FUG-BR / Grupo Brasileiro de Usuarios de FreeBSD - Todas Categorias
 
15.07  
Inicio arrow Todas Categorias
Principal
Inicio
Noticias
Artigos
Regras da Lista
Assinar a Lista
Histrico da Lista
Forum
Keyserver
PC-BSD: Artigos
PC-BSD: Notcias
Galeria de Imagens
Contador Usurios FUG
FUGs Estaduais
Downloads
Enquetes
FAQ
Resumo do Site
Links
Pesquisar
Contato
Sobre a FUG-BR
RSS / Twitter
-
DOC-BR (FUG BR)
Introduo
Projeto DOC-BR
Handbook
FAQ Oficial
-
+ Noticias
Alertas de Seguranca
Alertas em Ports
BSD em Geral
DaemonNews (Ingles)
MyFreeBSD
Todas Categorias
-
Login
Nome de Usurio

Senha

Lembrar login
Esqueceu sua senha?
Sem conta? Crie uma


Todas as Categorias de Noticas Externas
Links Aqui voce encontra todas as categorias de fontes de noticas extenras. Algumas destas fontes sao usadas pela nossa equipe como referencia para noticias.
 
[Voltar]
FUG-BR - Espalhando BSD
Dicas Rpidas:

Precisando transferir arquivo rápido via LAN? Utilize o netcat.
servidor# nc -l PORTA > /tmp/transferido.tar.gz
cliente# nc IP PORTA < /tmp/atransferir.tar.gz
 






Wallpapers
Fontes Externas
FreeBSD Multimedia Resources List FreeBSD Multimedia Resources
bsdtalk - DragonFlyBSD 2.8 with Matthew Dillon - MP3 version

DragonFlyBSD 2.8 with Matthew Dillon - MP3 version
From: bsdtalk
Tags: bsdtalk, interview, meetbsd, meetbsd2010, dragonflybsd, matthew dillon, mp3
Interview from MeetBSD California 2010 with Matthew Dillon about the recent 2.8 release of DragonFlyBSD. More information at http://www.dragonflybsd.org/

bsdtalk - DragonFlyBSD 2.8 with Matthew Dillon - Ogg version

DragonFlyBSD 2.8 with Matthew Dillon - Ogg version
From: bsdtalk
Tags: bsdtalk, interview, meetbsd, meetbsd2010, dragonflybsd, matthew dillon, ogg
Interview from MeetBSD California 2010 with Matthew Dillon about the recent 2.8 release of DragonFlyBSD. More information at http://www.dragonflybsd.org/

bsdtalk - PC-BSD 9 Alpha with Kris Moore - MP3 version

PC-BSD 9 Alpha with Kris Moore - MP3 version
From: bsdtalk
Tags: bsdtalk, interview, pc-bsd, meetbsd, meetbsd2010, kris moore, mp3
Interview from MeetBSD California 2010 with Kris Moore. We talk about the new alpha snapshot of PC-BSD 9. More information at http://blog.pcbsd.org/

bsdtalk - PC-BSD 9 Alpha with Kris Moore - Ogg version

PC-BSD 9 Alpha with Kris Moore - Ogg version
From: bsdtalk
Tags: bsdtalk, interview, pc-bsd, meetbsd, meetbsd2010, kris moore, ogg
Interview from MeetBSD California 2010 with Kris Moore. We talk about the new alpha snapshot of PC-BSD 9. More information at http://blog.pcbsd.org/

bsdtalk - The mg text editor with Kjell Wooding - MP3 version

The mg text editor with Kjell Wooding - MP3 version
From: bsdtalk
Tags: bsdtalk, interview, mg, kjell wooding, mp3
Interivew with Kjell Wooding. We talk about the mg text editor. More information can be found in the OpenBSD man page: http://www.openbsd.org/cgi-bin/man.cgi?query=mg

bsdtalk - The mg text editor with Kjell Wooding - Ogg version

The mg text editor with Kjell Wooding - Ogg version
From: bsdtalk
Tags: bsdtalk, interview, mg, kjell wooding, ogg
Interivew with Kjell Wooding. We talk about the mg text editor. More information can be found in the OpenBSD man page: http://www.openbsd.org/cgi-bin/man.cgi?query=mg

bsdtalk - PC-Sysinstall with John Hixson - MP3 version

PC-Sysinstall with John Hixson - MP3 version
From: bsdtalk
Tags: bsdtalk, interview, pc-sysinstall, pc-bsd, john hixson, mp3
Interview with John Hixson. We talk about his work on PC-Sysinstall, the PC-BSD installer and possible alternative to the FreeBSD sysinstall.

