Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Fwd: Security Watch: Source Code Dealer Arrested
From: "Michael Evanchik" <mevanchik () relationship1 com>
Date: Tue, 23 Nov 2004 10:46:37 -0500

This crew has this entirely wrong.  Have they read securityfocus.com lately?
This was a setup. He does have prior convictions but if you notice they are
the same date ever year.  It seems they have this guy on their outlook
calendar reminders.  Also by no means should anyone feel safe now since the
feds have cracked down on a 20 dollar sale of a known source code release.
Its actually pathetic.  Also they raided wills house, but yet left other
devices, hard drives and even computers.  Imagine if this was a real
terrorist of some sort.  Frankly the person that wrote that article needs to
understand the basics of journalism.


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of n3td3v
Sent: Monday, November 22, 2004 6:14 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Fwd: Security Watch: Source Code Dealer Arrested

---------- Forwarded message ----------
From: SecurityWatch <securitywatch () newsletters 101com com>
Date: Mon, 22 Nov 2004 17:07:13 -0500
Subject: Security Watch: Source Code Dealer Arrested
To: Crew-x Security <xploitable () gmail com>

November 22, 2004
Security Watch


- TechMentor is Back in Orlando with 6 New Tracks

- Free Paper: Simple, Affordable Fault Tolerant Windows
In This Issue:
1) Ill News for Illwill
2) Reader Feedback: USB Security
3) Security News and Other Information
This brief executive level demonstration outlines the substantial
security challenges facing business of all sizes and types today,
and how the powerful Cisco Integrated Security approach can
effectively protect your business.

Ill News for Illwill
**By Roberta Bragg

Last week William Genovese, a.k.a. "illwill," was arrested and charged
with selling Windows 2000 and Windows NT 4.0 source code. The source
code was purportedly stolen from the drives of a computer owned by
longtime Microsoft partner Mainsoft Corp. The arrest was the result of
the work of an online security investigator hired by Microsoft, the
U.S. Attorney's office and the FBI. Genovese has a previous conviction,
in March of 2003, for eavesdropping when he wrote a virus used to hack
into computers.

Genovese, 27, of Meriden, Connecticut, faces a maximum sentence of 10
years in prison and a fine of $250,000 if convicted.

The arrest is good, and welcome, news. It's been disheartening of late
to witness the criminal activity concerning computers and computer
information. In spite of all we know, in spite of all we do, it seems
we're deluged daily with, or beaten down with, the news of new
vulnerabilities, new malware, new incidents of data theft, denial of
service attacks and increasing evidence of criminal and malicious
intent behind them.

Just when I was ready to succumb to my paranoia and retire to my
fortress, two good things happened. First, the arrest shows that
organizations are working together to "do something" about it. A single
arrest won't stop the attempts or successful attacks on our information
systems, but it does indicate progress.

Second, you, the readers, continue to write me with not just questions,
but information on how you're engaged in the battle. Keep those letters
coming. I answer as many questions as I can, and I like hearing about
your successes in keeping the boogey man at bay.

Meanwhile, Microsoft has a slew of tools that may help in your efforts.
These tools, all part of the ALTools package, focus on Netlogon and the
Windows event log. They can be downloaded from http://snipurl.com/2vic.
Included in the package:

- LockoutStatus.exe. Displays information about a locked-out account.
- ALockout.dll. Helps determine the program or process sending the
incorrect credentials in a scenario.
- AcctInfo.dll. Isolates and troubleshoots account lockouts.
- ALoInfo.exe. Displays user account names and their password age.
- EnableKerbLog.vbs. Startup script that enables Kerberos logging.
- EventCombMT.exe. Gathers events for event logs at many locations for
a centralized view.
- NLParse.exe. Extracts and displays desired entries from Netlogon

But before you rush out and start using the tools, read the
disclaimers. For example, Microsoft warns that you shouldn't run
ALockout.dll on servers that host network programs such as Exchange,
because the tool may make it impossible for those programs to start.

Also check out the Microsoft document "Account Passwords and Policies,"
http://snipurl.com/at8y, which fully describes the tools, points to
more information on running them, and sternly warns against their
frivolous use. (The tools can be used with Windows Server 2003, Win2K
and, in some cases, NT 4.0.) As usual, before running any new tool, you
should back up a copy of the operating system and your valuable data.

