

So first up I'd like to welcome Alice Chang and Timothy Martin.

So is H.D. Moore the InfoSec Gretsky?

Richard Bejtlich made one of his more fascinating posts today talking about the breakdown between offensive and defensive information security professionals, using an apt analogy about hockey.

Now I'm not much of a hockey player (though I did play lacrosse, the sport hockey was derived from), but most of his points, at least on the surface, made a lot of sense. I'm going to take over night to let it roll around and decide what I think, but I already posted a quick response in the comments section.

Give it a look, leave me your thoughts, and I'll be back with more sometime tomorrow.

Old Posts Return

I reposted a couple of my old posts from my past blog. I figure I've been doing this 9 months, and for one I should be happy with at least a couple of things I wrote, and second it seems crazy for my new blog to only have 2 posts to it.

They're labeled under historic, feel free to give them a look. They did make me realize how infrequently I posted, something I hope not to do with this new blogging opportunity.

Enjoy...

Before you start reading me...

...you should know who I read.

These are my influences, opinions I largely trust, or I'm at least interested in, who I think are worth hearing, even when they're wrong. These are the people I'll comment on, debate, and recommend. In many ways they're also people at the level I aspire to. (Please note, I'm an information security guy, you're gonna notice a pattern in that regard.)

My Noteworthy Infosec Reading List:

• Matasano Chargen: Possibly more than anyone else on this list (and it's a pretty good list) the guys at Matasano are the best example of where I want to be in a few years. Well, I'd like to be there right now but I think it's gonna take some time. Informed, opinionated, recognized, these guys run their consulting firm scoring some of the sweetest projects, working with some very smart people, and on their own terms. Not to mention they're fellow Mac fans.
• TaoSecurity: I've actually met Richard once, though I never spoke with him directly, a pleasure I hope to have since he lives in the same area. In addition he works in the same area, both of us are involved with Network Security Monitoring (NSM), and there's no denying that Richard is one of the foremost people in the field, and easily up for being the most noteworthy tied only with Marty Rosche.
• Security Sauce: Well I mentioned Marty already so it seems natural to bring up how much I enjoy his blog. As someone who's using intrusion detection systems everyday, and Snort is by far my favorite among them, I've gotta keep up with what this leader in the field is up to. Even if it's just starting at the sky (jk Marty, I enjoyed my astronomy class quite a bit).
• Hexblog: Reverse engineering is something I know very little about. Of the few things I do know one is that IDA Pro is the way to go. Also it's author, Ilfak Guilfanov is one of the smartest people out there when it comes to reversing, C++, and the guts of the Windows OS. Not a high volume poster, Ilfak's posts are usually worth waiting for.
• Add/XOR/ROL: Another noteworthy reverser, with very similar posting habits, Halvar Flake has to be on the list. Witty, and he'll make your binary applications bleed.
• Daily Dave: Love it or hate it, and lately many people have loved to hate it, Daily Dave is a place where many of the movers and shakers in infosec hang out. Dave Aitel is one smart mammajamma, and he's got a very smart collection of friends (and detractors) who frequent his list.
  
• Technobabylon: Here's the surprise one, even to me. I'm not a big fan of EEye. I'm not really into their products, their tools are marginal, their research never rocks my world on the whole, and I've heard many a very comment about their questionable ethics. I also just kinda hate when security research is done by 500 machines running fuzzers. I just think there's supposed to be more art to it. Regardless Ross Brown's blog is a pleasure to read. He's quite well informed, modest, and has great style.
• IATAC IA Digest: IATAC is a Booz Allen Hamilton consulting group that does vulnerability research and digital threat analysis for the Department of Defense. Most of that research doesn't get released, much to my chagrin, but they do publish this RSS feed that has links daily to 20 to 30 must read infosec articles. Kind of them.
• Symantecs Security Response Weblog: Of all the vendor weblogs, and I'm subscribed to quite a few, this one of the only one's (along with LURHQ, though that's been silent lately) that doesn't sound like a marketing campaign pretending to be a blog. A number of very smart people post to it, usually insightful, rarely plugging some product. Kind of nice to see a corporate blog that's not just for show.

Well that's it for now. That is of course far short of my whole OPML file. There are many personal blogs, other companies, lots of Apple and general technology related news. Also when al3x requested I write this post, which seemed a very good first post of a new blog, he only asked for security stuff.

Enjoy.