Misses, Misters, I would want to inform you that the security of the Internet, that is discussed in the NSP-SEC mailing-list [0] by a selected group of vendors (Cisco, Juniper & Arbor) [1] and operations contacts of the big ISPs [2] : 1) applies the "Security through Obscurity" paradigm that has been proven inefficient [3]. To quote [4] : "Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures." First question : Why was I able to find this mail on the Internet if it should be kept secret ? 2) includes [5] a) Spammers (Rodney Joffe) [6] [7] b) Freelancers (Gadi Evron) [8] [9] Second question : Do you still ask yourself why the Internet is so insecure ? [10] Best Regards, Guillaume FORTAINE [0] http://puck.nether.net/mailman/listinfo/nsp-security [1] http://www.confickerworkinggroup.org/wiki/pmwiki.php/SP/ServiceProviders [2] http://docs.google.com/viewer?url=http://www.cisco.com/web/ME/exposaudi2009/... [3] http://en.wikipedia.org/wiki/Security_through_obscurity [4] http://lists.ausnog.net/pipermail/ausnog/2007-April/000397.html [5] http://www.google.com/search?hl=en&source=hp&q="nsp-sec"+site:mailman.nanog.org&aq=f&aqi=&aql=&oq=&gs_rfai=&esrch=FT1 [6] http://mailman.nanog.org/pipermail/nanog/2008-October/004724.html [7] http://www.iadl.org/RodneyJoffe/rodneyjoffe.html [8] http://mailman.nanog.org/pipermail/nanog/2009-November/015354.html [9] http://il.linkedin.com/in/gadievron [10] http://caislab.kaist.ac.kr/77ddos/
Hello, Few people actually care about nsp-sec so what exactly are you getting at? "Guillaume FORTAINE" <gfortaine@live.com> wrote:
Misses, Misters,
I would want to inform you that the security of the Internet, that is discussed in the NSP-SEC mailing-list [0] by a selected group of vendors (Cisco, Juniper & Arbor) [1] and operations contacts of the big ISPs [2] :
1) applies the "Security through Obscurity" paradigm that has been proven inefficient [3]. To quote [4] :
"Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures."
First question : Why was I able to find this mail on the Internet if it should be kept secret ?
2) includes [5]
a) Spammers (Rodney Joffe) [6] [7]
b) Freelancers (Gadi Evron) [8] [9]
Second question : Do you still ask yourself why the Internet is so insecure ? [10]
Best Regards,
Guillaume FORTAINE
[0] http://puck.nether.net/mailman/listinfo/nsp-security [1] http://www.confickerworkinggroup.org/wiki/pmwiki.php/SP/ServiceProviders [2] http://docs.google.com/viewer?url=http://www.cisco.com/web/ME/exposaudi2009/... [3] http://en.wikipedia.org/wiki/Security_through_obscurity [4] http://lists.ausnog.net/pipermail/ausnog/2007-April/000397.html [5] http://www.google.com/search?hl=en&source=hp&q="nsp-sec"+site:mailman.nanog.org&aq=f&aqi=&aql=&oq=&gs_rfai=&esrch=FT1 [6] http://mailman.nanog.org/pipermail/nanog/2008-October/004724.html [7] http://www.iadl.org/RodneyJoffe/rodneyjoffe.html [8] http://mailman.nanog.org/pipermail/nanog/2009-November/015354.html [9] http://il.linkedin.com/in/gadievron [10] http://caislab.kaist.ac.kr/77ddos/
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
On Mar 18, 2010, at 11:46 PM, William Pitcock wrote:
Few people actually care about nsp-sec so what exactly are you getting at?
I might argue the "few" comment, but I think it's better not to reply to Guillaume so people who are smart enough to not see his posts (which would be quite a bit more than a "few") will not be force to see them. Although I have to admit I am impressed at how quickly he has managed to piss off, alienate, and pretty much guarantee lasting animosity from, well, pretty much every significant person on the 'Net. Perhaps we should lump Guillaume in with $HE_WHO_MUST_NOT_BE_NAMED[*]? -- TTFN, patrick [*] Lest you receive a bazillion unicast messages CC'ed to a bazillion other people who don't care.
On 03/19/2010 04:52 AM, Patrick W. Gilmore wrote:
On Mar 18, 2010, at 11:46 PM, William Pitcock wrote:
Few people actually care about nsp-sec so what exactly are you getting at?
I might argue the "few" comment
Could you argue, if possible, please ? I look forward to your answer, Best Regards, Guillaume FORTAINE
On Thu, 2010-03-18 at 23:52 -0400, Patrick W. Gilmore wrote:
On Mar 18, 2010, at 11:46 PM, William Pitcock wrote:
Few people actually care about nsp-sec so what exactly are you getting at?
I might argue the "few" comment, but I think it's better not to reply to Guillaume so people who are smart enough to not see his posts (which would be quite a bit more than a "few") will not be force to see them.
I would say that, in general, more people care about NANOG than nsp-security, although nsp-security is a worthwhile resource for those who are dealing with backbone-level problems (which is a minority of the people on NANOG, who generally are managing single typically-not-multihomed sites for the most part).
Although I have to admit I am impressed at how quickly he has managed to piss off, alienate, and pretty much guarantee lasting animosity from, well, pretty much every significant person on the 'Net. Perhaps we should lump Guillaume in with $HE_WHO_MUST_NOT_BE_NAMED[*]?
