Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 326 for Thursday April 11th, 2013
- Register for "Offensive Countermeasures: The Art Of Active Defense": SANSFIRE Washington, DC June 15-16th with John Strand
- Come to Security BSides Rhode Island One-Day Conference on June 15th tickets are NOW ON SALE at WePay.com. Featured presentations from Josh Wright , Kevin Finisterre, Kati Rodzon and Mike Murray, Bruce Potter, Joe McCray,Ron Gula, Ben Jackson, Dave Maynor and the entire PaulDotCom crew!
- The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 8:30PM EST. Come have a cigar with us!
Interview: Richard Bejtlich
Richard Bejtlich is Mandiant's Chief Security Officer. Prior to joining Mandiant, Mr. Bejtlich was the Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He wrote The Tao of Network Security Monitoring, Extrusion Detection, and co-authored Real Digital Forensics. He currently writes for his blog TaoSecurity and teaches for Black Hat.
- [JackD] would like to talk about the "haters" who attack every report as marketing spam, regardless of content and value. The APT-1 report got a lot of that.*
- What are some of the things people still don't do (or don't do right) that would improve security"
- Any recommendations for people who want to know if they are victims of an advanced attack or a regular malware attack?
- What are the biggest differences between the behavior of the attacks, and if do you recommend any tools, methods, or docs that people can use to aid in their determination.
- Do you see any advanced attacks coming from nation states other than China.
- Does Mandiant see US created surveillance malware? How about malware from US allies? If it was seen, would it be handled different due to the political situation?
- Does Mandiant see any attacks by organized crime that are impressive enough to be considered advanced, and not just regular fraud attacks?
- Advanced malware is written to be undetectable by AV, but we know that there are other stages of an attack such as recon and exploitation. what detection method has seen the highest success rate against any stage of an APT attack?
- It's generally understood that apt attacks from China are used partly to steal trade secrets or negotiating tactics. There has to be some sort of social network or information market to ferry that info from the bot herders to the businesses that benefit. Is there any insight you can share on this idea? It seems that such a market or network can't be that small, so it would be hard to keep it secret forever.
- Please tell us a cool story about the most interesting intrusion you can talk about.
Guest Technical Segment:
- We are in the process of archiving and cataloging our technical segments, please visit the PaulDotCom Technical Library and we indexed all of the interviews we have conducted. We are also working on updating all of the articles, so check the newsletter or if you want to help in exchange for some free guidance and security training please email me.
- Larry teaching SANS SEC617 all over and coming to a city near you in 2013. It isn't too Late to sign up for my class in San Diego this May!