Thursday, April 16, 2015

DHS and MITRE to Transition STIX and TAXII to OASIS


We are pleased to announce today that the US Department of Homeland Security (DHS) intends to transition the STIXTM and TAXIITM specifications for the automated exchange of cybersecurity data to the Organization for the Advancement of Structured Information Standards (OASIS), a non-profit consortium that drives the development, convergence, and adoption of open standards for the global information society.

This transition is the culmination of three years of work in collaboration with the private sector to define, develop, and implement a robust set of technical specifications to advance the state of the practice in computer network defense. From the inception of these efforts, DHS has maintained that STIX and TAXII would be transitioned to an internationally-recognized standards development organization once the specifications reached an appropriate level of maturity. That day has come, and the transition to OASIS represents an exciting next step in the continued advancement and evolution of STIX and TAXII.

OASIS has an excellent track record in successfully transitioning accepted technical specifications to voluntary consensus standards and in recognizing and building on that existing work. In addition, the global membership of OASIS mirrors the diversity of the STIX/TAXII community and includes a wide variety of government entities, technology vendors, academic institutions, and end-user organizations that have been so critical to the success of the specifications. And finally, the selection of OASIS guarantees that the entire family of STIX/TAXII specifications will always be freely available to anyone around the world.

The transition of STIX and TAXII to OASIS will provide greater transparency and stakeholder participation in the development process which will help ensure the stability and continuing viability of STIX and TAXII as true international standards. These changes have the potential to significantly increase adoption and use of STIX and TAXII and thereby strengthen global cybersecurity practices.

This transition will allow DHS to concentrate our efforts on ensuring the widest and most effective implementations of STIX and TAXII to achieve our mission. We will continue to play an active role through our participation in OASIS, and we will continue to support the development of critical documentation, tools and application programming interfaces.

The only thing that is changing is that the direction of STIX and TAXII will now be in the hands of a robust global community committed to its success. We are confident that this transition will mark the beginning of an even more vibrant and successful cybersecurity ecosystem built on STIX and TAXII that will yield significant improvements in the overall security of our cyber infrastructure."

Tuesday, April 14, 2015

JSON Support for TAXII 1.1

Today on the TAXII discussion list I released v1.00 of the JSON Message Binding Specification for TAXII 1.1.  APIs written in Go, for generating and consuming JSON based TAXII messages can be found here on Github.

Thursday, February 12, 2015

Why I switched to Go (golang), the next great programming langauge

I have been asked a lot as of late, why I switched to writing code in Go.  The answer is pretty simple and to quote another developer;
  • The language is modern, small, simple and quite strict. There's a minimalism here that I like - what you see is what you get. Some things that wouldn't even merit a warning in other languages (like unused variables) are errors in Go - your code won't even compile. I like the tidiness this promotes.
  • Awesome concurrency. Go's concept of goroutines and channels is simple, beautiful and works well. This is essential for something like syncthing where there's a lot of stuff going on in parallel.
  • Simple deployment. Go compiles to a single statically linked binary that you just need to copy to the target system and run. It's trivial to cross compile from one os/architecture into all others supported by the Go compiler.
  • Modern standard library, "some batteries included". This includes an HTTP server, a clean (non-OpenSSL) crypto and TLS implementation, JSON and XML serializers, etc.
  • Good enough performance. The Go compiler doesn't generate as fast code as the best C or C++ compilers out there, but it's still faster than interpreted languages.
  • Tooling and community. Go does things somewhat differently than many other languages and this can be a bit of an acquired taste... But for example the existence and adoption of "go fmt" means there is no discussion about formatting or indenting - there is only one standard. "Go get" simplifies fetching and building, plus results in a standardized repo layout. Etc.
  • I think it's a really nifty language to work with and IMHO, it is the next great system language.
  • It has the backing of a fiscally stable company, Google. So if anything it will only increase in popularity.

Saturday, February 7, 2015

Mac OSX Yosemite Draft eMail Problems

I finally upgraded my day-2-day notebook to Yosemite 10.10.2 and quickly noticed a very annoying problem with Apple's Mail client.  Mail automatically saves drafts of emails as you compose them, which is okay and to be somewhat expected.  However, the problem was, it would not delete the draft(s) after I sent the actual message and I had already turned off the "Store draft emails on server" function, years ago.

The solution I found that worked for me was to turn off the new "Automatically detect and maintain account settings" feature located in Preferences, Accounts, Account Name, Advanced, as shown in the screenshot below.  After unchecking that check box for all of my accounts and their corresponding SMTP servers, I restarted Mail and everything now works as expected. 

Thursday, February 5, 2015

Sublime Text 3 Auto Complete Theme / Color Changes

After recently switching from Eclipse to Sublime Text 3 for my development work, I found the need to change some of the theme and element coloring options. One of the elements I wanted to change, but could not find any documentation for was the auto complete pop-up window. 

In the following screenshot you can see a pop up window with a list of auto complete options.  Let me explain how you might change these.  First off, the file you will need to edit is this one: ~/Library/Application Support/Sublime Text 3/Packages/Theme - Default/Default.sublime-theme

To change the background for the pop up window you would edit this element:
  "class": "popup_control",
  "layer0.tint": [64, 64, 64, 255],
  "layer0.opacity": 1.0,
  "content_margin": [2, 2]

  "class": "auto_complete",
  "row_padding": [2, 1],

  // White background
  "layer0.tint": [255, 255, 255],
  "layer0.opacity": 1.0,
  "dark_content": false


To change the color of text item is the pop up  window you would edit this element:

  "class": "auto_complete_label",

  // color of options in pop up window
  "fg": [72, 72, 72, 255],

  // red, the text color that you have typed that matches
  "match_fg": [255, 0, 0, 255],
  "bg": [255, 26, 26],

  // color of the text in the row that is selected 
  "selected_fg": [72, 72, 72, 255],

  // black, color of the matched text in the row that is selected
  "selected_match_fg": [0, 0, 0, 255],   
  "selected_bg": [156, 185, 223, 255]


To change the row highlight color you would edit this element

  "class": "table_row",
  "layer0.texture": "Theme - Default/row_highlight_wide.png”,

  // Blue highlight for the selected option
  "layer0.tint": [33, 90, 184],
  "layer0.opacity": 0.0,
  "layer0.inner_margin": [1, 1]

  "class": "table_row",
  "attributes": ["selected"],
  "layer0.opacity": 1.0,