bsdtalk - PC-Sysinstall with John Hixson - Ogg version

PC-Sysinstall with John Hixson - Ogg version
From: bsdtalk
Tags: bsdtalk, interview, pc-sysinstall, pc-bsd, john hixson, ogg
Interview with John Hixson. We talk about his work on PC-Sysinstall, the PC-BSD installer and possible alternative to the FreeBSD sysinstall.

bsdtalk - MeetBSD California 2010 - MP3 version

MeetBSD California 2010 - MP3 version
From: bsdtalk
Tags: bsdtalk, interview, meetbsd, meetbsd2010, matt olander, james nixon, mp3
Interview with Matt Olander and James T. Nixon. We talk about MeetBSD California 2010. More information at http://www.meetbsd.com/

bsdtalk - MeetBSD California 2010 - Ogg version

MeetBSD California 2010 - Ogg version
From: bsdtalk
Tags: bsdtalk, interview, meetbsd, meetbsd2010, matt olander, james nixon, ogg
Interview with Matt Olander and James T. Nixon. We talk about MeetBSD California 2010. More information at http://www.meetbsd.com/

TaoSecurity Richard Bejtlich's blog on digital security, strategic thought, and military history.
Updated PhD Thesis Title

Yesterday I posted Latest PhD Thesis Title and Abstract. One of my colleagues Ben Buchanan subsequently contacted me via Twitter and we exchanged a few messages. He prompted me to think about the title.

Later I ruminated on the title of a recent book by my advisor, Dr. Thomas Rid. He wrote Cyber War Will Not Take Place. One of the best parts of the book is the title. In six words you get his argument as succinctly as possible. (It could be five words if you pushed "cyber" and "war" together, but the thought alone makes me cringe, in the age of cyber-everything.)

I wondered if I could transform my latest attempt at a thesis title into something that captured my argument in a succinct form.

I thought about the obsession of the majority of the information security community on the tool and tactics level of war. Too many technicians think about security as a single-exchange contest between an attacker and a defender, like a duel.

That reminded me of a problem I have with Carl von Clausewitz's definition of war.

We shall not enter into any of the abstruse definitions of war used by publicists. We shall keep to the element of the thing itself, to a duel. War is nothing but a duel on an extensive scale.

- On War, Chapter 1

Clausewitz continues by mentioning "the countless number of duels which make up a war," and then makes his famous statement that "War therefore is an act of violence to compel our opponent to fulfill our will." However, I've never liked the tactically-minded idea that war is a "duel."

This concept, plus the goal to deliver a compact argument, inspired me to revise my thesis title and subtitle to the following:

Campaigns, Not Duels: The Operational Art of Cyber Intrusions

In the first three words I deliver my argument, and in the subtitle I provide context by including my key perspective ("operational art"), environment ("cyber," yes, a little part of me is dying, but it's a keyword), and "intrusions."

When I publish the thesis as a book in 2018, I hope to use the same words in the book title.
Copyright 2003-2015 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)


Latest PhD Thesis Title and Abstract

In January I posted Why a War Studies PhD? I recently decided to revise my title and abstract to include attention to both offensive and defensive aspects of intrusion campaigns.

I thought some readers might be interested in reading about my current plans for the thesis, which I plan to finish and defend in early 2018.

The following offers the title and abstract for the thesis.

Network Intrusion Campaigns: Operational Art in Cyberspace 

Campaigns, Not Duels: The Operational Art of Cyber Intrusions*

Intruders appear to have the upper hand in cyberspace, eroding users' trust in networked organizations and the data that is their lifeblood. Three assumptions prevail in the literature and mainstream discussion of digital intrusions. Distilled, these assumptions are that attacks occur at blinding speed with immediate consequences, that victims are essentially negligent, and that offensive initiative dominates defensive reaction. 
This thesis examines these assumptions through two research questions. First, what characterizes network intrusions at different levels of war? Second, what role does operational art play in network intrusion campaigns? 
By analyzing incident reports and public cases, the thesis refutes the assumptions and leverages the results to improve strategy.  
The thesis reveals that strategically significant attacks are generally not "speed-of-light" events, offering little chance for recovery.  Digital defenders are hampered by a range of constraints that reduce their effectiveness while simultaneously confronting intruders who lack such restrictions. Offense does not necessarily overpower defense, constraints notwithstanding, so long as the defenders conduct proper counter-intrusion campaigns. 
The thesis structure offers an introduction to the subject, and an understanding of cybersecurity challenges and trade-offs. It reviews the nature of digital intrusions and the levels of war, analyzing the interactions at the levels of tools/tactics/technical details, operations and campaigns, and strategy and policy. The thesis continues by introducing historical operational art, applying lessons from operational art to network intrusions, and applying lessons from network intrusions to operational art. The thesis concludes by analyzing the limitations of operational art in evolving digital environments.

