@lorenzofb excellent article
Richard Bejtlich
I was a captain in the United States Air Force who formally trained as an intelligence officer. I later worked in information warfare. I promoted the concept that "prevention eventually fails" in my first book (2004) and developed tactics, operations, and strategy to detect and respond to nation-state and criminal computer intrusions. I wrote about cybersecurity from 2001 to 2021. I created the GE-CIRT and was Mandiant's first CISO. I currently advocate #NetworkSecurityMonitoring for @corelight. My latest books are here #ad https://amzn.to/3B2AcMc
For years I’ve said the Apple iPhone ecosystem overall is far more secure for the average user than Android. Here’s a quantifiable example of how bad the Google Play store has been. It’s good to see Google taking these steps, but the Android ecosystem will remain inferior compared to the vertical integration of the Apple iPhone. https://www.techspot.com/news/107745-google-play-shrinks-47-percent-following-policy-overhaul.html
The 2025 Mandiant M-Trends report is here. First the first time in the history of the report, global dwell time has increased, albeit only one day, from 10 to 11 days. This is still worrying, as ransom actor extortion demands have pressured the dwell time downward, but for an obviously bad reason. Global detection by source has also moved in the wrong direction, with slightly more external vs internal detection. I fear we have entered the realm of decreasing “returns on security investment,” especially for the security 1-10%.
I just created another Windows 10/11 application using AI. This is a follow-up to the SquareCap program I posted about a few weeks ago. Details here: https://taosecurity.blogspot.com/2025/04/creating-large-text-file-viewer-by-vibe.html
@erictopol congrats on your new book! There's nothing like getting a copy in your hands.
@briankrebs why do we believe he was involved with over 2000 cases? Over a 25 year period, that would be 80 per year. There’s ZERO chance that is true. I know expert witnesses who work single cases for months, even years. Sure, you can juggle several simultaneously, but 80 a year?! More fabrication, even if he had help.
@jerry funny, literally today I created a Windows 10/11 application that takes square screen captures. I did zero coding myself but used Visual Studio Code, Cline, OpenRouter, and Claude.
https://taosecurity.blogspot.com/2025/03/creating-windows-application-using.html
I just created a Windows 10/11 application that takes square screen captures. I did zero coding myself but used Visual Studio Code, Cline, OpenRouter, and Claude. Details: https://taosecurity.blogspot.com/2025/03/creating-windows-application-using.html
@jerry second vote for Shotcut, open source and cross platform.
Any of my fellow military historians might want to take advantage of this flash sale by Osprey Publishing. Every time they offer a sale I buy the latest Osprey Campaign and Osprey Air Campaign titles. https://www.ospreypublishing.com/us/discover/sale/osprey-february-flash-sale-2025/
I had a scare due to Google AI hallucinations. I was watching BBC presenter Stephen Sackur just now. Ehud Olmert joked about their age difference so I Googled Stephen. Google told me Stephen had advanced cancer and was lobbying for sensitive legislation! I checked the references and it turns out he INTERVIEWED someone with terminal cancer. Stephen was treated for skin cancer successfully in 2019 however.
@jerry @ShmooCon I can’t believe it’s been this long, but apparently I attended the first one 20 years ago. https://taosecurity.blogspot.com/2005/02/shmoocon-begins-i-am-happy-to-report.html I also spoke in 2006 and 2007, and videos still exist I think!
Thanks to Dominik B for sharing the article which linked to a Twitter post about my Mandiant football helmet! It's forever immortalized in an academic paper! 😂 Anywhere here's what it looks like today, after 6 years at Mandiant.
Google Scholar periodically sends me alerts when researchers cite me. There's a new paper which apparently mentions my 2010 article "What Is APT?" and a Twitter post from 2014. I can't read the article, but looking at the link to my Twitter post I see it was about... my Mandiant football helmet?! If anyone can access this article and send me a copy, I'd appreciate it. https://journals.sagepub.com/doi/abs/10.1177/03063127241299132
Happy birthday TaoSecurity Blog, born on this day in 2003!
The best way to digest the key lessons from the site is to browse my four volume Best of TaoSecurity Blog book series, published in 2020.
It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of that PDF-based fixed format nonsense.
Each book is a theme-centric collection of posts with new commentary for each entry. Some of what I wrote stood the test of time, and some did not. See what you think. Or, just scroll backwards through the site.
Thank you to Blogspot and Google for hosting the blog for the last 22 years!
I love how the covers of the original Star Wars movie adaptation played loose and fast with the actual plot. This is issue 6, wrapping up the movie.
How about that? 1111 straight days reading in the Kindle, which is a little more than 3 years. I’d have over 6 years if not for some Kindle snafu 1111 days ago that caused me to have to start my streak again. 😆
@zackwhittaker let’s not forget the criminal’s ultimate responsibility here…
Interesting... a cron file that Keith Jones, Curtis Rose, and I included in the live response files for our 2005 book, Real Digital Forensics, was just flagged by Google as violating their terms of service. It was part of an IRC-using piece of malware from 2003 called IRoffer. I'll request a review but I doubt a human will actually see it?
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst