Re: [Full-Disclosure] Things that make you go "Hmmm"
Actually the point of policy is not to determine HOW the person who is investigating the response will do their job, but how the machine that is held suspect will be treated. Some sample policy guidelines will include whether the machine is to remain on until a forensics expert can look at the machine and make an active backup of it while it is running... Or if it is to remain on, but not connected to the internet thatway no damage can be done to other machines through the suspect machine... Or if the machine is to be immediately turned off. Forensics investigation is not something that can be controlled by policy. It can be very different on each machine you study. There should only be a 3 part policy restricting IR professionals. 1. Document everything. From the time you get the call that something is wrong, to when you arrive at the machine (including the presence of physical security around the machine), until you are completed with your investigation and are ready to give your report. 2. Do not let other people influence your work... Because someone always has an agenda, whether it's to find A problem or put the blame on A person, don't let that direct the way you go about your investigation. You might find out they're trying to pin it on someone who was someplace they weren't supposed to be, but really the machine was hacked by someone else long before that which allowed that person to get to where they shouldn't have been. And if you let them influence your work you might not have found the original breach. 3. Make backups of EVERYTHING before you even start. If you can avoid changing something, don't make the change. Think of it in the way your parents taught you how to behave... "Look, don't touch." -- On Thu, 3 Mar 2005 23:15:15 + GMT, Jason Coombs <[EMAIL PROTECTED]> wrote: > Matt wrote: > > In a good company Incidence > > Response isn't dictated by any of > > what you said above. It's dictated > > by policy. > > Good point. Even in a good company, though, incident response often occurs > outside of policy. > > An incident response professional who works for clients during emergencies is > presented with variables and circumstances with which to contend, not a > policy playbook to follow. > > I agree that it would be nice if we could schedule and plan all of our > emergencies according to policy. :-) > > Cheers, > > Jason Coombs > [EMAIL PROTECTED] > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Things that make you go "Hmmm"
> I agree that it would be nice if we could schedule and plan all of our > emergencies according to policy. :-) that's the whole point of an inclusive policy to allow you to have a framework for dealing with the unknown. when we were designing major incident policies we would sit down and do "what if" sessions which could get pretty wild ie "what if the British Petroleum compound at Grangemouth goes up in flames and turns central scotland into a tar-pit" and come up with a solution accordingly now, in the area of operations that you are currently debating there is a limited amount of things that can happen and they can be fully identified with a proper approach -attack trees &c the british army has a phrase which applies here "proper planning prevents piss poor performance" the american simile for this situation would be "clusterfuck" have a nice day On Thu, 3 Mar 2005 23:15:15 + GMT, Jason Coombs <[EMAIL PROTECTED]> wrote: > Matt wrote: > > In a good company Incidence > > Response isn't dictated by any of > > what you said above. It's dictated > > by policy. > > Good point. Even in a good company, though, incident response often occurs > outside of policy. > > An incident response professional who works for clients during emergencies is > presented with variables and circumstances with which to contend, not a > policy playbook to follow. > > I agree that it would be nice if we could schedule and plan all of our > emergencies according to policy. :-) > > Cheers, > > Jason Coombs > [EMAIL PROTECTED] > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Things that make you go "Hmmm"
Matt wrote: > In a good company Incidence > Response isn't dictated by any of > what you said above. It's dictated > by policy. Good point. Even in a good company, though, incident response often occurs outside of policy. An incident response professional who works for clients during emergencies is presented with variables and circumstances with which to contend, not a policy playbook to follow. I agree that it would be nice if we could schedule and plan all of our emergencies according to policy. :-) Cheers, Jason Coombs [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Things that make you go "Hmmm"
ncreased economic value, > from intellectual property rights... > http://www.theregister.co.uk/2002/07/31/hp_invokes_dmca_to_quash/ > ... but isn't it the same thing in different terms when we declare other > people's speech, and their important and valuable communications, to be > illegal or to be a justification for lawsuit based solely on the difference > of status, the speaker being not an owner and the subject of the speech being > an owner of property, or the subject of speech being an artificially created > storehouse of perceived value with perpetual existence (i.e. a corporation) ? > Why do natural persons have inferior rights and fewer complex civil and > criminal legal protections than do artificial persons in possession of > immortality? > Surely the natural person is entitled to a level playing field, something to > balance out the harm that is otherwise done to natural persons' sense of > self-worth and hopefulness for the future during their short and relatively > insignificant existence compared to that of a corporation? > Next in your incident response, James, you might examine any contracts that > bind the suspect, and ascertain whether there was any duty of care or misuse > of company property or violation of confidentiality agreements that might > give rise to a cause of action against the individual for passing on the bad > information as a breach of contract or as defamation of character. > Bearing in mind that this cause of action will hinge on the question of fact > with respect to the server's true condition. Passing on something that is > believed to be true may not be enough to save the offender from liability for > defamation if it turns out that person could have or should have known the > information to be false and acted recklessly. > Your point that if a mail server is compromised, why wouldn't the attacker > send bogus e-mail all day long, creating fights and watching them spiral out > of control, is very insightful. > This does happen in the real world. > Information forensics is a very strange business, and incident response often > takes you where you least expected to go at the outset. > Shouldn't we be allowed to speak in public with relative freedom on subjects > of substance and importance to the security and awareness of others? > Shouldn't we be allowed the freedom to learn from our mistakes, as we make > them, and deal with others in society with open hands and full disclosure? > Shouldn't there be protections of persons who risk imprisonment, fines, and > civil liability in order to do the right thing in truly impossible > circumstances? > I believe so, and judging from the response I have received, it is clear that > there are some who believe that I have just risked imprisonment, personal > bankruptcy, and perhaps even death from the vengeful wrath of angry > millionaires in order to find out. > I pray that I am right, and that the doomsayers and other legal professionals > are wrong, and that the higher interests of ethical actions and security > research weigh more heavily on the outcome than do anger and malice. > Sometimes incident response is triggered early enough that harm can be > avoided almost completely... If people do the right things, and follow the > right thought process to discover the true incident to which a response is > required and is urgently necessary. > Sincerely, > Jason [EMAIL PROTECTED] > -Original Message- > From: James Tucker <[EMAIL PROTECTED]> > Date: Thu, 3 Mar 2005 09:47:38 > To:Matt <[EMAIL PROTECTED]> > Cc:[email protected] > Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > > [complete snip] > > What amazes me most having read this whole thread, is not so much that > a server may have been hacked; this happens if you gain enough > attention from the wrong people and do not build your systems hard > enough (like people in a failing company). > > I am amazed that a forensics box was the target, moreover, that it was > capable of being the target, and even more amazed that in fact it was > a corporate mailserver. > 1. If the box was to be used for forensics research, it is likely that > it contains sufficient tools in certain user accounts to do any amount > of damage to the system and to view almost every important property of > it in a relatively short space of time. To put such a system in a high > point of exposure, or in a point of high information value (such as > running a mailserver from it) is extremely bad practice. > 2. The company uses spamsoap store and forward. If the mail server was > configured to retrieve mail from spamsoap it is entirely possible tha
Re: [Full-Disclosure] Things that make you go "Hmmm"
rensics is a very strange business, and incident response often takes you where you least expected to go at the outset. Shouldn't we be allowed to speak in public with relative freedom on subjects of substance and importance to the security and awareness of others? Shouldn't we be allowed the freedom to learn from our mistakes, as we make them, and deal with others in society with open hands and full disclosure? Shouldn't there be protections of persons who risk imprisonment, fines, and civil liability in order to do the right thing in truly impossible circumstances? I believe so, and judging from the response I have received, it is clear that there are some who believe that I have just risked imprisonment, personal bankruptcy, and perhaps even death from the vengeful wrath of angry millionaires in order to find out. I pray that I am right, and that the doomsayers and other legal professionals are wrong, and that the higher interests of ethical actions and security research weigh more heavily on the outcome than do anger and malice. Sometimes incident response is triggered early enough that harm can be avoided almost completely... If people do the right things, and follow the right thought process to discover the true incident to which a response is required and is urgently necessary. Sincerely, Jason [EMAIL PROTECTED] -Original Message- From: James Tucker <[EMAIL PROTECTED]> Date: Thu, 3 Mar 2005 09:47:38 To:Matt <[EMAIL PROTECTED]> Cc:[email protected] Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" [complete snip] What amazes me most having read this whole thread, is not so much that a server may have been hacked; this happens if you gain enough attention from the wrong people and do not build your systems hard enough (like people in a failing company). I am amazed that a forensics box was the target, moreover, that it was capable of being the target, and even more amazed that in fact it was a corporate mailserver. 1. If the box was to be used for forensics research, it is likely that it contains sufficient tools in certain user accounts to do any amount of damage to the system and to view almost every important property of it in a relatively short space of time. To put such a system in a high point of exposure, or in a point of high information value (such as running a mailserver from it) is extremely bad practice. 2. The company uses spamsoap store and forward. If the mail server was configured to retrieve mail from spamsoap it is entirely possible that the store and forward account was also compromised, leading to potential disclosure without continued access to pivx network infrastructure. 3. If the machine was so core to infrastructure why was it given a live dns address so close to the domain root? 4. Pivx' (lack of proper) response to the issue. They had a box labelled "forensics" hacked, and "it is being re-imaged". So in other words, it's going to be returned to the same state as it was originally, without any forensics work taking place. 5. If "re-imaged" there is nothing to suggest that the previously used exploits will not work again on the new system, thus the need for proper forensics work, which has clearly been neglected. 6. Recent major disclosure of internal publications and communications, there are allot of clearly frustrated employees within pivx each of which may be attempting to cover their tracks of information disclosure by hacking, or allowing said machine to be hacked. 7. Given the nature of the company and the configuration which they would seem to be referring too there is no good reason why the server in question was publicly accessible at all, there is a perfectly good store and forward service which can happily be the sole external communicator with the box. 8. The forensics department seems to be out of contact with the operations staff, who seem to be not directly related to the "corporate counsel". Who is actually in charge of your company? I am beginning to think the hacker has more control than any of you. 9. Discussions of server exploitation via potentially disclosed communications mediums. In the event that the hacker had successfully spread from forensics.pivx.com to some other machine (not unlikely being your displayed e-mail etiquette) then the mails you send discussing the matter may also have been compromised. In essence you do not know where the mail has come from, who sent it, or when it was sent. In fact there is no reason to trust anything in or out of pivx right now. 10. Evident lack of experience dealing with internal corporate security issues and poor communication leading to wide spread disclosure of potentially damaging situations without explained cause or reason. I would strongly suggest that any and probably all of Pivx financial issues are products of the above, or situations similar to the above. This comp
Re: [Full-Disclosure] Things that make you go "Hmmm"
[complete snip] What amazes me most having read this whole thread, is not so much that a server may have been hacked; this happens if you gain enough attention from the wrong people and do not build your systems hard enough (like people in a failing company). I am amazed that a forensics box was the target, moreover, that it was capable of being the target, and even more amazed that in fact it was a corporate mailserver. 1. If the box was to be used for forensics research, it is likely that it contains sufficient tools in certain user accounts to do any amount of damage to the system and to view almost every important property of it in a relatively short space of time. To put such a system in a high point of exposure, or in a point of high information value (such as running a mailserver from it) is extremely bad practice. 