[ale] A story of Proactive Log Review and the best developer in the world.

Jim Kinney jim.kinney at gmail.com
Wed Jan 16 09:18:38 EST 2013 

How do I get in on this? I would like to focus on brewing while retaining
the income of a senior sysadmin.

On Wed, Jan 16, 2013 at 9:13 AM, JD <jdp at algoloma.com> wrote:

> Summary:
> * Security at small IT shop is actually proactively looking at system logs.
> * They see a VPN connection from China. Suspicious.
> * They are using RSA-based fob authentication. All commercial with vendor
> support. (JD: A few yrs ago, RSA had a leak that made predicting the
> numbers on
> a fob possible if the fob serial number was known. I think RSA had a
> spreadsheet
> with that data stolen).
> * Research shows the VPN connection is active every day
> * the fob being used is always the same. It is assigned to a well-known,
> respected, liked employee, family man, mid-40s. Always got excellent
> annual reviews.
> * Security figures someone inside the company had their PC hacked
> * Further research shows a few emails with PDFs from China to the mid-40s
> programmer, so security thinks it is a targeted attack using PDF. A common
> attack vector.
> * Security mirrors his PC and scans for malware, rootkits, viruses.
> * Security talks to the employee who finally volunteers that he had sent
> his fob
> to a company in China to perform software development. He had "outsourced"
> his
> coding.
> * Further research finds that he's performing work for a few other "client
> companies" and earning a few hundred $K annually.
>
> I don't recall any concrete statement about non-disclosure agreements
> being signed.
>
> This is all from memory, so please correct what I got wrong.  Read it a few
> hours ago.
>
>
> On 01/16/2013 08:47 AM, Jim Kinney wrote:
> > VERY short read:
> >
> >
> >   Error establishing a database connection
> >
> >
> >
> > :-)
> >
> > On Tue, Jan 15, 2013 at 11:18 PM, Brandon Wood <woody at 2143.net
> > <mailto:woody at 2143.net>> wrote:
> >
> >     This isn't a long read; well worth your time. :)
> >
> >
> http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/
> >
> >     Shamelessly stolen from Reddit.
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130116/96f655eb/attachment.html>

More information about the Ale mailing list