-- Roberta Bragg, MCSE: Security, CISSP, Security+, and contributing
editor for MCP Magazine, owns Have Computer Will Travel, Inc., an
independent firm specializing in information security and operating
systems. She's series editor for McGraw-Hill/Osborne's Hardening
series--books that instruct you on how to secure your networks before
you are hacked, and author of the first book in the series, "Hardening
Windows Systems". Contact her at roberta.bragg () mcpmag com 

SPONSOR: Super Early Bird Savings Through December 31
TechMentor has changed! Our new vision happens in Orlando
April 4-8, 2005, with six tracks on networking and certification
training for Windows professionals. We now offer three tracks
on Microsoft's administrative certs: MCDST, MCSA, MCSE. PLUS
three tracks to help time-challenged administrators do their
jobs better, faster and more efficiently: Windows System Automation,
System and Network Troubleshooting, and Small/Medium Business
Operations. Register by December 31 and save $300.

**Reader Feedback: USB Security


Question: Using policies, can I disable selected computers from using
USB external memory devices without preventing the use of such things
as USB mice?
--Name Withheld

Roberta answers:

No. However, there are some ways to manage USB ports. I recently
devoted a Security Watch column to that topic, which you can
find here:
SPONSOR: Free Paper: Simple, Affordable Fault Tolerant Windows
Is Windows server downtime costing you money? Learn simple,
affordable ways to make unmodified Windows servers fault
tolerant. Get continuous application availability through
faults and failures with no need for cluster-aware apps,
no failover scripting, and no data loss.

Marathon Delivers Simple, Affordable, Continuous Uptime.

**Security News and Other Information

-- Rand Proposes Analysis Method
Connecting disparate pieces of information to prevent terrorist attacks
has taken on greater importance for the intelligence and homeland
security communities since the Sept. 11, 2001, terrorist attacks. But
the going since then hasn't been easy.

-- TSA advances TWIC program
Transportation Security Administration officials have entered a new
phase of the Transportation Worker Identity Credential (TWIC) program,
with testing under way at the Port of Long Beach Container Terminal in

-- Groups Urge 911 Improvements
Advocates for the emergency 911 service said the nation's communication
infrastructure is so woefully outdated that it cannot adapt to the
increasing public usage of new and emerging communication devices, such
as voice over IP.

-- NetIQ Ties Its System Management and Security Tools
NetIQ this month will begin shipping a "connector" tool to enable
systems management and security information to be displayed on the same
To find out how you can sponsor this newsletter, contact Matt Morollo
at mailto:mmorollo () 101com com 
http://newsletters.101com.com/red/form.asp?e=XPLOITABLE () GMAIL COM&nl=40

http://newsletters.101com.com/red/form.asp?e=XPLOITABLE () GMAIL COM&nl=40
Encourage your peers to excel! Please forward this e-mail to your
interested associates.

If this e-mail was forwarded to you and you'd like to subscribe, please
http://newsletters.101com.com/red/n.asp?pc=HWEB28&nl=37,27,26,43,22,40,7 1

FREE Subscription to Redmond magazine.

Got Windows? Get Redmond magazine, The Independent Voice Of The
Microsoft IT Community. Each monthly issue brings you hands-on problem
solving, tactical hard-core tech info, real-world reviews, expert
columnists, news analysis and strategic insights into all things
Microsoft. This invaluable, solution-oriented magazine comes in both
print and a digital edition, created in Adobe Acrobat PDF format. Do
not miss an issue. Already receive it? Keep it coming!

Get it Now. Get it Free. Get it Fast. Click here to start or continue
your subscription!

Customer Service:
- Print Issue: 866-293-3194 (U.S.) or 402-293-3194 (international),
 8 a.m. to 5 p.m. Central time Monday through Friday.
- Newsletter problems: mailto:RED () lists 101com com

Copyright 2004 101communications LLC. Security Watch may only be
redistributed in its unedited form. Written permission from the editor
must be obtained to reprint the information contained within this
newsletter. Contact kward () redmondmag com 

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]