Re: Happy xmas folks
On Wed, Dec 21, 2011 at 3:44 AM, Andrew D Kirch wrote: > On 12/20/2011 10:08 PM, andrew.wallace wrote: >> >> I just want to say happy xmas to everyone at NANOG. >> >> I'm about to sign off for the holidays. >> >> >> Andrew > > enjoy your chistmas, and you don't have to come back after the holidays, > we'll be fine without you. > > Andrew Thats fine. Andrew https://plus.google.com/115085501867247270932/about
Happy xmas folks
I just want to say happy xmas to everyone at NANOG. I'm about to sign off for the holidays. Andrew
Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]
A trojan can be used for good if in the right hands as a remote access tool for business use. Andrew From: Bryan Fields To: "nanog@nanog.org" Sent: Tuesday, December 6, 2011 11:24 PM Subject: Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!] On 12/6/2011 13:30, andrew.wallace wrote: > It could be argued that Nmap is malware, and such software has already been > called to be made illegal. > > If I was Cnet, I would stop distributing his software altogether. > > Link: http://nmap.org/book/legal-issues.html If this is not trolling and you actually believe this, just wow. Nmap is just a tool, and any tool can be misused by people for criminal acts. It's really no different than a gun in that regard. Both are incredibly useful things in the right hands, mere tools to further security. However in the wrong hands they can be used to commit crimes and break other peoples security. -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net
Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]
On Tue, Dec 6, 2011 at 4:48 PM, wrote: > On the other hand, just being Fyodor is sufficient to get him taken seriously. It could be argued that Nmap is malware, and such software has already been called to be made illegal. If I was Cnet, I would stop distributing his software altogether. Link: http://nmap.org/book/legal-issues.html Andrew
Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]
Using fruitful language and acting like a child isn't going to see you taken seriously. Andrew > - Forwarded message from Fyodor - > F*ck them! If anyone knows a great copyright attorney in the U.S., > please send me the details or ask them to get in touch with me. > > Also, shame on Microsoft for paying C|Net to trojan open source > software! > > Cheers, > Fyodor > > - End forwarded message -
Re: Recent DNS attacks from China?
Before we see knee-jerk conclusions about who to blame, these attacks could be carried out by anyone. Is country even relevant in the cyberscape? Andrew From: Leland Vandervort To: nanog@nanog.org Cc: Leland Vandervort Sent: Wednesday, November 30, 2011 4:32 PM Subject: Recent DNS attacks from China? Hi All, I am wondering if anyone else is seeing a sudden increase in DNS attacks emanating from chinese IP addresses? Over the past 24 hours we've seen a sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes. This anomalous traffic started roughly 24 hours ago, and while we've had occasions of anomalous chinese traffic, never anything of this type. Anyone else? Regards, Leland
Re: Water Utility SCADA 'Attack': The, um, washout
I expect to see Joe Bloggs arrested next week then, it won't happen though. Andrew From: Jared Mauch To: andrew.wallace Cc: "nanog@nanog.org" Sent: Saturday, November 26, 2011 10:38 PM Subject: Re: Water Utility SCADA 'Attack': The, um, washout On Nov 26, 2011, at 5:18 PM, andrew.wallace wrote: > These reports are ment for private sector eyes only. I suggest new secrecy > legislation, for fusion centres. It already exists :) People may be subject to prosecution for leaking this to the public. It's that simple. Problem is it can't be undone, so it's not an interesting case in some regards... - Jared
Re: Water Utility SCADA 'Attack': The, um, washout
These reports are ment for private sector eyes only. I suggest new secrecy legislation, for fusion centres. Andrew From: Jared Mauch To: andrew.wallace Cc: Jay Ashworth ; "nanog@nanog.org" Sent: Saturday, November 26, 2011 8:14 PM Subject: Re: Water Utility SCADA 'Attack': The, um, washout +1 This isn't the pentagon papers. Those found leaking should face the legal consequences for sbu information leakage. One can't have every email/memo leaked as it makes it unfeasible to perform ones job. Jared Mauch On Nov 26, 2011, at 7:51 AM, "andrew.wallace" wrote: > My comment about a certain person leaking public-private sector > correspondence to the media still applies then. > > https://plus.google.com/114359738470992181937/posts/DSnJfKqrJK1 > > > Andrew > > > > > From: Jay Ashworth > To: NANOG > Sent: Saturday, November 26, 2011 3:14 AM > Subject: Water Utility SCADA 'Attack': The, um, washout > > Not an attack: an already failing pump, and an employee of a contractor to the > utility who was ... wait for it ... > > traveling in Russia on personal business. > > WaPo via Lauren @ Privacy: http://j.mp/rrvMXR > > Cheers, > -- jra > -- > Jay R. Ashworth Baylink j...@baylink.com > Designer The Things I Think RFC 2100 > Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII > St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: Water Utility SCADA 'Attack': The, um, washout
My comment about a certain person leaking public-private sector correspondence to the media still applies then. https://plus.google.com/114359738470992181937/posts/DSnJfKqrJK1 Andrew From: Jay Ashworth To: NANOG Sent: Saturday, November 26, 2011 3:14 AM Subject: Water Utility SCADA 'Attack': The, um, washout Not an attack: an already failing pump, and an employee of a contractor to the utility who was ... wait for it ... traveling in Russia on personal business. WaPo via Lauren @ Privacy: http://j.mp/rrvMXR Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: First real-world SCADA attack in US
"There is no evidence to support claims made in initial reports -- which were based on raw, unconfirmed data and subsequently leaked to the media." http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html From what I'm seeing and hearing is the report by the fusion centre was private and facts were still being *fusioned* when somebody decided to leak to the media. What we had was a half baked report not ment for public consumption. What needs to be looked at is lockering out certain people who think its OK to leak reports from these state resources. Andrew
Re: First real-world SCADA attack in US
Here is the latest folks, "DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system in Springfield, Illinois." http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html Andrew
Re: First real-world SCADA attack in US
If NSA had no signals information prior to the attack, this should be a wake up call for the industry. Andrew From: Jay Ashworth To: NANOG Sent: Monday, November 21, 2011 3:32 PM Subject: First real-world SCADA attack in US On an Illinois water utility: http://www.msnbc.msn.com/id/45359594/ns/technology_and_science-security Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: [outages] News item: Blackberry services down worldwide, Egypt affected (not N.A.)