2. The company uses spamsoap store and forward. If the mail server was configured to retrieve mail from spamsoap it is entirely possible that the store and forward account was also compromised, leading to potential disclosure without continued access to pivx network infrastructure. 3. If the machine was so core to infrastructure why was it given a live dns address so close to the domain root? 4. Pivx' (lack of proper) response to the issue. They had a box labelled "forensics" hacked, and "it is being re-imaged". So in other words, it's going to be returned to the same state as it was originally, without any forensics work taking place. 5. If "re-imaged" there is nothing to suggest that the previously used exploits will not work again on the new system, thus the need for proper forensics work, which has clearly been neglected. 6. Recent major disclosure of internal publications and communications, there are allot of clearly frustrated employees within pivx each of which may be attempting to cover their tracks of information disclosure by hacking, or allowing said machine to be hacked. 7. Given the nature of the company and the configuration which they would seem to be referring too there is no good reason why the server in question was publicly accessible at all, there is a perfectly good store and forward service which can happily be the sole external communicator with the box. 8. The forensics department seems to be out of contact with the operations staff, who seem to be not directly related to the "corporate counsel". Who is actually in charge of your company? I am beginning to think the hacker has more control than any of you. 9. Discussions of server exploitation via potentially disclosed communications mediums. In the event that the hacker had successfully spread from forensics.pivx.com to some other machine (not unlikely being your displayed e-mail etiquette) then the mails you send discussing the matter may also have been compromised. In essence you do not know where the mail has come from, who sent it, or when it was sent. In fact there is no reason to trust anything in or out of pivx right now. 10. Evident lack of experience dealing with internal corporate security issues and poor communication leading to wide spread disclosure of potentially damaging situations without explained cause or reason. I would strongly suggest that any and probably all of Pivx financial issues are products of the above, or situations similar to the above. This company is not capable of picking up the phone or reaching individuals over any secured transport medium. In fact it would seem that everyone knows a little of something, but not even allot. There is deceit and destruction occurring from within the company. My suggestion to Pivx as a whole is to stop what you are currently doing, look at your infrastructure (human and systems) and decide what CAN be managed and what CANNOT. Remove immediately that which cannot be managed and begin MANAGING that which can. There is no reason to keep any employees which are not capable of full filling the company goals. A company is a team so someone trying to score at the wrong end is no use at all. I am sure your investors are mighty excited to hear the next installment. If you still have any value in your company, given that you had an attack and you destroyed all the evidence of what was done. What if a mail was captured containing sufficient information to gain access to build files for your products? Have you verified the contents of the applications on your web servers? Are your customers safe from attacks? Are you un-knowing as to the status of your system automations such as updates and the current state of information flow out of the company? Whilst it is true from this point that Jason Coombs may have thought the box was being hacked during the time when some other member of the business was performing critical updates or some other management function, there is no good reason why Jason was not aware of this before it happened. If Mark is confident that the box has not been hacked, then he needs to take actions to find out what is going on with Ja
RE: [Full-Disclosure] Things that make you go "Hmmm"
>Then again on the other hand, if they're not promoting themselves, >they're still just that stupid since they're using the seclist to send >email back and forth between each other. No, it seems that they are somehow using reply to all without seeing where the mail is going ;) Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Things that make you go "Hmmm"
