On Jan 13, 2010, at 5:26 PM, msheldon@cox.net wrote:
From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward.
The magic phrase is "traffic analysis" -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse as needed.
This could, however, go beyond traffic analysis. What happens when China slaps Google by taking over "google.cn" and places a web site that appears to be Google there? This then leads to the interesting question of exactly what sort of things were taken from Google (which is what I guess based on "corporate infrastructure [...] theft of intellectual property). Is it completely outside the realm of possibility that China might have stolen sufficient technology to replicate resources such as Google search and mail? Or things such as SSL certificates? I keep thinking about it, and it seems to me like Google decided it was better to cry fire now... before Chinese citizens ended up submitting searches to "Google.cn" and having them intercepted and analyzed by the Chinese government. There are, of course, numerous possibilities as to what's really going on, but whatever it is, I get the distinct feeling that we're getting a carefully spun story. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.