Guys the outage has moved to U.S and Canada, I think we need to look at this perhaps being sabotage. http://news.cnet.com/8301-30686_3-20119163-266/blackberry-service-issues-spread-to-u.s-and-canada/ Andrew From: Frank Bulk To: outa...@outages.org Sent: Tuesday, October 11, 2011 7:32 PM Subject: Re: [outages] News item: Blackberry services down worldwide, Egypt affected (not N.A.) And continues: “RIM'S SERVICE OUTAGE CONTINUES INTO DAY 2” http://www.channelstv.com/global/news_details.php?nid=29652&cat=Politics Frank From:andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Monday, October 10, 2011 2:52 PM To: frnk...@iname.com Cc: outa...@outages.org Subject: Re: [outages] News item: Blackberry services down worldwide, Egypt affected (not N.A.) RIM shares down as BlackBerry outage continues http://www.marketwatch.com/story/rim-shares-down-as-blackberry-outage-continues-2011-10-10 Andrew From:Frank Bulk To: outa...@outages.org Sent: Monday, October 10, 2011 2:47 PM Subject: [outages] News item: Blackberry services down worldwide, Egypt affected (not N.A.) http://english.ahram.org.eg/NewsContent/3/12/23792/Business/Economy/Blackber ry-services-down-worldwide,-Egypt-affected.aspx FYI ___ Outages mailing list outa...@outages.org https://puck.nether.net/mailman/listinfo/outages ___ Outages mailing list outa...@outages.org https://puck.nether.net/mailman/listinfo/outages
Re: Steve Jobs has died
Sad day for all concerned in the tech industry. RIP Andrew From: Alex Rubenstein To: 'NANOG list' Sent: Thursday, October 6, 2011 1:15 AM Subject: Steve Jobs has died Not entirely on-list-topic, but still relevant. http://news.cnet.com/8301-13579_3-20116336-37/apple-co-founder-chairman-steve-jobs-dies/?tag=cnetRiver
Hurricane Katia
I'm hearing on the news wire 80mph winds will come to UK over the next 72 hours. Andrew
Re: New Natural Disaster! 8/27/2011 Hurricane Irene
It looks like the DHS, FEMA got this emergency wrong... by the time it got to NYC it was the equivalent of a normal day in Scotland.I live in Scotland... Andrew
Re: Microsoft's participation in World IPv6 day
World day is a sure-shot bet win at an anti-climax, and an industry failure and waste of investment and publicity campaign. Andrew
Tsunami warning for north-east Japan
A tsunami warning is issued for north-eastern Japan after an earthquake with a magnitude of 7.4 hits the region. Andrew
0day Windows Network Interception Configuration Vulnerability
Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html Andrew
Re: New tsunami advisory warning - Japan
On Mon, Mar 28, 2011 at 11:43 AM, Gavin Pearce wrote: >> travels in general at approx 970 kph (600 mph) > > True in the deepest parts of open ocean - upon reaching the shore-line > it'll be travelling a lot slower. You guys forget a lot of folks on the list are working on cabling ships and off shore platforms, its not all about what happens on shore in this industry. Andrew
Re: New tsunami advisory warning - Japan
On Mon, Mar 28, 2011 at 1:59 AM, wrote: > *yawn*. A foot and a half isn't going to be all *that* bad Remember a wall of tsunami water travels in general at approx 970 kph (600 mph), think about it.
New tsunami advisory warning - Japan
More information from http://www.jma.go.jp/en/tsunami/ Andrew
Re: US .mil blocking in Japan
On Wed, Mar 16, 2011 at 12:58 PM, Jeff Aitken wrote: > What's to be surprised about? This isn't the rhetoric of a super power, more like one of a university campus. To think these guys have built a cyber command with war waging capabilities, and allegedly capable of building nuclear worms such as Stuxnet. It strikes me straight away as amateurish to be blocking web sites in able to have enough bandwidth for operational purposes. You would think their war fighting networks, weren't the same ones used for civilian-based web sites on the public internet. It seems there is a conflict here between what they push out to the media as to what their cyber capabilities are, and what the realities are on the ground. In that respect, yes I'm very surprised. --- Andrew
Solar flare to reach earth
These "coronal mass ejections" will slam into the Earth's magnetic shield. The biggest flares can disrupt technology, including power grids, communications systems and satellites. "Our current view is that the effect of the solar flare is likely to reach Earth later today (Thursday GMT), possibly tomorrow morning," said Alan Thomson, head of geomagnetism at the British Geological Survey (BGS). http://www.bbc.co.uk/news/science-environment-12493980 Andrew
Re: Weekend Gedankenexperiment - The Kill Switch
On Tue, Feb 8, 2011 at 4:11 AM, wrote: > On Mon, 07 Feb 2011 17:49:36 EST, Josh Smith said: > >> even if it was I suspect any service available via satellite might >> suffer from similar problems if the methods used to disrupt >> connectivity in Egypt were employed here. > > The real question isn't "If they shut you down, can you restart?". > > The real question is "If they shut you down, can you restart in a way that > avoids them attempting a second shutdown with a bullet?" > > > May I suggest - A bunker built for Scottish Office staff in the event of a nuclear attack is up for sale. The complex at Cultybraggan Camp near Comrie, Perthshire, was completed in 1990 and is believed to be one of the most advanced structures of its kind. It was built to house 150 people and protect them from nuclear, biological and electromagnetic attacks. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12311164 Andrew
Re: Egypt 'hijacked Vodafone network'
On Thu, Feb 3, 2011 at 7:48 PM, Marshall Eubanks wrote: > > On Feb 3, 2011, at 2:20 PM, andrew.wallace wrote: > >> On Thu, Feb 3, 2011 at 6:59 PM, Scott Brim wrote: >>> On 02/03/2011 10:14 EST, Marshall Eubanks wrote: >>>> >>>> On Feb 3, 2011, at 9:24 AM, andrew.wallace wrote: >>>> >>>>> Mobile phone firm Vodafone accuses the Egyptian authorities of >>>>> using its network to send pro-government text messages. >>>>> >>>>> http://www.bbc.co.uk/news/business-12357694 >>>> >>>> Here is their PR >>>> >>>> http://www.vodafone.com/content/index/press.html >>>> >>>> Note that this is entirely legal, under "the emergency powers >>>> provisions of the Telecoms Act" >>> >>> Which is legal, Vodafone's protest or the government's telling them to >>> send messages? afaik the agreement was that the operator would have >>> preloaded canned messages, agreed on in advance with the government, and >>> now the government is telling them to send out arbitrary messages they >>> compose on the spot. >>> >>> >> >> I wonder if these messages were blockable by the end-user or if they were >> being sent as a service announcement from Vodafone. >> >> Certainly, if the government were sending the messages under the company >> name then something sounds wrong about that. >> >> What I would like is to hear from someone who received the messages and what >> their experiences were. >> > > They were described to me as being "from Vodafone." I assumed that this meant > that they were service messages. > > Marshall A text message received Sunday by an Associated Press reporter in Egypt appealed to the country's "honest and loyal men to confront the traitors and criminals and protect our people and honor." Another urged Egyptians to attend a pro-Mubarak rally in Cairo on Wednesday. The first was marked as coming from "Vodafone." The other was signed: "Egypt Lovers." http://news.yahoo.com/s/ap/20110203/ap_on_hi_te/eu_egypt_cell_phones Andrew
Re: Egypt 'hijacked Vodafone network'
On Thu, Feb 3, 2011 at 6:59 PM, Scott Brim wrote: > On 02/03/2011 10:14 EST, Marshall Eubanks wrote: >> >> On Feb 3, 2011, at 9:24 AM, andrew.wallace wrote: >> >>> Mobile phone firm Vodafone accuses the Egyptian authorities of >>> using its network to send pro-government text messages. >>> >>> http://www.bbc.co.uk/news/business-12357694 >> >> Here is their PR >> >> http://www.vodafone.com/content/index/press.html >> >> Note that this is entirely legal, under "the emergency powers >> provisions of the Telecoms Act" > > Which is legal, Vodafone's protest or the government's telling them to > send messages? afaik the agreement was that the operator would have > preloaded canned messages, agreed on in advance with the government, and > now the government is telling them to send out arbitrary messages they > compose on the spot. > > I wonder if these messages were blockable by the end-user or if they were being sent as a service announcement from Vodafone. Certainly, if the government were sending the messages under the company name then something sounds wrong about that. What I would like is to hear from someone who received the messages and what their experiences were. Andrew
Re: Connectivity status for Egypt
We should be asking the Egyptians to stagger the return of services so that infrastructure isn't affected, when connectivity is deemed to be allowed to come back online. Andrew Wallace --- British IT Security Consultant
Re: Facebook issue
This is what I was seeing too. - Original Message - From:Andre Gironda To:"nanog@nanog.org" Cc:andrew.wallace Sent:Thursday, 16 December 2010, 21:39:24 Subject:Re: Facebook issue It's returning an empty set of html tags
Facebook issue
Anyone having issue with Facebook? Andrew
Re: Amazon.co.uk, and most of Amazon Europe, appears to be down.