Ugh, that IADL guy. I blackholed his entire IP block at edge because I got tired of receiving his crap. :D And yeah, I'm surprised Guillaume can actually post here still. William
On Thu, Mar 18, 2010 at 8:43 PM, Guillaume FORTAINE <gfortaine@live.com> wrote:
Misses, Misters,
You forgot the ballers, shot callers, brawlers, those who dippin' in the benz with the spoilers. [0]
I would want to inform you that the security of the Internet, that is discussed in the NSP-SEC mailing-list [0] by a selected group of vendors (Cisco, Juniper & Arbor) [1] and operations contacts of the big ISPs [2] :
I personally believe that that U.S. Americans are unable to do so because, uh, some people out there in our nation don't have maps and, uh, I believe that our, uh, education like such as in South Africa and, uh, the Iraq, everywhere like such as, and, I believe that they should, our education over here in the U.S. should help the U.S., uh, or, uh, should help South Africa and should help the Iraq and the Asian countries, so we will be able to build up our future, for our children. [1]
1) applies the "Security through Obscurity" paradigm that has been proven inefficient [3]. To quote [4] :
When the Sun shines upon Earth, 2 - major Time points are created on opposite sides of Earth - known as Midday and Midnight. Where the 2 major Time forces join, synergy creates 2 new minor Time points we recognize as Sunup and Sundown. The 4-equidistant Time points can be considered as Time Square imprinted upon the circle of Earth. In a single rotation of the Earth sphere, each Time corner point rotates through the other 3-corner Time points, thus creating 16 corners, 96 hours and 4-simultaneous 24 hour Days within a single rotation of Earth - equated to a Higher Order of Life Time Cube. [2]
First question : Why was I able to find this mail on the Internet if it should be kept secret ?
ELMSFORD 12 GALAXIES CESJROGENICAL ERGONOMICS NBC: XOXPHROZENIGUL COVERAGE WASPROVENIKIL ADMONISHMENTS MINUSCULE STRATOSPHERICAL [3]
Second question : Do you still ask yourself why the Internet is so insecure ? [10]
http://www.youtube.com/watch?v=GkMvKeX7erI [4] I am also curious [5], is OBESUS [6] the new IASON [7]? Are you Peter and Karin Dambier [8]? Drive Slow [9], Paul WALL [10] [0] http://www.lyricsmode.com/lyrics/p/p_diddy/all_about_the_benjamins.html [1] http://en.wikipedia.org/wiki/Caitlin_Upton [2] http://en.wikipedia.org/wiki/Time_cube [3] http://en.wikipedia.org/wiki/Frank_Chu [4] http://en.wikipedia.org/wiki/List_of_recurring_characters_in_The_Simpsons#Cr... [5] http://www.merriam-webster.com/dictionary/curious [6] http://mailman.nanog.org/pipermail/nanog/2010-March/019518.html [7] http://iason.site.voila.fr/ [8] http://www.peter-dambier.de/ [9] http://en.wikipedia.org/wiki/Drive_Slow [10] http://en.wikipedia.org/wiki/Paul_Wall
I'd like to nominate this for the Best of Nanog 2010. In a message written on Fri, Mar 19, 2010 at 02:50:37AM -0700, Paul WALL wrote:
On Thu, Mar 18, 2010 at 8:43 PM, Guillaume FORTAINE <gfortaine@live.com> wrote:
Misses, Misters,
You forgot the ballers, shot callers, brawlers, those who dippin' in the benz with the spoilers. [0]
I would want to inform you that the security of the Internet, that is discussed in the NSP-SEC mailing-list [0] by a selected group of vendors (Cisco, Juniper & Arbor) [1] and operations contacts of the big ISPs [2] :
I personally believe that that U.S. Americans are unable to do so because, uh, some people out there in our nation don't have maps and, uh, I believe that our, uh, education like such as in South Africa and, uh, the Iraq, everywhere like such as, and, I believe that they should, our education over here in the U.S. should help the U.S., uh, or, uh, should help South Africa and should help the Iraq and the Asian countries, so we will be able to build up our future, for our children. [1]
1) applies the "Security through Obscurity" paradigm that has been proven inefficient [3]. To quote [4] :
When the Sun shines upon Earth, 2 - major Time points are created on opposite sides of Earth - known as Midday and Midnight. Where the 2 major Time forces join, synergy creates 2 new minor Time points we recognize as Sunup and Sundown. The 4-equidistant Time points can be considered as Time Square imprinted upon the circle of Earth. In a single rotation of the Earth sphere, each Time corner point rotates through the other 3-corner Time points, thus creating 16 corners, 96 hours and 4-simultaneous 24 hour Days within a single rotation of Earth - equated to a Higher Order of Life Time Cube. [2]
First question : Why was I able to find this mail on the Internet if it should be kept secret ?
ELMSFORD 12 GALAXIES CESJROGENICAL ERGONOMICS NBC: XOXPHROZENIGUL COVERAGE WASPROVENIKIL ADMONISHMENTS MINUSCULE STRATOSPHERICAL [3]
Second question : Do you still ask yourself why the Internet is so insecure ? [10]
http://www.youtube.com/watch?v=GkMvKeX7erI [4]
I am also curious [5], is OBESUS [6] the new IASON [7]? Are you Peter and Karin Dambier [8]?
Drive Slow [9],
Paul WALL [10]
[0] http://www.lyricsmode.com/lyrics/p/p_diddy/all_about_the_benjamins.html [1] http://en.wikipedia.org/wiki/Caitlin_Upton [2] http://en.wikipedia.org/wiki/Time_cube [3] http://en.wikipedia.org/wiki/Frank_Chu [4] http://en.wikipedia.org/wiki/List_of_recurring_characters_in_The_Simpsons#Cr... [5] http://www.merriam-webster.com/dictionary/curious [6] http://mailman.nanog.org/pipermail/nanog/2010-March/019518.html [7] http://iason.site.voila.fr/ [8] http://www.peter-dambier.de/ [9] http://en.wikipedia.org/wiki/Drive_Slow [10] http://en.wikipedia.org/wiki/Paul_Wall
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
On 3/19/10 6:42 AM, Leo Bicknell wrote:
I'd like to nominate this for the Best of Nanog 2010.