Would they really want to promote themselves being so stupid that they get hacked and rather than take any steps to find out how, just re-image the server The "FORENSICS" server? I mean... really... Then again on the other hand, if they're not promoting themselves, they're still just that stupid since they're using the seclist to send email back and forth between each other. -- On Wed, 2 Mar 2005 17:22:30 +0300, Egoist <[EMAIL PROTECTED]> wrote: > Hello Andreia, > > Wednesday, March 2, 2005, 4:51:45 PM, you wrote: > > AG> O, soap opera! Can't wait for the next chapter in the tale of > AG> "forensics.pivx", the mail server that was! :D > > AG> AvG > > AG> On Wed, 2 Mar 2005 11:27:18 +0100, Andriy Bilous > AG> <[EMAIL PROTECTED]> wrote: > >> > >> I didn't get it... Now you have no mail server and use the open maillist > >> for > >> corporate correspondence? We are waiting impatiently for detailed report > >> how > >> this server was compromised. > >> > >> -Original Message- > >> From: Jason Coombs [mailto:[EMAIL PROTECTED] > >> Sent: Wednesday, March 02, 2005 5:24 AM > >> To: Mark Remington; 'Burke N. Hare' > >> Cc: [email protected] > >> Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > >> > >> Mark, your story is convenient. It also does not match the statements of > >> others at PivX who also claim to be involved in responding to this > >> incident. > >> > >> According to an e-mail that I received earlier today, "The > >> forensics.pivx.com mail server was trashed." > >> > >> PivX corporate counsel contacted me with the following query: > >> > >> "Why did you change the password on our server?" > >> > >> Then I received a follow-up from PivX counsel after I denied doing any such > >> thing: > >> > >> "Our forensics server had the password changed so I figured it was you!" > >> > >> The conclusion was thus: > >> > >> "Don't worry about the server. It is being re-imaged." > >> > >> This makes me go Hmmm... > >> > >> Sincerely, > >> > >> Jason Coombs > >> [EMAIL PROTECTED] > >> > >> -Original Message- > >> From: "Mark Remington" <[EMAIL PROTECTED]> > >> Date: Tue, 1 Mar 2005 18:07:04 > >> To:"'Jason Coombs'" <[EMAIL PROTECTED]>, "'Burke N. Hare'" > >> <[EMAIL PROTECTED]> > >> Cc:[email protected] > >> Subject: RE: [Full-Disclosure] Things that make you go "Hmmm" > >> > >> All, > >> > >> This box was not taken down by any hacker, or owned, it was taken down by > >> my > >> sys admins at PivX for maintenance. Forensics is a division of PivX and we > >> manage that server. There's patching that needs to happen, so we took it > >> down. > >> > >> Sorry for any chatter about this today. Obviously, there's some > >> mis-communication here. Hopefully this clears it all up. > >> > >> Mark Remington > >> VP Operations > >> PivX Solutions > >> > >> > -Original Message- > >> > From: [EMAIL PROTECTED] > >> > [mailto:[EMAIL PROTECTED] On Behalf > >> > Of Jason Coombs > >> > Sent: Tuesday, March 01, 2005 5:06 PM > >> > To: Burke N. Hare > >> > Cc: [email protected] > >> > Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > >> > > >> > > >> > And whomever it was that just owned the forensics.PivX.com > >> > linux box, that wasn't a very nice thing to do... > >> > > >> > You should apologize. > >> > > >> > Cheers, > >> > > >> > Jason Coombs > >> > [EMAIL PROTECTED] ___ > >> > Full-Disclosure - We believe in it. > >> > Charter: http://lists.netsys.com/full-disclosure-charter.html > >> > > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.netsys.com/full-disclosure-charter.html > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.netsys.com/full-disclosure-charter.html > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.netsys.com/full-disclosure-charter.html > >> > AG> ___ > AG> Full-Disclosure - We believe in it. > AG> Charter: http://lists.netsys.com/full-disclosure-charter.html > > looks like stupid promotion of pivx > is it? > > -- > Best regards, > Egoistmailto:[EMAIL PROTECTED] > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Things that make you go "Hmmm"
O, soap opera! Can't wait for the next chapter in the tale of "forensics.pivx", the mail server that was! :D AvG On Wed, 2 Mar 2005 11:27:18 +0100, Andriy Bilous <[EMAIL PROTECTED]> wrote: > > I didn't get it... Now you have no mail server and use the open maillist for > corporate correspondence? We are waiting impatiently for detailed report how > this server was compromised. > > -Original Message- > From: Jason Coombs [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 02, 2005 5:24 AM > To: Mark Remington; 'Burke N. Hare' > Cc: [email protected] > Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > > Mark, your story is convenient. It also does not match the statements of > others at PivX who also claim to be involved in responding to this incident. > > According to an e-mail that I received earlier today, "The > forensics.pivx.com mail server was trashed." > > PivX corporate counsel contacted me with the following query: > > "Why did you change the password on our server?" > > Then I received a follow-up from PivX counsel after I denied doing any such > thing: > > "Our forensics server had the password changed so I figured it was you!" > > The conclusion was thus: > > "Don't worry about the server. It is being re-imaged." > > This makes me go Hmmm... > > Sincerely, > > Jason Coombs > [EMAIL PROTECTED] > > -Original Message- > From: "Mark Remington" <[EMAIL PROTECTED]> > Date: Tue, 1 Mar 2005 18:07:04 > To:"'Jason Coombs'" <[EMAIL PROTECTED]>, "'Burke N. Hare'" > <[EMAIL PROTECTED]> > Cc:[email protected] > Subject: RE: [Full-Disclosure] Things that make you go "Hmmm" > > All, > > This box was not taken down by any hacker, or owned, it was