Thenextweb have been quick to push out speculation - http://thenextweb.com/uk/2010/12/12/amazon-co-uk-and-de-are-down-is-anonymous-to-blame/ Andrew - Original Message - From:Wil Schultz To:North American Network Operators Group Cc: Sent:Sunday, 12 December 2010, 21:33:29 Subject:Amazon.co.uk, and most of Amazon Europe, appears to be down. Unknown if this is due to the recent doings of late, but it appears as if Amazon Europe appears to be down. The anon's are definitely trying to cause disruptions, I find it difficult to believe that they are the actual cause. Time will tell. -wil
Re: LOIC tool used in the "Anonymous" attacks
Like I said the other day on Cnet comments section, December 10, 2010 3:31 PM PST. "It is extremely easy to find out who everyone is, because the "anonymous" is decentralised and easy to infiltrate and manipulate." Andrew From: Leo Bicknell To: North American Network Operators Group Cc: Sent: Saturday, 11 December 2010, 21:21:29 Subject: Re: LOIC tool used in the "Anonymous" attacks Perhaps the authors of the tool would rather keep the finite law enforcement busy rounding up clueless highschool kids who install this tool. In that sense it's both a network packet DDOS, and a law enforcement attacker DDOS. Brilliant in a way.
Re: LOIC tool used in the "Anonymous" attacks
I was reading about this- yeah really "anonymous". http://praetorianprefect.com/archives/2010/12/anonymous-releases-very-unanonymous-press-release/ Also: http://www.boingboing.net/2010/12/11/anonymous-isnt-loic.html Andrew From: Stefan Fouant To: 'Marshall Eubanks' ; 'North American Network Operators Group' Cc: Sent: Saturday, 11 December 2010, 17:34:20 Subject: RE: LOIC tool used in the "Anonymous" attacks I think the skill level of these guys is clearly evidenced by one of the members who forgot to remove the metadata from their most recent "press release". Stefan
Re: Mastercard problems
"Just a day after Dutch police arrested a 16-year-old boy in connection with Wikileaks-related denial-of-service attacks, websites belonging to the Netherlands computer crime cops and prosecutors have been struck with a similar assault." http://nakedsecurity.sophos.com/2010/12/10/dutch-police-website-attacked-after-arrests-of-suspected-hacker/ Andrew - Original Message - From:Michael Smith To:andrew.wall...@rocketmail.com Cc:nanog@nanog.org Sent:Thursday, 9 December 2010, 23:16:22 Subject:Re: Mastercard problems Exactly... Rounding up script kiddies one at a time is a pretty serious deterrent ;). I'm sure the bot-masters are quaking in their boots... :) - Original Message - From: andrew.wallace To: Michael Smith Cc: nanog@nanog.org Sent: Thu Dec 09 18:14:16 2010 Subject: Re: Mastercard problems It was a quick arrest wasn't it? - Original Message - From:Michael Smith To:andrew.wallace Cc: Sent:Thursday, 9 December 2010, 21:49:16 Subject:RE: Mastercard problems 1 down, 3896 to go... :) -Original Message- From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Thursday, December 09, 2010 4:44 PM To: nanog@nanog.org Subject: Re: Mastercard problems Dutch authorities have arrested a 16-year old "hacker" in connection with Mastercard. http://news.cnet.com/8301-31921_3-20025215-281.html Andrew
Re: Mastercard problems
It was a quick arrest wasn't it? - Original Message - From:Michael Smith To:andrew.wallace Cc: Sent:Thursday, 9 December 2010, 21:49:16 Subject:RE: Mastercard problems 1 down, 3896 to go... :) -Original Message- From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Thursday, December 09, 2010 4:44 PM To: nanog@nanog.org Subject: Re: Mastercard problems Dutch authorities have arrested a 16-year old "hacker" in connection with Mastercard. http://news.cnet.com/8301-31921_3-20025215-281.html Andrew
Re: Mastercard problems
"MasterCard works closely with the U.S. Secret Service, the FBI, the Postal Inspection Service, Interpol, Europol and counterpart organizations throughout the world to facilitate investigation and prosecution." http://www.mastercard.com/us/merchant/security/collaborating_experts.html Andrew - Original Message - From:James Downs To:andrew.wallace Cc:Christopher Morrow ; "nanog@nanog.org" Sent:Wednesday, 8 December 2010, 21:30:20 Subject:Re: Mastercard problems On Dec 8, 2010, at 12:30 PM, andrew.wallace wrote: > I would say the attack falls under the jurisdiction of the US secret service > since this is an attack on the financial system. > > "Today the agency's primary investigative mission is to safeguard the payment > and financial systems of the United States." --- secretservice.gov Yikes.. you consider a private company's business to be the financial and payment system of the United States? -j
Re: Mastercard problems
I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. "Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States." --- secretservice.gov Andrew - Original Message - From:Christopher Morrow To:Jack Bates Cc:"nanog@nanog.org" Sent:Wednesday, 8 December 2010, 18:47:49 Subject:Re: Mastercard problems I know that the folks involved on the MC side already have this data, and that the fbi is interested in it. -chris
U.S. officials deny technical takedown of WikiLeaks
Washington (CNN) -- U.S. officials at the Pentagon and State Department denied Friday knowing of any efforts to take down the WikiLeaks website or asking companies to do so. http://edition.cnn.com/2010/POLITICS/12/03/wikileaks.takedown/index.html Andrew
Re: wikileaks unreachable
Hi Nanog, Some more information here - http://www.reddit.com/r/netsec/comments/ecwnn/wikileaks_hacked_ahead_of_secret_us_document/c176lcb The hacker has featured previously in a news article on his attack platform - https://www.infosecisland.com/blogview/3258-Hacker-Releases-Second-Video-of-Enhanced-XerXeS-DoS-Attack-on-Apache-Vulnerability-.html Regards, Andrew - Original Message - From:Joel Esler To:Marshall Eubanks Cc:North American Network Operators Group Sent:Monday, 29 November 2010, 1:56:34 Subject:Re: wikileaks unreachable I've heard it's a DOS (not DDOS) according to twitter. Allegedly according to the person doing the DOS: Just so we are all straight and clear - wikileaks hit is not a 'Distributed' DoS, its a simple DoS - I dont use intermediaries or botnets. Sun Nov 16 - 15:28 EST http://twitter.com/th3j35t3r Joel On Nov 28, 2010, at 6:42 PM, Marshall Eubanks wrote: > > On Nov 28, 2010, at 5:19 PM, Wil Schultz wrote: > >> DOS is probably because they released some more stuff. >> >> "Secret US Embassy Cables" >> http://cablegate.wikileaks.org/ >> > > DDOS according to this > > http://www.securityweek.com/wikileaks-under-denial-service-attack-ddos > > Regards > Marshall > >> -wil >> >> On Nov 28, 2010, at 1:38 PM, James Downs wrote: >> >>> >>> On Nov 28, 2010, at 1:34 PM, Randy Bush wrote: >>> anyone know why https://www.wikileaks.org/ is not reachable? nations state level censors trying to close the barn door after the horse has >>> >>> Reported they were under attack: http://bgg.lv/h2pmsd >>> >>> >> >> >> > >
Re: Google groups outage
Issue is corrected, apologies. - Original Message From: andrew.wallace To: nanog@nanog.org Sent: Thu, 14 October, 2010 11:53:13 Subject: Google groups outage 500 server error for a long time. http://groups.google.com/ Andrew
Re: Facebook Issues/Outage in Southeast?
