Re: [ISN] We're Watching You

From: InfoSec News (isnat_private)
Date: Mon Apr 29 2002 - 02:17:46 PDT

  • Next message: InfoSec News: "[ISN] Crooks Cause Chilean Car Chaos"

    Forwarded from: Justin Lundy <jblat_private>
    Raytheon developed SilentRunner directly after a programmer named
    "bind" published his open-source "siphon" project on the Internet two
    years ago. The siphon software passively mapped networks (see where
    the SilentRunner name comes from?) to generate OS fingerprints for all
    hosts that were a source of traffic. This also included a list of all
    open ports on the machines. Newer versions, and the development
    versions contain a greatly expanded list of useful features.
    Raytheon was seen reading the siphon material and downloading the
    software several times from several different machines on their
    network for months. The passive network mapping concept is definately
    not worth trademarking, patenting, copyrighting, or
    sevicemarking--because it is so simple. If you want this same
    functionality for FREE, hire a consultant that understands how to
    open-source operate protocol analyzers such as tcpdump, ngrep, or
    ethereal. Or download siphon[1].
    Having worked in the computer industry for a while, nothing sickens me
    more than a constant supply of low-quality, small-scope software that
    was written in a week and sells for rediculous amounts of money. If
    you would like to see where this concept was originally and publicly
    implemented, see siphon[1]. Bind presented at Blackhat USA 2001 on the
    concept. And please, before you encourage "commercial industry
    experts" by purchasing their BS; look around at the FREE alternatives
    If you would like a more in depth explanation, feel free to contact me
    via email directly. If I see another defense contractor scam companies
    by selling trash like this, I will vomit on their marketing material
    and physically mail it back to them. If anyone from Raytheon threatens
    me as a result of this email, I would like to remind them that this
    was an expression of my opinion and experience in dealing with such
    software vendors; and as such is protected by the First Ammendment.
    On Fri, Apr 26, 2002 at 03:09:29AM -0500, InfoSec News wrote:
    > Joseph C. Anselmo
    > Washington Techway
    > Thursday, April 25, 2002; 10:45 AM 
    > The security chief at a big name brokerage firm in New York had a
    > problem. Proprietary information was being leaked from the trading
    > floor to a competitor and he didn't know how.
    > Enter SilentRunner, a Linthicum-based startup that has developed
    > software to enhance network security.
    > "We took a look at the 400 [Internet] addresses on the trading
    > floor,"  says Jeff Waxman, SilentRunner's president and CEO. "Just
    > before the trading shut down at 4 o'clock we watched an e-mail go
    > from one of his traders to a competitor with all of their internal
    > information." The offender was escorted out in handcuffs and
    > SilentRunner had won another customer.
    > Protecting corporate computer networks from outside intruders has
    > become a big business these days. But information technology
    > security experts say it's also crucial to know what's going on
    > inside the firewall.
    > "Every survey that's ever been done says that two-thirds or
    > three-quarters of security [breaches] involve insiders," says Paul
    > Connelly, who runs PricewaterhouseCoopers' Technology Security
    > Practice for the southeast region. "What an insider can do is much
    > more damaging because they know your network and what's critical to
    > your network."
    > The SilentRunner software was released in June 2000 by defense
    > electronics giant Raytheon Co., which spun it off as a wholly owned
    > subsidiary last November. The idea for the commercial software came
    > from Raytheon's work on top-secret signals intelligence programs,
    > which sift through massive amounts of communications to intercept
    > conversations from targets such as al Qaeda terrorists. For workers
    > goofing off on the job - or worse - the software is downright scary.  
    > Loaded onto a laptop, it runs undetected. Twenty five algorithms map
    > out how a network is being used - from keeping tabs on intellectual
    > property down to every e-mail, every Web site visited and the
    > location and make of computers logged on remotely. The software
    > translates huge amounts of data into simple illustrations to help
    > network administrators spot trouble.
    ---=[ Practice is not a matter of years and months. It is concentration. ]=--
    ---=[ Email: jblat_private o0o Web: ]=--
    ---=[ PGP fingerprint: 345A A958 67A3 A215 0270 5102 8002 8B4C 3803 A9BC ]=--
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 05:57:15 PDT