I'd like to second/third/whatever that nomination as well. :) Epic win. Not only did it make me fall off the chair laughing, but I highly doubt Fortaine will understand why its so funny. Paul, remind me if I ever get into politics, that I hire you as a consultant for speeches. :-D -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
When the Sun shines upon Earth, 2 - major Time points are created on opposite sides of Earth - known as Midday and Midnight. Where the 2 major Time forces join, synergy creates 2 new minor Time points we recognize as Sunup and Sundown. The 4-equidistant Time points can be considered as Time Square imprinted upon the circle of Earth. In a single rotation of the Earth sphere, each Time corner point rotates through the other 3-corner Time points, thus creating 16 corners, 96 hours and 4-simultaneous 24 hour Days within a single rotation of Earth - equated to a Higher Order of Life Time Cube. [2]
Uhhh, yeah... WOW man, like FARM OUT man! The best thing I've learned on NANOG all year is this message about Gene Ray. And as an added bonus that led me to the Peirce quincuncial projection which is actually something useful to know about. --Michael Dillon
On Fri, 19 Mar 2010 04:43:18 +0100 Guillaume FORTAINE <gfortaine@live.com> wrote:
First question : Why was I able to find this mail on the Internet if it should be kept secret ?
nsp-security was originally formed out of the dissatisfaction with other so-called private collaborative channels back when it was formed a number of years ago. There are many more lists and groups that have since formed along the same lines. The existence of nsp-security is no secret and there has been a small number of "leaks", that is, mail primarily, that was not meant to be forwarded or copied outside the list that had been. Its been far from perfect from both a secretive standpoint and policy standpoint, but compared to what existed before it, it has proved useful from time to time. The ISP Security BoF/Track meetings at NANOG grew out of the nsp-security effort and those are open to any NANOG attendee. One thing groups like this has perhaps most helped with is building one-to-one relationships between colleagues. Groups like nsp-security help you to learn who the trusted and reliable contacts are at various organizations. An ongoing area of work is to build better closed, trusted communities without leaks. Its still an ongoing problem. Thats why many times really sensitive work gets done in even smaller ad-hoc groups or on a one-to-one basis. John
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed, trusted communities without leaks.
Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. Just saying. William
On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote:
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed, trusted communities without leaks.
Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit.
I thnk I'd settle for operators with Integrity. those who do what they say. --bill
There are some out there......Infragard?....(shrugs shoulders)...... -----Original Message----- From: bmanning@vacation.karoshi.com [mailto:bmanning@vacation.karoshi.com] Sent: Friday, March 19, 2010 9:57 AM To: William Pitcock Cc: nanog@nanog.org Subject: Re: NSP-SEC - should read Integrity On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote:
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed, trusted communities without leaks.
Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit.
I thnk I'd settle for operators with Integrity. those who do what they say. --bill
On Mar 19, 2010, at 9:56 AM, bmanning@vacation.karoshi.com wrote:
On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote:
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed, trusted communities without leaks.
Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit.
I thnk I'd settle for operators with Integrity. those who do what they say.
If we had that, no secrecy would be needed. But anyone who thinks publishing everything we learn about the miscreants is a Good Idea, has never tried to take out a botnet or snow-shoe spammer or .... Secrecy sucks. If you think those keeping secrets enjoy it[*], you just haven't been bored to tears by working one of these issues. Seriously, most of the work is mind numbingly horrible, and I have nothing but the utmost respect for people who do it on a regular basis. (In case it is not clear, I do not have to do it often, and for that I think whatever ghods there may be.) Put another way: Do not dis those that make the Internet safer for you. They spend time, effort, and money - frequently their own - and risk much more (ever been sued by a spammer?). In return, they often get nothing. Before you question (and to be clear, I am not saying you should not question), offer to help and see things from their side. -- TTFN, patrick [*] I'm sure there are a few who get off on the thrill. But that's the exception, not the rule.
If we had that, no secrecy would be needed.
But anyone who thinks publishing everything we learn about the miscreants is a Good Idea, has never tried to take out a botnet or snow-shoe spammer or ...
Me, an evolvable malware : http://docs.google.com/viewer?url=http://www.genetic-programming.org/hc2009/... Best Regards, Guillaume FORTAINE
On 3/19/2010 08:44, William Pitcock wrote:
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed, trusted communities without leaks.
Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit.
Just saying.
It is clear that our security would be much improved if our politicians had to operate out in the open. -- Democracy: Three wolves and a sheep voting on the dinner menu. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
On Fri, 19 Mar 2010, William Pitcock wrote:
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed, trusted communities without leaks.
Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit.
That's fine, in theory, but in practice it doesn't work. Part of the issue is that information that could be considered sensitive generally has to have a level of trust for both the sender(s) and receiver(s), and that level of trust is generally not possible in an open forum. By "level of trust" I mean that if I have sensitive intel about an ongoing incident (attack, pwnd box, etc) I need to have some assurance that the information gets to people who can and will act on it, and keep that information confidential. nsp-sec has worked to build that level of trust (in general, work pretty good success) through the vetting process that every potential participant goes through. Is it a perfect system? No, but it does serve a useful and important purpose. Many security people have to keep things quiet for the same reasons, in addition to (not an all-inclusive list): 1. They might be under NDA or be employed at a company that has a policy against any sort of "unapproved disclosures" 2. The sources of various bits of intel is confidential and releasing unfiltered information could compromise that source. 3. Releasing unfiltered information could compromised intel gathering methods, potentially rendering them useless for further action. "The likelihood that a secret will be kept goes down by the square of the number of people who know it" -- source unknown "The likelihood that a meeting will be productive goes down by the square of the number of people who attend" -- me jms
On Fri, 19 Mar 2010, William Pitcock wrote:
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed, trusted communities without leaks.
Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit.
Just saying.
How exactly would being transparent for the following help Internet security: "I am seeing a new malware infection vector via port 91714 coming from the IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page http://www.trythisoutnow.com/. In addition, it has credit card and pswd stealing capabilities and sends the details to a maildrop at trythisoutnow@gmail.com" The only upside of being transparent is alerting the miscreant to change the vector and maildrop. Regards, Hank
On Sat, 2010-03-20 at 20:30 +0200, Hank Nussbacher wrote:
On Fri, 19 Mar 2010, William Pitcock wrote:
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed, trusted communities without leaks.
Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit.
Just saying.
How exactly would being transparent for the following help Internet security:
"I am seeing a new malware infection vector via port 91714 coming from the IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page http://www.trythisoutnow.com/. In addition, it has credit card and pswd stealing capabilities and sends the details to a maildrop at trythisoutnow@gmail.com"
The only upside of being transparent is alerting the miscreant to change the vector and maildrop.
That is not what I mean and you know it. What I mean is: why can't anyone contribute valuable information to the security community? It is next to impossible to meet so-called 'trusted people' if you're new to the game, which is counter-productive. If you're a 15 year old kid and you just discovered a way to own the latest IOS, for example, how do you know who to tell about it? William
On Sat, 20 Mar 2010, William Pitcock wrote:
What I mean is: why can't anyone contribute valuable information to the security community? It is next to impossible to meet so-called 'trusted people' if you're new to the game, which is counter-productive.
If you're a 15 year old kid and you just discovered a way to own the latest IOS, for example, how do you know who to tell about it?
If I was such a clever 15 year old I would go to Google and enter "contacting cisco ios security" which would lead me to -> http://www.cisco.com/en/US/products/products_security_advisories_listing.htm... which would lead me to -> http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h... Same exercise can be repeated for most vendors you can choose. -Hank
If I was such a clever 15 year old I would go to Google and enter "contacting cisco ios security" which would lead me to -> http://www.cisco.com/en/US/products/products_security_advisories_listing.htm...
which would lead me to -> http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h...
Same exercise can be repeated for most vendors you can choose.
I would counter argue by quoting this article : http://www.breakingpointsystems.com/community/blog/cisco-becomes-the-weakest... Cisco Becomes The Weakest Link In National Infrastructure Security Last week Cisco released patches in their semi-annual security announcement. The publication includes 11 advisories that address 12 individual vulnerabilities. Ten of the advisories address vulnerabilities in Cisco IOS and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Together these can affect routers and switches that not only use the Cisco Unified Communications Manager, but any device relying on the Cisco IOS operating system. To put it bluntly, this means a ton of devices critical to any network, and these vulnerabilities leave businesses and government agencies exposed to a barrage of attacks including denial-of-service (DDoS) or policy bypass. Much has been written about the announcement of the vulnerabilities. However, details are lacking and there are more questions than answers. This lack of information leads me to believe Cisco does not take security seriously and continues to not know how to work with the security community. Considering the lack of details and opinions, I thought I would provide a few of my own. 1) Twice A Year Is Not Enough The number of vulnerabilities patched by Cisco is not the issue. It is the potential danger these vulnerabilities pose. One of the IOS vulnerabilities allows unauthenticated attackers to bypass access control policies when the “Object Groups for Access Control Lists (ACLs)” feature is used. Your company is most likely protecting your critical components by leveraging ACLs, now imagine they are no longer in place. The human resources database with all that W-2 information? Hackers now have your salary, your direct deposit account, your medical history and of course your social security number. To make matters worse, replace that HR database with our government’s nuclear secrets; don’t you think Iran is aware of the Cisco vulnerabilities? Scary stuff, for sure, but how long has the vulnerability been around and recognized. The answer is unknown. The only fact we have is that each of these eleven vulnerabilities may have been around for at least six months. That is an eternity in the security space and has given hackers too much time to walk in through an open door. Microsoft is often a punching bag when it comes to vulnerabilities and it is sometimes warranted, but let’s be honest, the company does a good job of patching issues on a regular basis. With Microsoft, you know that you are going to get a patch each month and important details that help you make an informed security decision. Cisco should examine its patching schedule in light of the September 24th announcement; every six months is not acceptable. 2) Updating Routers and Switches is Now Critical You can never diminish the importance of a switch or router to your network infrastructure. They are the core to any network whether in a home, a large Enterprise or the Federal Government. If one fails you know it. However, if a vulnerability let’s people through due to a hack do you know it? While everyone remembers to patch their Mac or Windows laptop, how often do they patch the router, firewall or switch? To see how up-to-date folks are with their Cisco firmware I ran a quick test. During a 1-hour scan of the Internet I found 420 responding systems and NONE were patched with any fixes from this cycle or the last. That means 420 systems, at a minimum, are susceptible to a years worth of vulnerabilities. Microsoft had enough of people not patching and now it force feeds the patches. While I’m not a fan of that solution, it does work. Cisco needs to apply the same method to its products. It is irresponsible for Cisco to run its business in a way that could cause mass disruption to critical network infrastructures including government and military services. Cisco is not the only one to blame in this mess, the people responsible for getting their routers, switches and other network equipment up-to-date also must be held accountable. How many of you updated with the patches on September 24th, the day of the announcement? The quick scan I did is telling me not many. Kelly Jackson Higgins of Dark Reading put it best, “The dirty little secret about patching routers is that many enterprises don't bother for fear of the fallout any changes to their Cisco router software could have on the rest of the infrastructure.” 3) Testing, Testing, Testing In this case we have a great example of why every network device needs to be realistically tested under a variety of scenarios, both security and performance driven. Obviously, testing must occur at the NEMs level throughout the product lifecycle, but the enterprise must also test this equipment before it is deployed and after updates like these are made. Having the ability to quickly test equipment and the network after making updates is critical. There is no room for excuses anymore. We have been able to become more adept at updating and testing equipment and software that are given more regular patches. Just look at how Microsoft Tuesday has become a habit. Other vendors have realized that this approach, ultimately, is better for everyone. I would encourage manufacturers of any network equipment to do the same. The reason this is important is because the United States is currently fighting in two wars, heavily dependent on network technologies. The Department of Defense and other military agencies have concluded that the next major war will be waged, in great part, in cyberspace. If Cisco and other vendors guilty of the same security concerns do not get their act together it will be a war we cannot win. Until March 24, 2010, when the next Cisco bulletin is due.
On 3/20/10 10:06 PM, Guillaume FORTAINE wrote:
Same exercise can be repeated for most vendors you can choose.