Completely down again (UK).
Re: Facebook Issues/Outage in Southeast?
Up in United Kingdom. Andrew - Original Message From: Harry Strongburg To: nanog@nanog.org Sent: Thu, 23 September, 2010 21:08:48 Subject: Re: Facebook Issues/Outage in Southeast? It's up for me in the North-East. Should be back now, I hope.
Re: Facebook Issues/Outage in Southeast?
Over the last 30 minutes or more (UK) Andrew - Original Message From: Ernie Rubi To: nanog@nanog.org Sent: Thu, 23 September, 2010 20:39:15 Subject: Facebook Issues/Outage in Southeast? Anyone else having trouble? We're colo'ed at the NOTA in Miami and directly peer with them - even though our session hasn't gone down we still can't reach them. Ernesto M. Rubi Sr. Network Engineer AMPATH/CIARA Florida International Univ, Miami Reply-to: erne...@cs.fiu.edu Cell: 786-282-6783
Re: Web expert on his 'catastrophe' key for the internet
On Wed, Jul 28, 2010 at 9:33 AM, Elmar K. Bins wrote: > andrew.wall...@rocketmail.com (andrew.wallace) wrote: > >> A British computer expert has been entrusted with part of a digital key, to >>help >> restart the internet in the event of a major catastrophe. >> >> >> Paul Kane talked to Eddie Mair on Radio 4's PM programme about what he might >be >> called upon to do in the event of an international online emergency. >> >> http://www.bbc.co.uk/news/uk-10781240 > > One, I do not see the operational relevance of this "news". > Second, people cult is just not the hype anymore. > Third, my opinion towards Mr. Kane will stay with myself. > I think there is a social vulnerability in a group of people who need to travel, a lot of the time, by plane, to exactly the same location to make new keys to reset DNSSEC. What I think is, this is leaving them wide open to attack. If an attack was state-sponsored, its likely they would be able to stop those selected people reaching the location in the United States by way of operational officers intercepting them by kidnap or murder, and indeed, a cyber attack without the need for human intervention to stop the select people getting to their destination could be done by knocking out the air traffic system. Which would, hamper the resetting and creation of new keys for DNSSEC. Even without the select people being prevented from reaching their location in the United States, the disclosure tells the bad guys, approximately how long an attack window they've got between the selected people leaving their work or home and travelling by plane to the location. It would have been better if the people who are the selected key holders was kept classified, a lot of the information given out wasn't in the public interest, or in the national interest for the arrangements to be made public. I'm guessing also, Mr.Kane would be travelling to the United States in a military plane and not a commercial airliner, but who knows? Of course this is just my opinion. Andrew Wallace
Web expert on his 'catastrophe' key for the internet
A British computer expert has been entrusted with part of a digital key, to help restart the internet in the event of a major catastrophe. Paul Kane talked to Eddie Mair on Radio 4's PM programme about what he might be called upon to do in the event of an international online emergency. http://www.bbc.co.uk/news/uk-10781240
Re: Who controlls the Internet?
On Sun, Jul 25, 2010 at 6:24 PM, Tarig Yassin wrote: > I would like to issue a question here, who controls this Internet? The truth to your question is, anybody who wants to. Hackers, activists, governments, terrorists all have the ability to control it. But probably not all at the same time. With the increase in irresponsible security disclosures by folks such as Tavis Ormandy, power and control is very much being handed to "the people". I have been campaigning for a while to get tighter laws introduced on irresponsible security disclosures, to give the government more control over the internet. Andrew Wallace
Re: North Korea conflict with US and South Korea could spark cyber war
On Sun, Jul 25, 2010 at 2:23 AM, Roy wrote: > On 7/24/2010 2:10 PM, Justin M. Streiner wrote: >> >> ... >> It does indeed seem to be tool/net.kook day here on NANOG. I didn't check >> to see if there is supposed to be a full moon tonight. >> >> jms >> >> > > Close! Full Moon on 25 July 2010 at 9:37 p.m. Eastern Daylight Time. > > They should be banned from Nanog, the rules state: "Postings that include foul language, character assassination, and lack of respect for other participants are prohibited." http://nanog.org/mailinglist/ Andrew Wallace
North Korea conflict with US and South Korea could spark cyber war
n3td3v Security is monitoring the situation between North Korea, US and South Korea. North Korea has already threatened to use its nuclear arms when the "wargames" begin Sunday by United States and South Korea, but n3td3v Security predicts North Korea is planning a large scale cyber attack on US interests. We could really see the first cyber war proper here when it all kicks off Sunday between US, S.Korea and the North. n3td3v Security is warning critical infrastructure utility companies to keep an eye on its cyber assets incase NK's cyber command launch any attack. Andrew Wallace http://sites.google.com/site/n3td3v/
U.S. Plans Cyber Shield for Utilities, Companies
Article: http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html My opinion: http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html#articleTabs%3Dcomments%26commentId%3D1330685 Andrew http://sites.google.com/site/n3td3v/
Re: The Economist, cyber war issue
Why hasn't Gadi left a comment on the article? Andrew - Original Message From: Randy Bush To: andrew.wallace Cc: Jeroen van Aart ; nanog@nanog.org Sent: Thu, 1 July, 2010 23:01:02 Subject: Re: The Economist, cyber war issue > There is a part 2 as well and this is a bug or a feature?
Re: The Economist, cyber war issue
There is a part 2 as well http://www.economist.com/node/16478792?story_id=16478792 Andrew - Original Message From: Jeroen van Aart To: NANOG list Sent: Thu, 1 July, 2010 19:57:08 Subject: Re: The Economist, cyber war issue andrew.wallace wrote: > Article: http://www.economist.com/node/16481504?story_id=16481504 I know it's shortsighted, but any article with the word cyber in it, used in such a way as being about "cyber this-or-that", already lost its credibility by virtue of using the word. It must be a of rather high quality to win back its credibility. This economist article sadly does the opposite. Regards, Jeroen -- http://goldmark.org/jeff/stupid-disclaimers/
Re: The Economist, cyber war issue
Article: http://www.economist.com/node/16481504?story_id=16481504 My opinion: http://www.economist.com/comment/586099#comment-586099 Andrew http://sites.google.com/site/n3td3v/ - Original Message From: Gadi Evron To: nanog@nanog.org Sent: Thu, 1 July, 2010 14:25:04 Subject: The Economist, cyber war issue The upcoming issue will be about cyber war. Check out the front page image: http://sphotos.ak.fbcdn.net/hphotos-ak-snc3/hs488.snc3/26668_410367784059_6013004059_4296972_499550_n.jpg Gadi.
