Internet Security Operations and Intelligence – a DA Workshop

the da workshop will be mostly on the subject of botnets, while touching phishing and ddos.

it will take place on august 10th, hosted by cisco in san jose with a dinner, sponsored by the isc.
participation is open only to members of closed and vetted mitigation and security operations groups.

main lineup:

“bot, botnets, sandbox, impact”
righard j. zwienenberg (norman)

“msrc malware/exploit zero day response – case studies”
greg galford (microsoft)

“the rough road around us in botnet tracking”
jose nazarijo (arbor)

“malcode toolkit profiteering:feeding the trend in m.o. from fame to fortune”
hubbard dan (websense)

case study: ***
levi gundert (us secret service)

“recent bots detection information from microsoft security products”
ziv mador (microsoft)

“security inside the router:how network gear handles ddos attacks”
barry raveendran greene (cisco)

“what keeps us up at night:
new & advanced difficult to mitigate ddos attacks”
darrel lewis (cisco)

“the global infection rate”
rick wesson (alice’s registry)

“phishing and botnets organized crime:
globalization and tehnology intelligence update”
gadi evron (beyond security)

“fast-flux botnet c&c servers – detection & mitigation”
randy vaughn (baylor)

david ulevitch (everydns / opendns)

jerry dixon (dhs – us-cert)

paul vixie (isc)

the web site for the workshop is:

gadi evron,


Team Evil Incident (Cyber-terrorism defacement analysis and response)

beyond security’s besirt just released this document, detailing one of the
recent cyber-terrorism defacement attacks on pro-israeli servers by team
evil, following the political tensions in gaza, with:

*. tech details.
*. log of the incident response team, detailing the experience.
*. some conclusions and lessons-learned.

you can find the document here:

gadi evron,


Consultant takes out the hassle of remembering password

A security consultant working for the FBI, got a hold of Robert Mueller’s password because he, and I quote: “[he wanted] avoid bureaucratic obstacles and better help the FBI install its new computer system”. Good thing for Robert, now he no longer has to remember that pesky password, he can call Joseph Thomas Colon – the consultant – and ask him what is password is.. I comic strip in the making (hint hint).


Disappearing Acts

Human history is marked with many years that caused people to fear from the unknown, just because it is unknown…
You may think that we have learn by now that we must know things in order to use and trust them …

Well I read a small advisory about NTFS Data Stream.

For those of you that do not know, data streams allow users to set file properties that can store any amount of data, and can be accessed only when you know the name of that stream.

When using a Data stream of NTFS , the original file size or content is not effected, so in fact, I can hide information from other users, that do not know what are the names of the file custom properties.

Yea this issue is very very old, we at SecuriTeam reported it back in 1998. So why is it, that still most AntiVirus out there do not scan these sections ?

Why I can still bypass Quota settings, and evade other users ?
While Microsoft have made a long road from not caring about security issues, to actually fix them, they still do not touch the “by design” security risks, just like when the WMF gate has merged. Now a very old issue is raising again.

So, now it’s time for us to see if Microsoft will wait for a new highly contiguous worm. or we shell see Redmond taking a nice marketing step and fix this by design issue prior to that…


Corporate workers neglect danger of using public email services

According to research, recently conducted by Radicati Group, every 20th corporate worker at least once used email to send information classified as corporate sensitive or even as commercial secret. Among with it every 2 out of 3 workers use personal email boxes such as publicly available web mail services to exchange corporate information.

Public email services are not always secure as corporate email. Insufficient privacy policies of those services make its use for corporative data illegitimate.

We reserve the right to transfer your personal information in the event of a transfer of ownership of XXXX, …. ” sounds familiar ?