taken down by my > sys admins at PivX for maintenance. Forensics is a division of PivX and we > manage that server. There's patching that needs to happen, so we took it > down. > > Sorry for any chatter about this today. Obviously, there's some > mis-communication here. Hopefully this clears it all up. > > Mark Remington > VP Operations > PivX Solutions > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf > > Of Jason Coombs > > Sent: Tuesday, March 01, 2005 5:06 PM > > To: Burke N. Hare > > Cc: [email protected] > > Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > > > > > > And whomever it was that just owned the forensics.PivX.com > > linux box, that wasn't a very nice thing to do... > > > > You should apologize. > > > > Cheers, > > > > Jason Coombs > > [EMAIL PROTECTED] ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Things that make you go "Hmmm"
I didn't get it... Now you have no mail server and use the open maillist for corporate correspondence? We are waiting impatiently for detailed report how this server was compromised. -Original Message- From: Jason Coombs [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 5:24 AM To: Mark Remington; 'Burke N. Hare' Cc: [email protected] Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" Mark, your story is convenient. It also does not match the statements of others at PivX who also claim to be involved in responding to this incident. According to an e-mail that I received earlier today, “The forensics.pivx.com mail server was trashed.” PivX corporate counsel contacted me with the following query: “Why did you change the password on our server?” Then I received a follow-up from PivX counsel after I denied doing any such thing: “Our forensics server had the password changed so I figured it was you!” The conclusion was thus: “Don't worry about the server. It is being re-imaged.” This makes me go Hmmm... Sincerely, Jason Coombs [EMAIL PROTECTED] -Original Message- From: "Mark Remington" <[EMAIL PROTECTED]> Date: Tue, 1 Mar 2005 18:07:04 To:"'Jason Coombs'" <[EMAIL PROTECTED]>, "'Burke N. Hare'" <[EMAIL PROTECTED]> Cc:[email protected] Subject: RE: [Full-Disclosure] Things that make you go "Hmmm" All, This box was not taken down by any hacker, or owned, it was taken down by my sys admins at PivX for maintenance. Forensics is a division of PivX and we manage that server. There's patching that needs to happen, so we took it down. Sorry for any chatter about this today. Obviously, there's some mis-communication here. Hopefully this clears it all up. Mark Remington VP Operations PivX Solutions > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Jason Coombs > Sent: Tuesday, March 01, 2005 5:06 PM > To: Burke N. Hare > Cc: [email protected] > Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > > > And whomever it was that just owned the forensics.PivX.com > linux box, that wasn't a very nice thing to do... > > You should apologize. > > Cheers, > > Jason Coombs > [EMAIL PROTECTED] ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Things that make you go "Hmmm"
Mark, your story is convenient. It also does not match the statements of others at PivX who also claim to be involved in responding to this incident. According to an e-mail that I received earlier today, “The forensics.pivx.com mail server was trashed.” PivX corporate counsel contacted me with the following query: “Why did you change the password on our server?” Then I received a follow-up from PivX counsel after I denied doing any such thing: “Our forensics server had the password changed so I figured it was you!” The conclusion was thus: “Don't worry about the server. It is being re-imaged.” This makes me go Hmmm... Sincerely, Jason Coombs [EMAIL PROTECTED] -Original Message- From: "Mark Remington" <[EMAIL PROTECTED]> Date: Tue, 1 Mar 2005 18:07:04 To:"'Jason Coombs'" <[EMAIL PROTECTED]>, "'Burke N. Hare'" <[EMAIL PROTECTED]> Cc:[email protected] Subject: RE: [Full-Disclosure] Things that make you go "Hmmm" All, This box was not taken down by any hacker, or owned, it was taken down by my sys admins at PivX for maintenance. Forensics is a division of PivX and we manage that server. There's patching that needs to happen, so we took it down. Sorry for any chatter about this today. Obviously, there's some mis-communication here. Hopefully this clears it all up. Mark Remington VP Operations PivX Solutions > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Jason Coombs > Sent: Tuesday, March 01, 2005 5:06 PM > To: Burke N. Hare > Cc: [email protected] > Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > > > And whomever it was that just owned the forensics.PivX.com > linux box, that wasn't a very nice thing to do... > > You should apologize. > > Cheers, > > Jason Coombs > [EMAIL PROTECTED] ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Things that make you go "Hmmm"