Re: Nato warns of strike against cyber attackers
On Thu, Jun 10, 2010 at 4:22 AM, Jorge Amodio wrote: > Cyber Threats Yes, But Is It Cyber War? > http://www.circleid.com/posts/20100609_cyber_threats_yes_but_is_it_cyberwar/ > > -J Cyber war is something made up by the security industry to save it from going bankrupt because the traditional profit vectors such as virus and worm authors aren't releasing threats to the web anymore because the motivation for the hackers has changed from fun to money. You've got folks now trying to artificially ramp up cyber security as a national security agenda now to create a new profit vector now that the traditional threats don't exist anymore. "How do we ramp up cyber security as a national security agenda, something the next president has to worry about?" "How do we get cyber security as the top headline on CNN and Fox News so that cyber security is something The White House works on?" http://www.youtube.com/watch?v=FSUPTZVlkyU The response to this video was "It Shouldn't Take a 9/11 to Fix Cybersecurity (But it Might)" http://www.youtube.com/watch?v=cojeP3kJBug&feature=watch_response I highlighted these suspicious videos on Full-disclosure mailing list but they didn't seem to think there was anything wrong. I also sent them to MI5 via their web form but I've had no reply from them. Andrew http://sites.google.com/site/n3td3v/
Re: Nato warns of strike against cyber attackers
The original article is FUD. The Times newspaper is historically known as MI5, MI6's newspaper of choice. Andrew http://sites.google.com/site/n3td3v/
Re: BT strike could affect internet and phone connections
On Fri, May 28, 2010 at 1:17 AM, joel jaeggli wrote: > On 2010-05-27 10:42, andrew.wallace wrote: >> >> Look at it from an attackers point of view. If you're thinking about >> carrying out an electronic jihad of some kind when is the best time? >> A normal working day or during an engineers strike that only happens >> once every 23 years? > > Not to put to fine a point on it, a normal working day is the best time to > strike if you want to maximize the value of your attack. The point I'm getting at is this strike of this nature is a threat to national security and the internet is supposed to be classed as critical infrastructure, so shouldn't it be against the law for them to strike? Or has the law in the UK not got as far as the United States has on deeming what's critical infrastructure yet? We are far behind the United States and its about time we played catch-up. -- Andrew http://sites.google.com/site/n3td3v/
Re: BT strike could affect internet and phone connections
On Thu, May 27, 2010 at 7:23 PM, wrote: > On Thu, 27 May 2010 10:42:37 PDT, "andrew.wallace" said: >> Look at it from an attackers point of view. If you're thinking about carrying >> out an electronic jihad of some kind when is the best time? A normal working >> day or during an engineers strike that only happens once every 23 years? > > A co-worker of mine was asked by somebody high in the US government in late > 1999 if he was worried about attackers trying to pull something on New Year's. > Randy thought for a moment, and said "Hell no. There's going to be 3 zillion > engineers and programmers watching for any minor hiccup that day. The time to > pull something would be late January, when everybody's relaxed and stopped > worrying". > > The room got very quiet... :) > > Are you *still* using the same threat models as you were 11 years ago? -- Andrew http://sites.google.com/site/n3td3v/
Re: BT strike could affect internet and phone connections
On Thu, May 27, 2010 at 4:48 PM, Tim Franklin wrote: >> Internet and phone connections across Britain could go into meltdown >> as BT workers threaten their first national strike for 23 years... >> >> ‘Many business and residential phonelines could go out of action, and >> if broadband crashes then thousands and thousands of people will find >> their internet goes down.’ >> >> http://www.metro.co.uk/news/828021-threat-of-bt-strike-could-affect-internet-and-phone-connections > > I get a lovely vision from that of a real old-style manual switchboard > operator, frantically plugging internet connections together with patch > cords as each SYN packet rings a little bell. > > Clearly BT engineers being on strike will stop broken things from > being fixed[0]. I'm very unclear how it will cause things that are > working today to suddenly "go into meltdown"... > Look at it from an attackers point of view. If you're thinking about carrying out an electronic jihad of some kind when is the best time? A normal working day or during an engineers strike that only happens once every 23 years? -- Andrew http://sites.google.com/site/n3td3v/
BT strike could affect internet and phone connections
Internet and phone connections across Britain could go into meltdown as BT workers threaten their first national strike for 23 years... ‘Many business and residential phonelines could go out of action, and if broadband crashes then thousands and thousands of people will find their internet goes down.’ http://www.metro.co.uk/news/828021-threat-of-bt-strike-could-affect-internet-and-phone-connections -- Andrew http://sites.google.com/site/n3td3v/
Re: [only half OT] A socio-psychological analysis of the first internet war (Estonia)
--- On Thu, 29/4/10, Gadi Evron wrote: > A socio-psychological analysis of the first internet war (Estonia) There has been no cyber war yet. Estonia was not a cyber war. You've got it fundamentally wrong on the world stage infront of everyone. Andrew
Re: CNN Cyber Shockwave only available in US
--- On Sun, 21/2/10, Larry Brower wrote: > From: Larry Brower > Subject: Re: CNN Cyber Shockwave only available in US > To: "andrew.wallace" > Cc: nanog@nanog.org > Date: Sunday, 21 February, 2010, 1:29 > andrew.wallace wrote: > Funsec perhaps, but not here You *don't* expect The British to post on a mailing list setup & run by an ex-IDF (Israel Defence Force) agent do you? Who is, according to our records, subscribed to '8200 Fellowship - Israeli IDF' on LinkedIn. http://www.linkedin.com/groups?home=&gid=84086 Who is likely still to hold patriotic values in favour of Israel. No thanks, Andrew
CNN Cyber Shockwave only available in US
It is not being broadcast world wide... Provide links. Andrew
CNN LIVE stream?