*See the post Updated PhD Thesis Title for details on the new title.
Copyright 2003-2015 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)


Lt Gen David Deptula on Desert Storm and Islamic State

This weekend Vago Muradian interviewed Lt Gen (ret) David Deptula, most famous for his involvement as a key planner for the Desert Storm air campaign.

I recommend watching the entire video, which is less than 8 minutes long. Three aspects caught my attention. I will share them here.

First, Lt Gen Deptula said that Desert Storm introduced five changes to the character of warfare. I noted that he used the term "character," and not "nature." If you are a student of warfare and/or strategy, you are most likely in the camp that says warfare has an unchanging nature, although its character can change. This is the Clausewitz legacy. A minority camp argues that warfare can change both nature and character.

Second, turning to the five changes introduced by Desert Storm, Lt Gen Deptula listed the following.

1. Desert Storm introduced "expectations of low casualties, for both sides." I agree with the expectation of low casualties for the US, but I don't think low Iraqi casualties were a primary concern. One could argue that stopping the war during the "highway of death" showed the US didn't want to inflict large casualties on the Iraqi forces, but I still think low casualties were primarily a concern for US troops.

2. Desert Storm "normalized precision." Even though a minority of the ordnance delivered during the war were precision weapons, their use steadily increased throughout all later conflicts.

3. Desert Storm introduced joint and combined organization and execution. This was indeed quite a step forward, although I recall reading that that USMC airpower took measures to remain as separate as possible.

4. Desert Storm put the concepts of "effect-based operations" into action. There is no doubt about this one. Lt Gen Deptula talks about a disagreement with Gen Schwartzkopf's staff concerning disabling the Iraqi power grid. Air power achieved the effect of disabling the grid within 3-4 days, but Schwartzkopf's team used traditional attritional models, noting that less than a certain percentage of destruction mean mission failure. Deptula was right; they were wrong.

5. Desert Storm was the first major conflict where airpower was the centerpiece and key force. Call me biased, and no disrespect to the land forces in the Gulf, but I agree with this one.

The third and final noteworthy element of the interview involved Lt Gen Deptula's opinion of Islamic State. He said "it's not an insurgency. IS is a state." He said IS possesses the five elements of a state, namely:

1. Leadership
2. Key essential systems
3. Infrastructure
4. Population
5. Fielded military forces

I agree with his assessment. I also believe that Western leaders are unwilling to grant IS the legitimacy of it being a state, so they persist in calling IS names like ISIS, ISIL, Daesh, and so on. I see no problem with that approach, since it incorporates political sensitivities. However, that approach also aggravates the perception that Western leaders are out of touch with reality.

Copyright 2003-2015 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)


Why a War Studies PhD?

When I begin receiving multiple questions on a topic, it's a signal that I should write a blog post.

Several of you have asked me about my experience as a PhD candidate in the King's College London Department of War Studies. In this post I will try to answer your questions by explaining how I got to this point and my overall impressions about the program.

My Academic Background

I have bachelor's of science degrees in history and political science from the US Air Force Academy, and a master's degree in public policy from the Harvard Kennedy School. My last formal academic training ended in 1997 when I graduated from the Air Force Intelligence Officers Training Course.

Why a PhD?

I seriously began considering working on my PhD in 2006, when I was an independent consultant. I've guest lectured at dozens of schools over the years, and taught hundreds of students through my Black Hat courses. I thought the PhD experience would open more doors for future academic opportunities, and I welcomed the opportunity to make an original contribution to the literature. In more recent years I've testified to Congress and worked with think tanks, and in both environments PhDs are common.

My First PhD Choice

After reading Security Engineering (the first edition), I was a fan of Dr Ross Anderson at the University of Cambridge Computer Laboratory. I contacted him, as well as some of his PhD candidates. They invited me to guest lecture at the lab, which I did in May 2006. I considered the possibility of doing research on network security motioning. I liked the idea of the "British system," which emphasized practical research, no coursework, and a high degree of independence. I would have to move my family to the UK.