All, This box was not taken down by any hacker, or owned, it was taken down by my sys admins at PivX for maintenance. Forensics is a division of PivX and we manage that server. There's patching that needs to happen, so we took it down. Sorry for any chatter about this today. Obviously, there's some mis-communication here. Hopefully this clears it all up. Mark Remington VP Operations PivX Solutions > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Jason Coombs > Sent: Tuesday, March 01, 2005 5:06 PM > To: Burke N. Hare > Cc: [email protected] > Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > > > And whomever it was that just owned the forensics.PivX.com > linux box, that wasn't a very nice thing to do... > > You should apologize. > > Cheers, > > Jason Coombs > [EMAIL PROTECTED] ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Things that make you go "Hmmm"
All, This box was not taken down by any hacker, or owned, it was taken down by the sys admins at PivX for maintenance. Forensics is a division of PivX and we manage that server. There's patching that needs to happen, so we took it down. Sorry for any chatter about this today. Obviously, there's some mis-communication here. Hopefully this clears it all up. Mark Remington VP Operations PivX Solutions > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Jason Coombs > Sent: Tuesday, March 01, 2005 5:06 PM > To: Burke N. Hare > Cc: [email protected] > Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > > > And whomever it was that just owned the forensics.PivX.com > linux box, that wasn't a very nice thing to do... > > You should apologize. > > Cheers, > > Jason Coombs > [EMAIL PROTECTED] ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Things that make you go "Hmmm"
All, This box was not taken down by any hacker, or owned, it was taken down by my sys admins at PivX for maintenance. Forensics is a division of PivX and we manage that server. There's patching that needs to happen, so we took it down. Sorry for any chatter about this today. Obviously, there's some mis-communication here. Hopefully this clears it all up. Mark Remington VP Operations PivX Solutions > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Jason Coombs > Sent: Tuesday, March 01, 2005 5:06 PM > To: Burke N. Hare > Cc: [email protected] > Subject: Re: [Full-Disclosure] Things that make you go "Hmmm" > > > And whomever it was that just owned the forensics.PivX.com > linux box, that wasn't a very nice thing to do... > > You should apologize. > > Cheers, > > Jason Coombs > [EMAIL PROTECTED] ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Things that make you go "Hmmm"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >And whomever it was that just owned the forensics.PivX.com linux >box, that wasn't a very nice thing to do... > >You should apologize. ROTF, LMAO! -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkIlIpUACgkQB4XCCykO6nQ4GwCgssYuq/Wruwedb1TDGTCbsPN9LsMA n3y8lN8lcm0jLgOQDSL7X+grgwnr =ZTsl -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Things that make you go "Hmmm"
And you missed the part about my resume still indicating 'Director of Forensic Services' of PivX Solutions, and the other evidence of my affiliation with the company in the very recent past. There is something very wrong, and I'm doing the right thing. Regards, Jason Coombs [EMAIL PROTECTED] -Original Message- From: "Burke N. Hare" <[EMAIL PROTECTED]> Date: 1 Mar 2005 20:12:59 To:[email protected] Subject: [Full-Disclosure] Things that make you go "Hmmm" Somebody looking to bite the hand the fed them? At 05:29 AM 3/1/2005 GMT, Jason Coombs wrote: >Regarding PivX Solutions: > >I would like to make contact with anyone who has been harmed by PivX Solutions. > >If you have been harmed by PivX Solutions, please contact me as soon as >possible. > >Thanks. > >Jason Coombs >[EMAIL PROTECTED] >___ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > but looking back a bit we see (check out the "from"): > To: "Hugo van der Kooij" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Advisory: Design flaw in human communication > FROM: "Jason Coombs PivX Solutions" <[EMAIL PROTECTED]> > Sender: [EMAIL PROTECTED] > Date: Fri, 22 Oct 2004 08:10:20 + GMT > > Hugo van der Kooij wrote: > >I would like to point out a design > >flaw in human communication. > > What you describe is an implementation bug, not a design flaw. > > FD'ers in particular also appear to have a Reply To All defect whereby every > thought that enters one's head while reading FD is compulsively sent to the > entire list rather than to the individuals who may find the thoughts > interesting and relevant, despite those thoughts being off-topic. > > OT posts would be valuable to the tone and context of any list provided that > we could patch every mail client to remove the Reply To All feature. > > Shall we leave FD unmoderated with respect to any post that does not have > 'Re:' as the first three letters of its Subject line, but moderate all > replies? > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Things that make you go "Hmmm"
And whomever it was that just owned the forensics.PivX.com linux box, that wasn't a very nice thing to do... You should apologize. Cheers, Jason Coombs [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
