Re: We're Watching You

[InfoSec News <isn () c4i org>]

Forwarded from: Justin Lundy <jbl () subterrain net>

Raytheon developed SilentRunner directly after a programmer named
"bind" published his open-source "siphon" project on the Internet two
years ago. The siphon software passively mapped networks (see where
the SilentRunner name comes from?) to generate OS fingerprints for all
hosts that were a source of traffic. This also included a list of all
open ports on the machines. Newer versions, and the development
versions contain a greatly expanded list of useful features.

Raytheon was seen reading the siphon material and downloading the
software several times from several different machines on their
network for months. The passive network mapping concept is definately
not worth trademarking, patenting, copyrighting, or
sevicemarking--because it is so simple. If you want this same
functionality for FREE, hire a consultant that understands how to
open-source operate protocol analyzers such as tcpdump, ngrep, or
ethereal. Or download siphon[1].

Having worked in the computer industry for a while, nothing sickens me
more than a constant supply of low-quality, small-scope software that
was written in a week and sells for rediculous amounts of money. If
you would like to see where this concept was originally and publicly
implemented, see siphon[1]. Bind presented at Blackhat USA 2001 on the
concept. And please, before you encourage "commercial industry
experts" by purchasing their BS; look around at the FREE alternatives
first.

[1] http://www.insidiae.org/projects/siphon/

If you would like a more in depth explanation, feel free to contact me
via email directly. If I see another defense contractor scam companies
by selling trash like this, I will vomit on their marketing material
and physically mail it back to them. If anyone from Raytheon threatens
me as a result of this email, I would like to remind them that this
was an expression of my opinion and experience in dealing with such
software vendors; and as such is protected by the First Ammendment.

-jbl


On Fri, Apr 26, 2002 at 03:09:29AM -0500, InfoSec News wrote:
> http://www.washingtonpost.com/wp-dyn/articles/A42202-2002Apr24.html
>
> Joseph C. Anselmo
> Washington Techway
> Thursday, April 25, 2002; 10:45 AM 
>
> The security chief at a big name brokerage firm in New York had a
> problem. Proprietary information was being leaked from the trading
> floor to a competitor and he didn't know how.
>
> Enter SilentRunner, a Linthicum-based startup that has developed
> software to enhance network security.
>
> "We took a look at the 400 [Internet] addresses on the trading
> floor,"  says Jeff Waxman, SilentRunner's president and CEO. "Just
> before the trading shut down at 4 o'clock we watched an e-mail go
> from one of his traders to a competitor with all of their internal
> information." The offender was escorted out in handcuffs and
> SilentRunner had won another customer.
>
> Protecting corporate computer networks from outside intruders has
> become a big business these days. But information technology
> security experts say it's also crucial to know what's going on
> inside the firewall.
>
> "Every survey that's ever been done says that two-thirds or
> three-quarters of security [breaches] involve insiders," says Paul
> Connelly, who runs PricewaterhouseCoopers' Technology Security
> Practice for the southeast region. "What an insider can do is much
> more damaging because they know your network and what's critical to
> your network."
>
> The SilentRunner software was released in June 2000 by defense
> electronics giant Raytheon Co., which spun it off as a wholly owned
> subsidiary last November. The idea for the commercial software came
> from Raytheon's work on top-secret signals intelligence programs,
> which sift through massive amounts of communications to intercept
> conversations from targets such as al Qaeda terrorists. For workers
> goofing off on the job - or worse - the software is downright scary.  
> Loaded onto a laptop, it runs undetected. Twenty five algorithms map
> out how a network is being used - from keeping tabs on intellectual
> property down to every e-mail, every Web site visited and the
> location and make of computers logged on remotely. The software
> translates huge amounts of data into simple illustrations to help
> network administrators spot trouble.


-- 
---=[ Practice is not a matter of years and months. It is concentration. ]=--
---=[ Email: jbl () subterrain net o0o Web: http://www.subterrain.net/~jbl/ ]=--
---=[ PGP fingerprint: 345A A958 67A3 A215 0270 5102 8002 8B4C 3803 A9BC ]=--



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.