Saturday, August 26, 2006
Where Asst. US Attorney Kathryn Warma sought 6 years imprisonment, the defense sought probation. The judge, after much thoughtful deliberation, gave him three years, followed by three years probation, and more that $250,000 in restitution to Northwest Hospital and DoD. He may well pay more to the school district too.
By any real standard, Mr. Maxwell's life is ruined, thanks to sadly flexible morals and the desire for easy cash.
It's a shame as, on one hand I felt bad for him, as I watched his family weep and pray, and noted his own readily visible emotions. He was indeed remorseful and accepted responsibility for his actions.
But my compassion began to fade as, in his own opportuntiy to speak to the judge, he suggested he might best serve time by speaking to high school students and other youth groups about his wrong doing.
To this I say, three years in the hole will offer a far better deterrent than Mr. Maxwell on a speaking tour, elevated to a status he is not worthy of.
Yes, his sole intention was propogating adware for pay, and even with root access to machines, he did no further damage and stole no information.
But botnets for dollars, or any other nefarious purpose, could have, quite simply in this case, cost someone their lives. Northwest Hospital continued to operate thanks to good disaster planning, but what if they hadn't? What if someone was misdiagnosed or issued the wrong medication as a function of Mr. Maxwell's criminal acts?
Both the Assistant US Attorney and Judge Pechman spoke directly of the need for deterrence. Yes, it may not help with our friends overseas, but maybe, just maybe, some script kiddie in a basement somewhere will now think twice before firing up an IRC server and letting loose with the malware.
To Asst. US Attorney Warma, Agent Dave Farquhar, and Judge Pechman I say, job well done.
Tuesday, August 15, 2006
For Bleeding-Edge rules, I prefer the single bleeding-all.rules so I use this to update it rather than Oinkmaster:
rm -f bleeding-all.rules
To fire Oinkmaster manually rather than cron:
oinkmaster.pl -C /etc/oinkmaster.conf -C /etc/autodisable.conf -o /etc/snort/rules
To kill the daemon:
To confirm Snort process state:
ps aux | grep snort
To confirm Snort running cleanly after config or rule changes:
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth1 -v
To start the daemon:
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth1 -g snort -D
Thursday, August 03, 2006
This essay describes a scenario that has long bothered me to no end.
What place does a hacker with obvious moral flexibilty have in our
enterprises? Certainly they may be talented and quite brilliant, but can
they truly be trusted?
An associate, whose views I respect greatly, said this regarding
Mitnick's books. "I'll check them out of the library and read them for
the value they hold. But I won't buy them, I simply can't fund the
The essay's author is right. We willingly pay for the breakdown of
simple societal standards that not so long ago were the expected norm.
Is it too much to ask that our information be safe, our systems
unhindered by malware designed to rob us financially and strategically,
and that organizations will choose not to hire the morally flexible?
Sadly, we know it is too much to ask.
But, I for one, will continue in my quest to protect that information,
those systems, and the people who count on them, living by a solid moral
standard built on the premise of "first, do no harm."
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...
It's rather hard to believe, unimaginable even, but here we are. This is the 120th consecutive edition of toolsmith; every mon...
Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho...
I'm a bit slow on this one but better late than never. Steph dropped her HIBPwned R package on CRAN at the beginning of June, and it...