I am from the UK and don't know how to watch CNN Cyber Shockwave via an internet live stream. The programme starts 8PM ET, 1AM UK. What do I do? Andrew
Re: "Cyber Shockwave" on CNN
--- On Sat, 20/2/10, Michael Painter wrote: > From: Michael Painter > Subject: Re: "Cyber Shockwave" on CNN > To: nanog@nanog.org > Date: Saturday, 20 February, 2010, 22:18 > andrew.wallace wrote: > > It looks like this demo is pressing ahead for the > intro of allowing the US Government to take control of > private sector > > networks > > "in an emergency"... and wants to include smart phones > into the bargin. > > > > Or at least that is my interpretation of what the demo > is trying to convince us on. > > > > Cyber Shockwave Reveals Unsettling Answers --- > > > > http://www.mi2g.com/cgi/mi2g/frameset.php?pageid=http%3A//www.mi2g.com/cgi/mi2g/press/180210.php > > > > Andrew > > > My favorite: "What was most troubling to the participants > was their inability to find a guilty party." > They could of at least of said Al-Queda for the sake of the programme. :) It's obvious though, they don't know who the enemy would be. They try however, to generally say China and Russia have the strongest *cyber* capability... however, there is no intelligence that either countries are 'planning' such an attack. It's all 'what if'. Bring us actual intelligence on a threat that X regime wants to Y to cause Z instead of throw away doomsday scenarios with no real-life context. The suicide bombers are happy doing their suicides, the Russians are happy keeping their nukes pointing at US with a 33 minute ATA, and The Mossad are happy carrying out their hotel assassinations. And The Chinese are possibly happy doing corporate espionage. I don't see any of US's enemies suddenly turning 'cyber' on us. Sure, those enemies are using the internet for espoinage, but its not within their interest to take down US networks, because then they wouldn't have espoinage routes in and out of America anymore. They could do it to try and blind The NSA, but that would be blinding their own signals intelligence operations in and out of US as well. Andrew
Re: "Cyber Shockwave" on CNN
--- On Sat, 20/2/10, Randy Bush wrote: > From: Randy Bush > Subject: Re: "Cyber Shockwave" on CNN > To: "andrew.wallace" > Cc: nanog@nanog.org > Date: Saturday, 20 February, 2010, 21:58 > > It looks like this demo is > > a bunch of sick press and sick ex-gov wishtheycouldbeagains > trying to > get as much mindshare as they can. and you're helping > them. > > randy > I refuse to let you say I am helping them -- I am from UK, I don't agree with them wanting to allow The NSA to take over private sector networks or citizens smart phones 'in an emergency'. Andrew
Re: "Cyber Shockwave" on CNN
--- On Sat, 20/2/10, Randy Bush wrote: > From: Randy Bush > Subject: Re: "Cyber Shockwave" on CNN > To: "andrew.wallace" > Cc: nanog@nanog.org > Date: Saturday, 20 February, 2010, 3:10 > the details were in the press days > ago. 83.2% scare, negligible lessons > we can actually put in practice without becoming (more of) > a police > state. > > randy > It looks like this demo is pressing ahead for the intro of allowing the US Government to take control of private sector networks "in an emergency"... and wants to include smart phones into the bargin. Or at least that is my interpretation of what the demo is trying to convince us on. Cyber Shockwave Reveals Unsettling Answers --- http://www.mi2g.com/cgi/mi2g/frameset.php?pageid=http%3A//www.mi2g.com/cgi/mi2g/press/180210.php Andrew
"Cyber Shockwave" on CNN
US carried out "Cyber Shockwave" - an exercise by non-government actors who have close relations to the government past. The results will be aired on CNN this weekend. Intelligence suggests the scenario was not standard and that a crash in the smart phone network was used as a concept of how US National Security *could* be compromised in 2011. CNN had exclusive television access to the national security cyber “war game” scenario. The simulated attack took place on Tuesday and was host by members of The Bipartisan Policy Center and will debut on Saturday, Feb. 20 and Sunday, Feb. 21 at 8pm, 11pm and 2am ET on CNN. I hope the Nanog community can tune in or watch later on catch up services and give feedback on your thoughts. Kind regards, Andrew
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Mon, Feb 8, 2010 at 6:37 PM, wrote: > You apparently fail to understand that making other people's research well > known in the community is an important role. Would we be more secure, or > less secure, if somebody did the research, but then nobody told the owners > of all that Cisco gear about it? (Hint: "pwned router" is never a good > day for the network provider) > > Or would we as a community be more safe, or less safe, if SANS > didn't do security traning courses ? > >> Andrew > >> Security consultant > > Is that what you're calling yourself these days? They cater for mostly the public sector, doing a SANS course does not make you *SAFE* it just means you have an understanding of current trends and be able to take mitigation. It is not a sure-shot way to be secure, you need to have years of hands-on experience in security. You can't walk out of SANS courses and be a security professional, you need to have a lot more than that. I started Cyber Security from my basement back in 1999 as an 18 year old, I am now 29 years old and am doing independent security consultancy work here in the UK for multiple global vendors. I have various titles and skills, security researcher, ethical hacker, security consultant, any of them can be used as those are the qualifications i've achieved over the years. It's not unusual in the security community for one person to fall into more than one category or be qualified to undertake more than one role. Kind regards, Andrew Security Consultant
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
- Original Message From: Brian Keefer To: NANOG list Cc: a.harrow...@gmail.com; andrew.wallace Sent: Fri, 5 February, 2010 1:55:58 Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations >>> Andrew >>> >>> Security consultant >> >> CITATION NEEDED >> > > > You can goto Full-disclosure mailing list > http://www.grok.org.uk/full-disclosure/ ... > Andrew > > Security consultant For "clarity and transparency" you were banned from that list for trolling under the persona "n3td3v". -- bk "n3td3v" isn't a persona, its my username and the name of the security & intelligence group I am the founder of. If you do think I am a troll I will happily discuss with you off-list what part of me you think is a troll because I have never trolled I am a deadly serious person. I will happily arrange a meeting with you so we can discuss this further, Andrew Security consultant
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 4, 2010 at 11:25 PM, wrote: > -original message- > Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and > recommendations > From: "andrew.wallace" > Date: 04/02/2010 11:09 pm > > On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron wrote: >> "That peer-review is the basic purpose of my Blackhat talk and the >> associated paper. I plan to review Cisco’s architecture for lawful intercept >> and explain the approach a bad guy would take to getting access without >> authorization. I’ll identify several aspects of the design and >> implementation of the Lawful Intercept (LI) and Simple Network Management >> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access >> to the interface, and provide recommendations for mitigating those >> vulnerabilities in design, implementation, and deployment." >> >> More here: >> http://blogs.iss.net/archive/blackhatlitalk.html >> >>Gadi. > > For the sake of clarity and transparency, > > Gadi Evron has absolutely no connection to this research whatsoever. > > He is famous in the security community for piggybacking off other peoples > research. > > We are frustrated with him as much as we are annoyed. > > Andrew > > Security consultant > > CITATION NEEDED > You can goto Full-disclosure mailing list http://www.grok.org.uk/full-disclosure/ and ask about "Gadi Evron". There will be plenty folks there who will tell you he is involved in plagiarism. Andrew Security consultant
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron wrote: > "That peer-review is the basic purpose of my Blackhat talk and the > associated paper. I plan to review Cisco’s architecture for lawful intercept > and explain the approach a bad guy would take to getting access without > authorization. I’ll identify several aspects of the design and > implementation of the Lawful Intercept (LI) and Simple Network Management > Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access > to the interface, and provide recommendations for mitigating those > vulnerabilities in design, implementation, and deployment." > > More here: > http://blogs.iss.net/archive/blackhatlitalk.html > >Gadi. For the sake of clarity and transparency, Gadi Evron has absolutely no connection to this research whatsoever. He is famous in the security community for piggybacking off other peoples research. We are frustrated with him as much as we are annoyed. Andrew Security consultant
Fwd: [Pauldotcom] Skiddy Interview
-- Forwarded message -- From: andrew.wallace Date: Sat, Jan 30, 2010 at 9:31 PM Subject: Re: [Pauldotcom] Skiddy Interview To: Adrian Crenshaw Cc: PaulDotCom Security Weekly Mailing List On Sat, Jan 30, 2010 at 3:10 PM, Adrian Crenshaw wrote: > Kind of interesting Skiddy Interview: > > http://hackerpublicradio.org/eps/hpr0505.mp3 > > Guy seems pretty uneducated, but it gives you an idea of the mentality. No > offence meant to the HPR podcast, it has some good stuff. > Like your comments. > > Adrian > He mentions selling a Bank of America employee account starting around 7 minutes 40 seconds, which just suffered a Denial of Service attack to its website. http://isc.sans.org/diary.html?storyid=8119 Any connection? Of course probably not, but just thought i'd throw it out there anyway. Andrew
Re: Anyone see a game changer here?
