<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>+1<br><br><div>--</div><div>From my iP<span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); ">hone</span></div><div>Geoffrey Myers</div></div><div><br>On Jan 16, 2013, at 9:18 AM, Jim Kinney <<a href="mailto:jim.kinney@gmail.com">jim.kinney@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div>How do I get in on this? I would like to focus on brewing while retaining the income of a senior sysadmin.<br><br><div class="gmail_quote">On Wed, Jan 16, 2013 at 9:13 AM, JD <span dir="ltr"><<a href="mailto:jdp@algoloma.com" target="_blank">jdp@algoloma.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Summary:<br>
* Security at small IT shop is actually proactively looking at system logs.<br>
* They see a VPN connection from China. Suspicious.<br>
* They are using RSA-based fob authentication. All commercial with vendor<br>
support. (JD: A few yrs ago, RSA had a leak that made predicting the numbers on<br>
a fob possible if the fob serial number was known. I think RSA had a spreadsheet<br>
with that data stolen).<br>
* Research shows the VPN connection is active every day<br>
* the fob being used is always the same. It is assigned to a well-known,<br>
respected, liked employee, family man, mid-40s. Always got excellent annual reviews.<br>
* Security figures someone inside the company had their PC hacked<br>
* Further research shows a few emails with PDFs from China to the mid-40s<br>
programmer, so security thinks it is a targeted attack using PDF. A common<br>
attack vector.<br>
* Security mirrors his PC and scans for malware, rootkits, viruses.<br>
* Security talks to the employee who finally volunteers that he had sent his fob<br>
to a company in China to perform software development. He had "outsourced" his<br>
coding.<br>
* Further research finds that he's performing work for a few other "client<br>
companies" and earning a few hundred $K annually.<br>
<br>
I don't recall any concrete statement about non-disclosure agreements being signed.<br>
<br>
This is all from memory, so please correct what I got wrong. Read it a few<br>
hours ago.<br>
<div class="im HOEnZb"><br>
<br>
On 01/16/2013 08:47 AM, Jim Kinney wrote:<br>
> VERY short read:<br>
><br>
><br>
> Error establishing a database connection<br>
><br>
><br>
><br>
> :-)<br>
><br>
> On Tue, Jan 15, 2013 at 11:18 PM, Brandon Wood <<a href="mailto:woody@2143.net">woody@2143.net</a><br>
</div><div class="im HOEnZb">> <mailto:<a href="mailto:woody@2143.net">woody@2143.net</a>>> wrote:<br>
><br>
> This isn't a long read; well worth your time. :)<br>
><br>
> <a href="http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/" target="_blank">http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/</a><br>
><br>
> Shamelessly stolen from Reddit.<br>
><br>
</div><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
</i></i></i>
</i></i></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Ale mailing list</span><br><span><a href="mailto:Ale@ale.org">Ale@ale.org</a></span><br><span><a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a></span><br><span>See JOBS, ANNOUNCE and SCHOOLS lists at</span><br><span><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a></span><br></div></blockquote></body></html>