For those who know me personally, will know I have barely any time for
games. I always say that us network security geeks shouldn't be playing
games, leave that to the smelly game design kids (j/k with ya guys).
Well, here are a couple games I do approve of playing, `The Evolving
Threat <http://www.iss.net/evolvingthreat/game.html>`_ from IBM/ISS,
`Arm Yourself Against
Attacks <http://spe.atdmt.com/ds/NMMRTUMISITP/ITSecDec/mrs06292_aste_336x800.swf?ver=1&clickTag1=http://clk.atdmt.com/go/ntroiitp0170000023mrt/direct;ai.19709962;ct.1/01&clickTag=http://clk.atdmt.com/go/ntroiitp0170000023mrt/direct;ai.19709962;ct.1/01>`_
from Microsoft, and `Invisible
Burglar <http://www.emea.symantec.com/invisibleburglar/>`_by
Symantec.
The Evolving Threat is fun, but watch out for "spyware" and "designer
malware", I couldn't seem to kill them so I just go into hyperspace..
enjoy
Posted by Marcin on Saturday, December 23, 2006 in
Security.
A new case in my coverage of espionage stories, the Houston
Chronicle is
reporting this time a Chinese engineer working in Silicon Valley is
indicted on 36 felony counts, including economic espionage to benefit a
foreign government and various military export control regulations.
Xiaodong Sheldon Meng, 42, a Chinese national with Canadian
citizenship... Prosecutors say Meng stole the code for software made
by his former employer, Quantum3D Inc., that's used to train
military fighter pilots, and tried to sell it to the Royal Thai Air
Force, the Royal Malaysian Air Force and a company with ties to
China's military.
Under U.S. law, anyone attempting to sell such information overseas
must first obtain a license from the State Department and is subject
to strict regulations. Meng never applied for such a license.
Meng's case marks only the third time in a decade prosecutors have
charged someone with economic espionage to benefit a foreign
government, the most serious crime under the Economic Espionage Act
of 1996. A conviction carries a maximum penalty of 15 years in
prison.
In another, unrelated case, two other engineers pleaded guilty Thursday
to stealing proprietary computer chip designs from four technology
companies and attempting to smuggle them to China.
Fei Ye, 40, a U.S. citizen from China, and Ming Zhong, 39, a
permanent resident of the U.S. from China, pleaded guilty in San
Jose federal court to two counts each of economic espionage to
benefit a foreign government as part of a deal with prosecutors. Ye
and Zhong initially faced 10 counts each, and had been scheduled to
go to trial in January.
Ye and Zhong were arrested in 2001 at San Francisco International
Airport, attempting to board a flight to China. Their luggage was
allegedly crammed with thousands of pages of trade secrets stolen
from four Silicon Valley companies _ NEC Electronics Corp., Sun
Microsystems Inc., Transmeta Corp. and Trident Microsystems Inc.
Both said little during Thursday's 40-minute hearing, and afterward
declined to comment through their defense lawyers.
Ye and Zhong, who remain free on bail following their pleas, are
scheduled to be sentenced April 23. Each face a maximum of 30 years
in prison.
Posted by Marcin on Friday, December 15, 2006 in
Intelligence and
News.
The JSF (I like JSF better than F-35 Lightning II), has completed all
its taxi tests this week. I had the incredible opportunity of interning
at Pratt & Whitney, the manufacturer of the F-135 turbofan.. and I have
to say I'm a fanboy. I love these two aircraft, and can't wait to see
the JSF in action! Check out Lockheed's press
release
and Team JSF for more photos.
Posted by Marcin on Wednesday, December 13, 2006 in
Defense.
Yikes, the reps at Verizon need to be trained in elementary mathematics.
George Vaccaro definitely has more patience than I
do.
Best quote in the audio
clip at ~15:33
... Andrea: What do you mean .002 dollars? George: Do you
recognize that there's a difference between one dollar and one cent?
Andrea: definitely George: Do you recognize that there's a
difference between half a dollar and half a cent? Andrea:
definitely George: Then, do you therefore recognize that there's
a difference between .002 dollars and .002 cents? Andrea: No.
George: No? Andrea: I mean, there's, there's no no .002
dollars... George: Of course there is Andrea: .002 cents is
what you're quoted...... blah blah blah
This is fucking hilarious, sad and frustrating all at the same time.
Posted under intelligence for lack thereof.
Edit 12/10/2006: Response from Verizon - 100% Refund - .002%
Concession
Nice to see they resolved the issue, now to just update their reps on
the pricing
Dear George Vaccaro,
Thank you for your reply. Again, I apologize for the
miscommunications regarding this issue and for your frustration and
inconvenience as a result.
In review of your account a previous representative has credited for
the data charges in question for $71.79. You may take this amount
off of your current amount due. In the future please keep in mind
that it is .002 dollars per KB while in Canada.
It has been a pleasure assisting you today, and we appreciate your
business. Have a wonderful week!
Sincerely,
Michelle Verizon Wireless Customer Service
Posted by Marcin on Saturday, December 9, 2006 in
Intelligence.
I've noticed a lot of
discussion
around
news(some
new,
some old) articles
this week related to "increased insider threats".
To quote my own Slashdot
post:
"Viktor Cherkashin, a former KGB officer states in his book Spy
Handler, people most often commit treason based on personal needs
that need to be resolved, right now. Most commonly financial
reasons, it is why Aldrich Ames and Robert Hanssen both defected to
spy for Soviets.
What's the ideal solution? Make your employees happy, pay them more,
etc? It's difficult to stop good people from going rogue, and even
worse doing pre-screening. Note even a single scope background
investigation and polygraph works (see above)
And to quote Cherkashin, "The only way to be safe is to remove
people from intelligence gathering, ....as long as people are
involved, security threats can never be completely eliminated."
It is true, to remove the human element would eliminate many security
risks. With a sound process and security architecture, we can work
towards reducing this risk. Things like proper delegation of authority,
peer review, and even conversation helps.
You all know how pissed off people can get when they lose a game, now
imagine getting fired?! That one person shouldn't have the ability to do
so much damage in the first place. At the company I interned over the
summer, not even the core IT Security people had administrator rights on
their own workstations...
Posted by Marcin on Friday, December 8, 2006 in
Links and
Security.