On Fri, Jan 15, 2010 at 2:07 PM, Bruce Williams wrote: > Mark Rasch, former head of the Department of Justice computer crime > unit, called the attacks “cyberwarfare,” and said it was clearly an > escalation of a digital conflict between China and the U.S. > > As if the old threat models weren't bad enough... > > > Bruce It appears this is just western propaganda because: One analyst said Friday that he is not sure the attacks point to the Chinese government. Rob Knake, a cybersecurity expert with the Council on Foreign Relations, said his analysis of results from a technology firm investigating the attacks suggests that they "were not state-sponsored or the work of an elite, sophisticated group such as the Chinese military." http://www.washingtonpost.com/wp-dyn/content/article/2010/01/15/AR2010011503321.html Andrew
U.S. plans formal complaint over Google attacks
Hey Marcus, you got what you wanted pal (http://www.youtube.com/watch?v=FSUPTZVlkyU), cyber security ramped up as a national security agenda item. http://news.cnet.com/8301-30684_3-10436018-265.html Congrats, Andrew
Re: JunOS remote DoS code has been posted to FD
And here is the direct link for anyone who's interested: http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072340.html - Original Message From: Brian Keefer To: NANOG list Sent: Sun, 10 January, 2010 2:59:50 Subject: JunOS remote DoS code has been posted to FD I haven't tested the code myself, but no reason to think it doesn't work. Consider this your "exploits are in the wild" notice. -- bk
Re: FYI, new USG Cybersecurity Coordinator ...
On Wed, Dec 23, 2009 at 7:19 AM, Christopher Morrow wrote: > (again, this seems really off topic, but) > > On Tue, Dec 22, 2009 at 7:33 PM, andrew.wallace > wrote: >> though Gadi is Israeli and Marcus Sachs Pakistani and couldn't be > > marcus is pakistani? > > "He was born in Lahore, Pakistan in 1959 and moved to Tallahassee, Florida with his parents and younger brother in 1961." --Wikipedia. http://en.wikipedia.org/wiki/Marcus_Sachs To me its amazing how deep into U.S Intelligence and The White House he's been allowed to go up until now.
Re: FYI, new USG Cybersecurity Coordinator ...
On Tue, Dec 22, 2009 at 7:06 PM, Paul Ferguson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Tue, Dec 22, 2009 at 7:09 AM, wrote: > >> On Tue, 22 Dec 2009 07:42:18 CST, Jorge Amodio said: >>> http://www.whitehouse.gov/blog/2009/12/22/introducing-new-cybersecurity- >>> coordinator/?e=23&ref=image >> >> "Meet the new boss / Same as the old boss" -- The Who, "Won't Get Fooled >> Again". >> >> Do we have any indication that anything has been changed this time >> around? >> >> Operational content: None, unless he's actually able to make things >> happen now, in which case things might get interesting... >> > > As I mentioned elsewhere, nobody else wanted the job. :-) > > - - ferg I'm sure Gadi Evron wanted it--- except he used to work for Israel Defence Force (IDF, Military Intelligence) http://www.linkedin.com/in/gadievron and knew he would be denied. Also, Marcus Sachs probably wanted it. Both are power hungry morons in the Cybersecurity realm respected by little but no people. But as Marcus Sachs already states on SANS ISC, http://isc.sans.org/diary.html?storyid=7792 he is friends with Howard Schmidt "I've known and worked with Howard for over 12 years and I think he's going to do well in this position." Yeah I bet he will--- with you and Gadi telling him what to do behind the scenes. Israel and Pakistan working Howard Schmidt by the strings. So even though Gadi is Israeli and Marcus Sachs Pakistani and couldn't be appointed as cybersecurity czar, they both are going to be working the strings attached to the puppet show that is about to commence in 2010. Just when we thought we might have a Cybersecurity czar not related to Marcus Sachs and Gadi Evron, the White House let's us down again, and the circle of power continues, the ring of evil that is Gadi and Marcus, both with connections to foreign Intelligence agency's and working the strings of the new Cybersecurity puppet. Anybody who is 12 years friends with Marcus Sachs shouldn't of been appointed in my humble opinion, and we know Gadi is best friends with Marcus Sachs, so we are all pretty much doomed to failure, as we all know Marcus and Gadi have a pro-cyber war agenda and will try and ramp it up to Howard Schmidt from behind the scenes. While folks said no one wanted the job, thats correct, but what will be happening now, is a lot of folks who are power hungry trying to influence Howard Schmidt for their own agendas from behind closed doors. The power hungry's will now be jockeying for position behind the scenes, to influence and manipulate the new Cybersecurity czar for their own agendas, and unless Howard Schmidt is on the ball and aware of this he's going to be used and abused by everybody and he and the White House will be taken for a ride because all the interest groups with their own cybersecurity agendas are going to want to exploit Howard Schmidt, and not all of this might be in the best interests of the United States. The United States will need to be careful who gets access to Howard Schmidt, who is friends with Howard Schmidt and who might be trying to manipulate and play him. We are living in dangerous times, unless the new cybersecurity czar is managed properly. There are people out there, just two of them mentioned above, who are pro-cyber war and will want access to Howard Schmidt and they should be denied access to him, because we don't want Howard Schmidt to be told the wrong things, that relayed back to Obama and the wrong cyber political messages being said on television by Obama. I'm not worried, i'm very worried about who has access to Howard Schmidt.