I would counter argue by quoting this article :
I made it a goal in life to study many things, among them rhetoric. Another is culture. One basic question you should ask yourself is: who is your audience? Another would be, what is your goal? Is your purpose to counter-argue, or to ask a follow-up question such as "is Cisco responsive to reports?" or "what do I do if a network vendor is not responsive?" I had many challenges when I first joined this list due to cultural bias and the way Israelis use language, but these are behind me now and whatever misunderstandings happen these days, they are about content. It seems to me like your mind-set is of rebuttal rather than inquiry. I'd hate for you to suffer through what miscommunication can lead to on a list of techies. Your language leads people to treat you as a troll, although so far many folks here have been very nice in their answers, giving you the benefit of the doubt. Gadi. -- Gadi Evron, ge@linuxbox.org. Blog: http://gevron.livejournal.com/
On Sat, 20 Mar 2010 21:06:25 BST, Guillaume FORTAINE said:
you make an informed security decision. Cisco should examine its patching schedule in light of the September 24th announcement; every six months is not acceptable.
but then,,,
3) Testing, Testing, Testing
In this case we have a great example of why every network device needs to be realistically tested under a variety of scenarios, both security and performance driven.
Cognitive dissonance, anybody? :) To paraphrase the old saying - frequent, well-tested, cheap - pick any two. Sure - Cisco *could* release well-tested patch kits once a month, but it's going to cost you. Remember that Microsoft can amortize the cost of its QA labs across several hundred million customers, so each one only has to pay a few dollars. Cisco has to split that cost across a few thousand customers - each customer's share of the bill is going to be higher. You want it once a month rather than once very six months, and just as well tested? It's going to cost *at least* six times as much. Probably more. So - just how much bigger a check you want to write to Cisco for support (whether it's a yearly contract, or bundled into the unit's purchase price)?
Dear Mister Kletnieks, Thank you for your reply. On 03/22/2010 02:08 PM, Valdis.Kletnieks@vt.edu wrote:
So - just how much bigger a check you want to write to Cisco for support (whether it's a yearly contract, or bundled into the unit's purchase price)?
This is a very pertinent question. My reply would be : How much money would you evaluate a security incident on your Cisco device ? Because, the fundamental questions are : a) How much value does your network bring to your business ? b) How much money are you ready to spend to ensure its security ? Conclusion : if you can't reply to these fundamental questions, hire a CISO and build a CSIRT. Best Regards, Guillaume FORTAINE
Guillaume FORTAINE wrote:
This is a very pertinent question. My reply would be :
How much money would you evaluate a security incident on your Cisco device ?
Because, the fundamental questions are :
a) How much value does your network bring to your business ?
b) How much money are you ready to spend to ensure its security ?
Conclusion : if you can't reply to these fundamental questions, hire a CISO and build a CSIRT.
Best Regards,
Guillaume FORTAINE
Folks, this is why you shouldn't let your kids do crystal meth, just in case you were wondering. Andrew
On Mon, 22 Mar 2010 23:02:02 BST, Guillaume FORTAINE said:
How much money would you evaluate a security incident on your Cisco device ?
It would depend on which of the 3,000+ Cisco devices on our network had the incident. And yes, we've got a pretty good estimate (to within $1.57 or so) of what an incident on any given device would cost.
Because, the fundamental questions are : a) How much value does your network bring to your business ? b) How much money are you ready to spend to ensure its security ?
We've got a pretty good idea what value our network brings us. We also know how much we're *ready* to spend. However, that's not the critical number. You missed the most important question of all: (c) How much money do you need to spend to minimize the total cost of protection plus losses. If you're currently spending $50K, but you're *willing* to spend $250K, it only makes actual sense to do so if the additional spending prevents more than $200K of additional losses. And this calculation needs to include second-order effects - if Cisco starts shipping monthly updates rather than every 6 months, it doesn't do any *actual* good unless our internal test lab ramps up so it can vet a new release in a few weeks rather than a few months. That's an additional cost. Meanwhile, there are a *lot* of sites that find themselves stuck on a specific build of IOS because it's the only one that fixes bug A but also doesn't suffer from bug B. If you deploy a new release of IOS that contains a fix for a security hole, and the fix eliminates an expectation value of $10K of losses, but contains a non-security bug that starts your help desk phone ringing and racks up $20K of support costs, it's a net loss. Those second-order effect costs are a bitch. And a half. I'm pretty sure that most of the other big Cisco shops have done exactly the same risk calculus, and decided that the added expense of moving to a monthly rather than bi-annual wasn't worth it. And since the sites aren't clamoring to buy it, Cisco isn't offering it. (For the record, for many large shops, Microsoft's "Patch Tuesday" has similar cost-benefit issues - updating your "crown jewel" production servers once a month is a truly scary amount of code churn. The only reason Microsoft does it is for the millions of consumer-grade boxes that auto-update, a use case that doesn't exist for most of Cisco's product line.)
Conclusion : if you can't reply to these fundamental questions, hire a CISO and build a CSIRT.
<sigh> I *so* hate making an argument from authority (other than "I think smb published a paper on that already"), but in your case I'll make an exception. Go read http://www.sans.org/dosstep/roadmap.php Read the date, read the signatories. Ask yourself if you *really* want to be telling me that we need to build a CSIRT. (Answer - our CIRT was up and running back in 1991, and was well-known in 2000. So no, we don't need advice on how to start one. We've got literally man-centuries of experience in running one already. By the way, where were you in 1991?)
Conclusion : if you can't reply to these fundamental questions, hire a CISO and build a CSIRT.
<sigh> I *so* hate making an argument from authority (other than "I think smb published a paper on that already"), but in your case I'll make an exception.
Go read http://www.sans.org/dosstep/roadmap.php
Read the date, read the signatories.
