No subject


Tue Nov 13 08:16:38 EST 2012 

Geoffrey Myers

On Jan 16, 2013, at 9:13 AM, JD <jdp at algoloma.com> wrote:

> Summary:
> * Security at small IT shop is actually proactively looking at system logs.
> * They see a VPN connection from China. Suspicious.
> * They are using RSA-based fob authentication. All commercial with vendor
> support. (JD: A few yrs ago, RSA had a leak that made predicting the numbers on
> a fob possible if the fob serial number was known. I think RSA had a spreadsheet
> with that data stolen).
> * Research shows the VPN connection is active every day
> * the fob being used is always the same. It is assigned to a well-known,
> respected, liked employee, family man, mid-40s. Always got excellent annual reviews.
> * Security figures someone inside the company had their PC hacked
> * Further research shows a few emails with PDFs from China to the mid-40s
> programmer, so security thinks it is a targeted attack using PDF. A common
> attack vector.
> * Security mirrors his PC and scans for malware, rootkits, viruses.
> * Security talks to the employee who finally volunteers that he had sent his fob
> to a company in China to perform software development. He had "outsourced" his
> coding.
> * Further research finds that he's performing work for a few other "client
> companies" and earning a few hundred $K annually.
> 
> I don't recall any concrete statement about non-disclosure agreements being signed.
> 
> This is all from memory, so please correct what I got wrong.  Read it a few
> hours ago.
> 
> 
> On 01/16/2013 08:47 AM, Jim Kinney wrote:
>> VERY short read:
>> 
>> 
>>  Error establishing a database connection
>> 
>> 
>> 
>> :-)
>> 
>> On Tue, Jan 15, 2013 at 11:18 PM, Brandon Wood <woody at 2143.net
>> <mailto:woody at 2143.net>> wrote:
>> 
>>    This isn't a long read; well worth your time. :)
>> 
>>    http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/
>> 
>>    Shamelessly stolen from Reddit. 
>> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list