Windows screensaver lock and lecturing

i was giving a lecture at nps yesterday, and while i was unlocking my laptop (xp), suddently, before unlocked, a file open window pops up. i could browse, and more importantly, open files. the first choice of the system was .hlp.

can someone say pwnage? anyone up to doing some monkey fuzzing on that interface?

gadi evron,

ISOI 3 is on, and Washington DC is hot

following up on that strange title, isoi 3 (internet security operations and intelligence), a workshop for do-ers who work on the security of the internet and its users, is happening monday and tuesday in washington, dc.

this time around we have even more government participation (we’re in dc, duh), but a bit less from academia (who can try and look at long term solutions), rather than just us security researchers, and operators (who respond, contain and mitigate incidents).

i am very pleased with our progress on encouraging global cooperation, and getting more industry information sharing going. i am also happy we are moving from “just” good-will based relationships to the physical world with our efforts, being able to take things to the next level with world-wide operational task forces and, indeed, affecting change.

if you are interested in this realm of internet security operations, take a look at isoi 3’s schedule, and perhaps submit something for the next workshop.

some reporters are somewhat annoyed that entrance is barred to them, but i hope they’d understand that although we make things public whenever we can as full disclosure is a strong weapon in the fight against cyber crime, folks can not share as openly when they have to be on their toes all the time.

the third isoi is here because after dhs ended up unable to host it, sponsors emerged who were happy to assist:

afilias ltd.:
the internet society:
shinkuro, inc.:

it’s going to be an interesting next week here at the swamp. atendees better show up with their two forms of id. 🙂

gadi evron,

eWeek: Estonian Cyber-War Highlights Civilian Vulnerabilities

i posted a column on eweek on what critical infrastructure means, looking back at the estonia incident.

they edited out some of what i had to say on home computers and their impact as a critical infrasrtcuture, but hey, word limitations.,1895,2166125,00.asp

Gadi Evron,

Genius Twist on Nigerian Scams

1. phish an hotmail acount.
2. send email from the stolen acount to all the friends listed for the person, saying you are stuck in nigeria and are in an emergency, asking your friends for money to be wired.

(thanks suresh)

gadi evron,