Re: Dan Kaminsky
Hi, Read my post one more time and think though: Only "zf0" are legally in the shit. The guy "Dragos Ruiu" has absolutely no case against me. Copy & paste doesn't count as defamation, speak to Wired's legal team if you have an issue. Cheers, Andrew On Tue, Aug 4, 2009 at 2:02 AM, Richard A Steenbergen wrote: > On Sat, Aug 01, 2009 at 01:11:17PM -0700, Cord MacLeod wrote: >> I don't see a video attached or an audio recording. Thus no slander. >> >> Libel on the other hand is a different matter. > > You have those backwards. Slander is transitory (i.e. spoken) > defamation, libel is written/recorded/etc non-transitory defamation. > This seems like a group that could benefit from knowing those two words. > :) > > -- > Richard A Steenbergen http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) > >
Re: Dan Kaminsky
On Thu, Jul 30, 2009 at 11:48 PM, Dragos Ruiu wrote: > at the risk of adding to the metadiscussion. what does any of this have to > do with nanog? > (sorry I'm kinda irritable about character slander being spammed out > unnecessarily to unrelated public lists lately ;-P ) > What does this have to do with Nanog, the guy found a critical security bug on DNS last year. There is no slander here, I put his name in the subject header so to draw attention to the relevance of posting it to Nanog. I copy & pasted a news article caption, which also doesn't slander Dan Kaminsky but reports on the actions of other people true to the facts. Any further slander allegations, please point them at Wired's legal team. Andrew
Re: Dan Kaminsky
--- On Wed, 7/29/09, Scott Weeks wrote: > From: Scott Weeks > Subject: Re: Fwd: Dan Kaminsky > To: "andrew.wallace" > Date: Wednesday, July 29, 2009, 10:10 PM > > > --- andrew.wall...@rocketmail.com > wrote: > > http://www.leetupload.com/zf05.txt > -- > > > This one is off line: > > > Site Temporarily Unavailable > We apologize for the inconvenience. Please contact the > webmaster/ tech support immediately to have them rectify > this. > > error id: "bad_httpd_conf" > > > scott > > Dan Kaminsky mirrors: http://r00tsecurity.org/files/zf05.txt http://antilimit.net/zf05.txt Much thanks, Andrew >
Fwd: Dan Kaminsky
-- Forwarded message -- From: andrew.wallace Date: Wed, Jul 29, 2009 at 6:22 PM Subject: Real Black Hats Hack Security Experts on Eve of Conference To: Information Security Mailing List LAS VEGAS — Two noted security professionals were targeted this week by hackers who broke into their web pages, stole personal data and posted it online on the eve of the Black Hat security conference. Security researcher Dan Kaminsky and former hacker Kevin Mitnick were targeted because of their high profiles, and because the intruders consider the two notables to be posers who hype themselves and do little to increase security, according to a note the hackers posted in a file left on Kaminsky’s site. The files taken from Kaminsky’s server included private e-mails between Kaminisky and other security researchers, highly personal chat logs, and a list of files he has purportedly downloaded that pertain to dating and other topics. The hacks also targeted other security professionals, and were apparently timed to coincide with the Black Hat and DefCon security conference in Las Vegas this week, where Kaminsky is unveiling new research on digital certificates and hash collisions. The hackers criticized Mitnick and Kaminsky for using insecure blogging and hosting services to publish their sites, that allowed the hackers to gain easy access to their data. http://www.wired.com/threatlevel/2009/07/kaminsky-hacked/ http://www.leetupload.com/zf05.txt
Nanog mentioned on BBC news website
Big up the Nanog community, you do the net proud... http://news.bbc.co.uk/1/hi/technology/8163190.stm
Re: one shot remote root for linux?
Why are you alining yourself with a computer hacker? I thought you were trying to stop these guys releasing exploits in your line of work? Andrew On Tue, Apr 28, 2009 at 3:10 PM, Gadi Evron wrote: > This is one of them mysterious and rare cases where a non router OS > vulnerability may affect network operations. > > Sometimes news finds us in mysterious yet obvious ways. > > HD Moore (respected security researcher) set a status which I noticed on my > twitter: > > @hdmoore reading through sctp_houdini.c - one-shot remote linux kernel > root - http://kernelbof.blogspot.com/ > > I asked him about it on IM, wondering if it is real: > "looks like that > but requires a sctp app to be running" > > Naturally, I retweeted. > > Signed, > > �...@gadievron > > >
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
The network community and the security community need to collaborate as much as possible to defeat the threats. I'm British and i'm hoping to make UK as secure as possible. We can only do this by pulling together and reporting intelligence between community's, either if that's on an open list such as Nanog or by invitation only lists run by law enforcement. It doesn't matter as long as both community's are focused on cyber security. Many thanks, Andrew On Sat, Apr 18, 2009 at 3:07 AM, Steve Pirk wrote: > I get it now... Chaim Rieger = netdev > Nice trick. > > -- > Steve > > On Sat, 18 Apr 2009, Chaim Rieger wrote: > >> And I want cnet to not report this crap. >> >> They glamorise it. >> --Original Message-- >> From: andrew.wallace >> To: nanog@nanog.org >> To: n3td3v >> Subject: Re: Michael Mooney releases another worm: Law Enforcement / >> Intelligence Agency's do nothing >> Sent: Apr 17, 2009 18:38 >> >> So if Al-Qaeda blow up a shopping centre and the guy who masterminded >> it turns out to be 17 he gets a job in MI5? >> >> OH MY GOD. >> >> On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates wrote: >>> >>> andrew.wallace wrote: >>>> >>>> I want this individual made an example of and im not joking. >>>> >>> >>> And I'd like an example made of companies that ignore reports of security >>> flaws and leave their customers open to such worms; not to mention giving >>> the impression to misguided teenagers that the only way they will be >>> heard >>> is to release a worm. >>> >>> Historically, I believe some companies have ignored security concerns >>> until >>> someone (sometimes non-maliciously) released a worm. Of course, even >>> non-malicious worms can have unpredictable results which result in >>> catastrophic behavior. The earliest examples predate my residence on the >>> network, but I've read a small bug made them extremely bad. >>> >>> Jack >>> >>> >> >> >> >> Sent via BlackBerry from T-Mobile > >
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
All i'm saying is "Cyber Security" needs to be taken as seriously as "real life" security. Hopefully though the 60 day cyber security review by Melissa Hathaway will shake things up. Andrew On Sat, Apr 18, 2009 at 2:49 AM, Chaim Rieger wrote: > And I want cnet to not report this crap. > > They glamorise it. > --Original Message-- > From: andrew.wallace > To: nanog@nanog.org > To: n3td3v > Subject: Re: Michael Mooney releases another worm: Law Enforcement / > Intelligence Agency's do nothing > Sent: Apr 17, 2009 18:38 > > So if Al-Qaeda blow up a shopping centre and the guy who masterminded > it turns out to be 17 he gets a job in MI5? > > OH MY GOD. > > On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates wrote: >> andrew.wallace wrote: >>> >>> I want this individual made an example of and im not joking. >>> >> >> And I'd like an example made of companies that ignore reports of security >> flaws and leave their customers open to such worms; not to mention giving >> the impression to misguided teenagers that the only way they will be heard >> is to release a worm. >> >> Historically, I believe some companies have ignored security concerns until >> someone (sometimes non-maliciously) released a worm. Of course, even >> non-malicious worms can have unpredictable results which result in >> catastrophic behavior. The earliest examples predate my residence on the >> network, but I've read a small bug made them extremely bad. >> >> Jack >> >> > > > > Sent via BlackBerry from T-Mobile
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? OH MY GOD. On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates wrote: > andrew.wallace wrote: >> >> I want this individual made an example of and im not joking. >> > > And I'd like an example made of companies that ignore reports of security > flaws and leave their customers open to such worms; not to mention giving > the impression to misguided teenagers that the only way they will be heard > is to release a worm. > > Historically, I believe some companies have ignored security concerns until > someone (sometimes non-maliciously) released a worm. Of course, even > non-malicious worms can have unpredictable results which result in > catastrophic behavior. The earliest examples predate my residence on the > network, but I've read a small bug made them extremely bad. > > Jack > >
Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
by n3td3v April 17, 2009 5:43 PM PDT "The teenager who takes credit for the worms that hit Twitter earlier this week has been hired by a Web application development firm and on Friday released a fifth worm on the microblogging site, he said." I hope the FBI nip him in the bud, this cannot continue, this needs to be made an example of. I want Law enforcement / Intelligence agency's to take control of the situation, now. http://news.cnet.com/8618-1009_3-10222373.html?communityId=2114&targetCommunityId=2114&blogId=83&messageId=7821482&tag=mncol;tback I want this individual made an example of and im not joking. Many thanks, Andrew Intelligencer & Founder of n3td3v British
Re: All Google Search Results: "This site may harm your computer."
On Sun, Feb 1, 2009 at 5:23 AM, Chris Mills wrote: > Anyone seeing phishing alerts for senders in this thread? > > http://farm4.static.flickr.com/3080/3243440012_d1f6f1e5e7_o.png > > -Chris Yes.