I have read with interest this document. 1) Remarks : -Bill Clinton is no longer the president of USA . Howard Schmidt is the new cybersecurity czar : http://www.facebook.com/howardas (By the way, Gadi Evron is in his Facebook friends ?!?) 2) Notes : a) Problem 1: Spoofing & Problem 2: Broadcast Amplification http://docs.google.com/viewer?url=http://www.dca.fee.unicamp.br/~chesteve/pu... b) Problem 3: Lack of Appropriate Response To Attacks http://docs.google.com/viewer?url=http://nanog.org/meetings/nanog47/presenta... c) Problem 4: Unprotected Computers http://docs.google.com/viewer?url=http://www.whitehouse.gov/files/documents/...
Ask yourself if you *really* want to be telling me that we need to build a CSIRT. (Answer - our CIRT was up and running back in 1991, and was well-known in 2000. So no, we don't need advice on how to start one.
VT-CIRT : http://docs.google.com/viewer?url=http://www.it.vt.edu/publications/annualre... o Students designed, built, and are maintaining the vulnerability scan engines that are the core of the www.ids.cirt.vt.edu site. CSIRT-MU : http://docs.google.com/viewer?url=http://www.vabo.cz/spi/2009/presentations/... Project Results Further Information: 3 Journal papers, including IEEE Intelligent Systems 20+ conference papers (RAID, AAMAS, IAT, FloCon,...) How to get it? University startups: -INVEA-TECH a.s. - FlowMon probes, collectors for high-speed data monitoring (with MU, VUT and CESNET) -Cognitive Security s.r.o. - CAMNEP system for real-time data mining (with CTU) Supported by: U.S. ARMY RDECOM-CERDEC, CESNET, Czech MOD
We've got literally man-centuries of experience in running one already. By the way, where were you in 1991?)
In 1991, I was in primary school. In 2000, the date of your link, I got my first access to Internet. And now ? ;) ! Best Regards, Guillaume FORTAINE
On Tue, 23 Mar 2010 11:13:48 BST, Guillaume FORTAINE said:
I have read with interest this document.
(lots of irrelevant commentary elided - the vast majority of which merely confirms the point that a lot of people have been doing further research on issues that we identified a decade and more ago)
In 1991, I was in primary school. In 2000, the date of your link, I got my first access to Internet. And now ? ;) !
And now, you're still acting like you've got new unique insights and going out of your way to irritate the very same more experienced people that you probably should be trying to learn from, when you haven't bothered to find out that you're once again 10 and 20 years behind the curve: http://en.wikipedia.org/wiki/Plonk_%28Usenet%29 Wow. Rich Sexton really *did* contribute something important to the Net.
On 23/03/2010 12:59, Valdis.Kletnieks@vt.edu wrote:
And now, you're still acting like you've got new unique insights and going out of your way to irritate the very same more experienced people that you probably should be trying to learn from, when you haven't bothered to find out that you're once again 10 and 20 years behind the curve:
Do not feed the troll. Nick
On 03/20/2010 07:37 PM, William Pitcock wrote:
On Sat, 2010-03-20 at 20:30 +0200, Hank Nussbacher wrote:
On Fri, 19 Mar 2010, William Pitcock wrote:
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed, trusted communities without leaks.
Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit.
Just saying.
How exactly would being transparent for the following help Internet security:
"I am seeing a new malware infection vector via port 91714 coming from the IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page http://www.trythisoutnow.com/. In addition, it has credit card and pswd stealing capabilities and sends the details to a maildrop at trythisoutnow@gmail.com"
The only upside of being transparent is alerting the miscreant to change the vector and maildrop.
That is not what I mean and you know it.
What I mean is: why can't anyone contribute valuable information to the security community? It is next to impossible to meet so-called 'trusted people' if you're new to the game, which is counter-productive.
I totally agree with William. Best Regards, Guillaume FORTAINE
On Sat, 20 Mar 2010, William Pitcock wrote:
If you're a 15 year old kid and you just discovered a way to own the latest IOS, for example, how do you know who to tell about it?
Read the manual? Most products and open source projects have a manual which includes information about contacting the vendor or project. If you don't have the manual, but know how to use a search engine, try a search for "reporting security vulnerabilities". Most major IT vendors and open source projects have a security reporting page. Some people have suggested vendors and projects have a common URL such as ".../security" with security information. For example if you found a vulnerability in IOS, look up the following URL to find out Cisco's reporting contacts: http://www.cisco.com/security Report a potential vulnerability in Cisco products: psirt@cisco.com Urgent technical assistance for non-security issues that involve Cisco products: Cisco Technical Support 800 553 2447 (U.S.) Worldwide Contacts Emergency response to active security incidents that involve Cisco products: PSIRT 877 228 7302 (U.S.) +1 408 525 6532 (outside U.S.) Report an incident involving the Cisco corporate network: infosec@cisco.com If you still don't know who to contact, CERT/CC maintains a world-wide map of national computer security incident response teams. http://www.cert.org/cert/map_open.html Although some of the "intra" forums between CSIRT, vendor, project, provider, researcher communities aren't open to everyone, e.g. a CSIRT forum may only have CSIRTs, an academic forum may only have academics; each of the CSIRTs, vendors, projects, providers have contacts for reporting vulnerabilities that may affect their constituencies.
On 3/20/10 8:37 PM, William Pitcock wrote:
That is not what I mean and you know it.
What do you mean than? Hank made a good point on the type of traffic normally going through these groups.
What I mean is: why can't anyone contribute valuable information to the security community? It is next to impossible to meet so-called 'trusted people' if you're new to the game, which is counter-productive.
Well, that's not transparency at all. That's about being able to get connected, and be trusted. That's called a process. Now, I've been preaching public engagement for years now, and indeed also made several attempts in this regard -- some very successful, others failed miserably. There are three suggestions I can make: 1. Join the open mailing lists and show your usefulness. Places where a lot of us hang out (depending on communities): NANOG, funsec. 2. Show you are responsive and responsible in handling issues in your own back yard. 3. Go to conferences and drink beer with people.
If you're a 15 year old kid and you just discovered a way to own the latest IOS, for example, how do you know who to tell about it?
