TaoSecurity Blog

Marcin Wielgoszewski interview me for his TSSCI Blog . He asked me about my start in security, how to be a good analyst, and concerns for the future. Thanks to Marcin for asking solid questions.

Will Backman from BSDTalk posted a new podcast (.mp3, 16 MB) featuring his interview with me. In the first half of the podcast Will explains ways to obtain BSD. The second half of the podcast is the interview. We talked about my ShmooCon presentation, my blog, book reviews, how I use FreeBSD, and the upcoming PortRequest project implemented by the good people at NYCBUG . orr:/data/media/audio$ mpg123 -a /dev/dsp0.0 bsdtalk013.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3. Version 0.59r (1999/Jun/15). Written and copyrights by Michael Hipp. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Title : bsdtalk013 - Interview with Ri Artist: Will Backman Album : Year : 2006 Comment: Genre : Speech Playing MPEG stream from bsdtalk013.mp3 ... Junk at the beginning 49443303 MPEG 1.0 layer III, 96 kbit/s, 44100 Hz mo...

Paul Asadoorian and Larry Pesce from PaulDotCom interviewed me yesterday. The podcast is available as a 30 MB .mp3. Thanks to Paul and Larry for taking the time to speak with me.

Earlier this month I congratulated the Def Con Capture The Flag winners from Giovanni Vigna 's team. One of the contestants, Vika Felmetsger , was kind enough to answer questions about her experience and the role she played on team Shellphish. I thought I would publish Vika's thoughts in the hopes that she could provide an example of how one becomes a serious security practitioner. Richard (R): What is your experience with security, and what are your interests? Vika (V): I am starting my second year as a computer science Ph. D. student at UCSB , where I work as a research assistant in the Reliable Software Group (RSG). Everybody in the group works on various computer security areas and my current focus is web application security. Even though now security is a part of my everyday life, I am still pretty new to this area. As an undergraduate student at UCSB I learned some security basics, however, my real introduction to practical security, and hacking in particul...

I used a congratulatory email to Giovanni Vigna to ask about his team's recent Capture the Flag win. Here is the short interview. Bejtlich (B): What sorts of skills were required to win Capture the Flag? Vigna (V): The skills required are many, from network analysis (looking at the traffic and figuring out what the hell is going on) to code auditing (both source and binary). B: Did you practice? V: We didn't really practice, but I organize an international inter-university CTF competition every year, as part of my grad class on network security. Therefore, we had (maybe) more experience in that sense. B: How did this year's contest compare to those of the past run by the Ghetto Hackers? V: The contest was somewhat different than the one run by the Ghetto Hackers. The new things I like the most where the SLA (service level agreement, or something like that) and the "breakthroughs". The SLA represented how much your services were up during the contest. Your f...