In the spring of 2007, however, I made contact with my future boss at General Electric. I decided instead to join GE as director of incident response. It was too good an opportunity. That put my PhD plans on hold.

A New Direction

In the fall of 2012 I listened to a 24 lecture series titled Masters of War: History's Greatest Strategic Thinkers by Professor Andrew R. Wilson of the Naval War College. Dr. Wilson reintroduced me to the strategists I had learned about as a cadet twenty years earlier, and kindled a deep interest in strategic history, thought, and practice. I began looking for military history and strategy programs, starting with this list maintained by the Society for Military History.

In the summer of 2013, The Economist magazine asked if I would participate in an online debate with Dr Thomas Rid, author of Cyber War Will Not Take Place. After the debate I read Thomas' book, and learned he was a professor in the KCL War Studies department. I enjoyed the debating process and Thomas' book, so I decided to contact him and some of his PhD candidates to learn more about the PhD program.

During that process, FireEye acquired Mandiant in late December 2013. I decided to change roles and become a full-time strategist, inspired by my changing interests and Prof Wilson's course. That decision definitively shifted my focus away from tools and tactics, and towards operations/campaigns and strategy.

My Final PhD Choice

In early 2014 I connected with Rob Lee, who had started his PhD with Thomas in the fall of 2013. Speaking with Thomas and Rob, I learned the KCL War Studies PhD was even more to my liking than the Cambridge program. KCL also emphasized practical research, no coursework, and a high degree of independence. I would not have to move my family to the UK, but I would have to be very disciplined and stay in contact with my advisor and colleagues.

I applied to the program to meet the spring 2014 deadline, with enrollment in fall 2014. I was accepted and started the program in the fall of 2014, while still maintaining my day job at Mandiant and FireEye.

The Thesis

The desired output for the KCL PhD is a thesis, a 80,000 to 100,000 word work with a goal of eventual publication as a book. Since I was already considering writing my fifth book, this seemed an excellent way to accomplish that goal. Others might find this a scary proposition, but I always enjoyed self-paced research, and the opportunity to devise and answer original research questions was appealing.

Milestones

I will shift my focus slightly to those who might be interested in applying to the program. The PhD program offers three major milestones. First, one must be accepted to the program. I recommend perusing the list of people to find faculty and current students with interests similar to yours. Contact them via email to identify possible advisors and colleagues. If you aren't able to attract any interest, it's a sign you might not have a topic suitable for a PhD. That's a personal judgement, of course.

I approached the application process very seriously. I took several months to complete it and submitted my Strategy, Not Speed piece as my writing sample. Thankfully I was accepted!

Once in the program, the second major milestone is called the "mini viva" or the "upgrade." Prior to passing this milestone, as I understand it, one is not technically a PhD candidate yet. One must write a document of about 20,000 words that includes a thesis abstract, outline, introductory chapter, sample chapter, and completion work plan. The student must then defend that document, live, in front of a panel. I passed that stage of my PhD journey late last year.

The third and final major milestone is the "viva" or the defense of the completed thesis. I am several years away from this step, but I expect it to be an extended version of the upgrade process. Remember that one of the purposes of a PhD is to demonstrate the ability to produce high-level, independent research, so I expect my viva to reflect that philosophy.

My Experience

My experience thus far has been excellent and I plan to continue. However, I would like to highlight a few aspects of my situation. First, I am doing research independently, not at the Strand campus in central London. Several of my colleagues are there now, and they have daily access to a whole world of academic experiences that are unavailable to remote students. If you want a campus experience, you should study in London.

Second, I am still working my day job and being a husband and father, which are my priorities. That means I have to be very careful about  how I manage my time. I felt that I could handle the situation, based on my experience writing and publishing my last book. I started writing my last NSM book in January 2013 and had it ready for Black Hat in late July that year, during the time when Mandiant released the APT1 report.

Third, my thesis, the nature of counter-intrusion campaigns, dovetails well with my day job and professional interests. I would not be able to pursue a PhD in a field not related to my professional life -- I simply wouldn't have the time for research. Because my research matches the needs and interests of my employer, the work I do for Mandiant and FireEye frequently doubles as research for my PhD. Obviously I have a very flexible employer who supports my research, and for that I am grateful.

Fourth, although I am independent, thanks to the initiat