That's a completely different question yet again, on vulnerability disclosure. In this particular case, try Cisco PSIRT. I recently wrote a post on how to handle the PR aspects of vulnerability disclosure, but it covers the basics in the first few paragraphs and I think it will clear the subject for you. http://www.darkreading.com/blog/archives/2009/12/security_pr_str.html Gadi.
William
-- Gadi Evron, ge@linuxbox.org. Blog: http://gevron.livejournal.com/
On Sat, 2010-03-20 at 22:12 +0200, Gadi Evron wrote:
On 3/20/10 8:37 PM, William Pitcock wrote:
That is not what I mean and you know it.
What do you mean than? Hank made a good point on the type of traffic normally going through these groups.
My point hasn't much to do with the NSP-SEC list, I know plenty well what traffic goes through there, but instead that the security community is not welcoming to new contributors. I do run a bloody DNSBL, after all. My point was also that there are people on the NSP-SEC list that can get things done faster than PSIRT/etc do on turnaround times. Many of those same people also exist on a certain irc channel that will remain unnamed, too. William
On 03/20/2010 09:12 PM, Gadi Evron wrote:
2. Show you are responsive and responsible in handling issues in your own back yard.
http://docs.google.com/viewer?a=v&q=cache:ENEl1xrgXNwJ:https://ow.feide.no/_media/geantcampus:s5.2-flows_at_mu.pdf%3Fid%3Dgeantcampus%253Anetw_monitoring_oct_2009%26cache%3Dcache+s5.2-flows_at_mu&hl=en&pid=bl&srcid=ADGEEShCR2bC8bfpSow5e5Ebqi-x0szdV_rZN15cDn6t_nZpD6Vd-K-FRZ-sMpZy4k-7XJKWQdcsXt3hKYpc1M5RtNB_LMPahnYx9Zw8gSxEJ2WTjBQ5rn-KISGF8vE7qCOkyvHsPySt&sig=AHIEtbTjuYrs5deXJTat5R5_8Xb1oDQFNg http://isotf.org/pipermail/cii/2010-February/000137.html Best Regards, Guillaume FORTAINE
Guillaume FORTAINE wrote:
On 03/20/2010 09:12 PM, Gadi Evron wrote:
2. Show you are responsive and responsible in handling issues in your own back yard.
http://isotf.org/pipermail/cii/2010-February/000137.html
Best Regards,
Guillaume FORTAINE
Are you done yet? Please go away. You're here posting from a webmail account at Microsoft, dictating some sort of network policy? Andrew
On Sat, 20 Mar 2010, William Pitcock wrote:
What I mean is: why can't anyone contribute valuable information to the security community? It is next to impossible to meet so-called 'trusted people' if you're new to the game, which is counter-productive.
How do I break into show business? http://www.imdb.com/help/show_leaf?becomeastar Is your goal to contribute valuable information to the security community? Or is your goal to become a security "celebrity" and hang out with the "trusted people?" Anyone can contribute valuable information to the security community. There are many channels to achieve this. If in fact your contributions are valuable, you will probably find the security community trying to become your buddy. If instead your goal is to become security "celebrity" hanging out with "trusted people"; that's different. Annoying the people you want to hang out with by sending e-mails to their personal addresses, and generally making a fool out of yourself is probably not going to help achieve your goal.
On Sat, 20 Mar 2010, Hank Nussbacher wrote:
How exactly would being transparent for the following help Internet security:
"I am seeing a new malware infection vector via port 91714 coming from the IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page http://www.trythisoutnow.com/. In addition, it has credit card and pswd stealing capabilities and sends the details to a maildrop at trythisoutnow@gmail.com"
The only upside of being transparent is alerting the miscreant to change the vector and maildrop.
I disagree. *All* of that information would be useful for configuring filters at my border. Cheers, George AD7RL
On Fri, 19 Mar 2010 04:43:18 BST, Guillaume FORTAINE said:
First question : Why was I able to find this mail on the Internet if it should be kept secret ?
Congratulations. You found an example of a mailing list where applying a standard disclaimer by default *does* make sense, which then got forwarded *by a coordination team leader at a national CERT* to an appropriate forum so that action could be taken, but failed to take the disclaimer off the bottom of that posting. Double bonus points for finding a posting that discussed something *really* sensitive, like "we've seen bots connecting to...". You *do* realize that there's an estimated 140,000,000 bots on the net, right, and as a result, some operation lists have *dozens* of "bots spotted connecting to" postings *per day*. And you wonder why you have a hard time being taken seriously.
On 19 March 2010 14:19, <Valdis.Kletnieks@vt.edu> wrote: You *do* realize that
there's an estimated 140,000,000 bots on the net, right
As many as that? Thats 1 in 12 according to http://www.internetworldstats.com/stats.htm. Lets be honest, I don't follow the world wide bot crisis because as your figure suggests, its just to much to keep your head on top of it, but is it really than many? I'm rather shocked its that high tbh! -- Regards, James ;)
On Sun, Mar 21, 2010 at 09:37:09PM +0000, James Bensley wrote:
On 19 March 2010 14:19, <Valdis.Kletnieks@vt.edu> wrote: You *do* realize that
there's an estimated 140,000,000 bots on the net, right
As many as that? Thats 1 in 12 according to http://www.internetworldstats.com/stats.htm.
