TaoSecurity Blog

Two months ago Bill Gertz published an excellent article titled China's High-Tech Military Threat . I wanted to share a few excerpts that resonated with me. [I]n November 2011, the Pentagon conducted an unusual rollout of a new military unit called the Air Sea Battle Office... The concept calls for the Air Force, Navy, and Marine Corps to integrate forces and other capabilities to defeat what the Pentagon has labeled “anti-access and area denial weapons” — high-technology arms that can prevent or deter the United States military from operating in certain areas... When pressed on the question of whom the initiative was targeting, one official responded, “The concept isn’t about a specific actor; it’s about countering anti-access, area-denial capabilities...” [T]he Air Sea Battle Concept is the culmination of a strategy fight that began nearly two decades ago inside the Pentagon and U.S. government at large over how to deal with a single actor: the People’s Republic of Chin

Twenty-two years ago today I flew to Colorado Springs, CO and reported for Basic Cadet Training with the class of 1994 at the United States Air Force Academy. I took the oath of office pictured at left the following day. I left the service in 2001 because I could no longer fit my military intelligence and computer network defense career interests within the archaic, central planning commission-like personnel system the ruled Air Force assignments. Today I read an article by Tim Kane, USAFA class of 1990, titled Why Our Best Officers Are Leaving . This article resonated so strongly with me I got a little emotional reading it. The following are some relevant excerpts. Why are so many of the most talented officers now abandoning military life for the private sector? An exclusive survey of West Point graduates shows that it’s not just money. Increasingly, the military is creating a command structure that rewards conformism and ignores merit. As a result, it’s losing its vaunted a

Two years ago I wrote Full Disclosure for Attacker Tools , where I wrote in part: The idea of finding vulnerabilities in tools used by attackers is not new. It's part of the larger question of aggressive network self defense that I first discussed here in 2005 when reviewing a book of that title. (The topic stretches back to 2002 and before, before this blog was born.) If you follow my blog's offense label you'll see other posts, such as More Aggressive Network Self Defense that links to an article describing Joel Eriksson's vulnerability research into Bifrost and other remote access trojans. What's a little more interesting now is seeing Laurent Oudot releasing 13 security advisories for attacker tools. Laurent writes: For example, we gave (some of) our 0days against known tools like Sniper Backdoor, Eleonore Exploit Pack, Liberty Exploit Pack, Lucky Exploit Pack, Neon Exploit Pack, Yes Exploit Pack... In the post I addressed some of the issues involv

I received the latest issue of my alumni magazine, Checkpoints , today. It's graduation season, so the content included statistics about the latest graduating class as shown at right. This relates to a recent post, Whither United States Air Force Academy? , where I said the skill most needed to help grow the nation is digital defense. The statistics the Checkpoints editors chose to print, however, reminded me of the Academy's current focus. Notice that between the demographic information and the "fun facts" we see details on so-called "rated officers," reprinted below: 529 total rated graduates 490 pilots 8 combat systems operators 2 air battle managers 29 unmanned aerial system pilots To me, these statistics reflect the idea that "what gets measured, matters." Clearly the bias at USAFA continues to be towards flying. I get the "Fly, Fight, Win" message. I repeat it often at inappropriate times thanks to effective brainwas

I liked Kurt Wismer's post Flame's Impact on Trust . He says: if you haven't watched it yet, i encourage you to check out the video of chris soghoian's talk at personal democracy forum 2012. the TL;DR version is that, because it compromised the microsoft update channel, the flame worm damaged our trust in automatic updates and that's a bad thing because automatic updates have done so much good for consumer security. mikko hypponen is even reported to be planning to write a letter to barack obama to ask him to stop the US government from doing this sort of thing again. Kurt links to this story US Government Behind Flame Virus According to Expert with choice quotes like this: Hypponen believes that making Microsoft digital certificates untrustworthy in the eyes of some of the 900 million Windows users around the globe is a very serious and worrying move... Hypponen told IBTimes UK that he was planning on writing an open letter to Barack Obama this week to

From TaoSecurity Thomas Ricks' post Does the Air Force Academy have ‘the least educated faculty’ in the country? inspired me to write this post. Mr. Ricks cited a story by Jeff Dyche, a former USAFA professor who cited a litany of concerns with the USAFA experience. I graduated from the Air Force Academy in 1994, ranked third in my class of 1024 cadets, and proceeded to complete a master's degree at Harvard in 1996. In my experience, at least in the early 1990s, USAFA faculty were as good, or better, than Harvard faculty. I considered the nature and volume of my graduate courses to be simple compared to my USAFA classes. When several fellow graduate students broke into tears after learning what the Harvard faculty expected of them, I couldn't believe how much easier the classes were going to be! Rather than address points made by Ricks and Dyche, I prefer to focus on a theme that appears every few years: "why does the nation need service academies?" To pr