I think that estimate's a bit on the low side, but it's certainly very plausible, based on growth rates that have been observed over the past seven years. I think any estimate under 100M should be laughed out of the room, and that 200M is not unreasonable, although it's arguably edging toward the upper error bars. What's disconcerting about this -- well, actually there are a number of disconcerting things about this, but let me pick one -- is that our adversaries have convincingly demonstrated that they understand concepts like reserves, concealment, and misdirection. It's therefore entirely sensible to wonder how many system which are not presently displaying any externally-observable symptoms are in fact bots but are simply not being used as such -- for now. There is, by the way, no relief from this due to events like the recent bust of the Mariposa botnet (13M systems); all that means is that there are now 13M pre-compromised systems waiting for the first person clever enough to conscript them into *their* botnet. ---Rsk
________________________________________ From: Rich Kulawiec [rsk@gsp.org] Sent: Sunday, March 21, 2010 8:43 PM To: nanog@nanog.org Subject: Re: NSP-SEC
There is, by the way, no relief from this due to events like the recent bust of the Mariposa botnet (13M systems);
The public numbers advertised were 13M _IPs_ connecting to a sinkhole over more than a month's time. When I've had visibility into other large botnets (srizbi, rustock, mega-d), I was consistently seeing a 10 to 1 IPs-to-unique-bots count over a time period of a week. Happy to make the raw pcap data available to anyone who is curious. The UCSB guys showed similar results in their excellent Torpig paper. http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf My unscientific finger-in-the-wind would put it at well under 1M when you are talking a month and a half of monitoring IP connections. Regards, Alex Lanstein
On Mar 21, 2010, at 9:52 PM, Alex Lanstein wrote:
There is, by the way, no relief from this due to events like the recent bust of the Mariposa botnet (13M systems);
The public numbers advertised were 13M _IPs_ connecting to a sinkhole over more than a month's time. When I've had visibility into other large botnets (srizbi, rustock, mega-d), I was consistently seeing a 10 to 1 IPs-to-unique-bots count over a time period of a week. Happy to make the raw pcap data available to anyone who is curious. The UCSB guys showed similar results in their excellent Torpig paper. http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf
My unscientific finger-in-the-wind would put it at well under 1M when you are talking a month and a half of monitoring IP connections.
First, Alex, don't you know all security people are 100% secretive? :) Back on topic, there is good data out there showing far, far more than 1 million hosts on the Internet infected. Hrmm, my first two Google searches did not turn anything up. So maybe those security guys are being secretive! -- TTFN, patrick
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/22/10 04:58, Patrick W. Gilmore wrote:
On Mar 21, 2010, at 9:52 PM, Alex Lanstein wrote:
There is, by the way, no relief from this due to events like the recent bust of the Mariposa botnet (13M systems);
The public numbers advertised were 13M _IPs_ connecting to a sinkhole over more than a month's time. When I've had visibility into other large botnets (srizbi, rustock, mega-d), I was consistently seeing a 10 to 1 IPs-to-unique-bots count over a time period of a week. Happy to make the raw pcap data available to anyone who is curious. The UCSB guys showed similar results in their excellent Torpig paper. http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf
My unscientific finger-in-the-wind would put it at well under 1M when you are talking a month and a half of monitoring IP connections.
First, Alex, don't you know all security people are 100% secretive? :)
Back on topic, there is good data out there showing far, far more than 1 million hosts on the Internet infected. Hrmm, my first two Google searches did not turn anything up. So maybe those security guys are being secretive!
There are usually two important numbers to consider when discussing botnet sizes: botnet footprint and the number online bots. The former is the one typically reported by media and antivirus companies, because it's much larger (and more impressive). It represents the total number of host that were infected during the whole lifetime of the botnet. However, over time many machines are cleaned (i.e., Microsoft's MSRT on patch Tuesdays), new machines still get infected, but the number gets updated always only with the new infections. So it gets high over time, but doesn't represent the actual firepower of the botnet, which is the second figure, the number of online bots. This is the number of host that are available to the botmaster at a given time, and is much smaller. To give an example, a measurement done by Thorsten Holz et al. on the infamous Storm botnet in 2008 showed that the number of online hosts was actually just around 30,000 at the time of the measurements, while the highly publicized botnet size (representing the footprint) was over 1M. I'm not up to date on the topic, but I assume the relationship between the two figures is similar these days. So I think Rich and Valdis were talking about footprint and Alex about the online bots, and the two order of magnitude difference actually fits. - -Lorand Jakab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAkunRUMACgkQlUwN75BxDXQWHgCgsx1KRnomAL9Y8iwl8kff5skC vIMAmwaM8d68DqmXzlYovRS08AO/ePwV =LoNE -----END PGP SIGNATURE-----
On Sun, 21 Mar 2010 21:37:09 -0000, James Bensley said:
On 19 March 2010 14:19, <Valdis.Kletnieks@vt.edu> wrote: You *do* realize that
there's an estimated 140,000,000 bots on the net, right
As many as that? Thats 1 in 12 according to
That was Vint Cerf's number as of 2007 or so. He dropped that estimate at a major keynote address, and for the next 2 weeks, every security expert out there was going "OK, who's going to tell Vint he's full of it?" - but nobody could find non-laughable countering estimates. Want a more depressing number? http://blog.trendmicro.com/1h-2009-malware-threat-grows-ever-larger/ "TrendLabs has seen this continued growth of malware. The effects on users is clear: in the first six months of 2008, the Trend Micro World Virus Tracking Center (WTC) recorded that 253.4 million systems were infected with malware. The comparable volume for 2009 is almost double at 491.2 million." The mind boggles. I would appreciate it if somebody would find the massive statistical error that inflated those numbers by a factor of 5 or 10. (Note that number probably includes adware and spyware as well as full-blown zombies, but any adware or spyware that can phone home can at least in principle upgrade itself to a bot if desired..) Operational impact: For close to half of your customers, the billing address no longer matches the effective owner's address.
participants (26)
-
Alex Lanstein -
Andrew D Kirch -
bmanning@vacation.karoshi.com -
Brielle Bruns -
David Conrad -
Gadi Evron -
George Imburgia -
Green, Tim R -
Guillaume FORTAINE -
Hank Nussbacher -
James Bensley -
John Kristoff -
Jorge Amodio -
Justin M. Streiner -
Larry Sheldon -
Leo Bicknell -
Lorand Jakab -
Michael Dillon -
Nick Hilliard -
Patrick W. Gilmore -
Paul WALL -
Randy Bush -
Rich Kulawiec -
Sean Donelan -
Valdis.Kletnieks@vt.edu -
William Pitcock