IBM has released a report on Internet crime in 2007 here <http://www.iss.net/documents/whitepapers/xforce_2007_annual_report.pdf> Some highlights from the Management summary with my comments in [square brackets]: Vulnerabilities * Although total vulnerability disclosures went down, the number of reported high severity vulnerabilities increased by 28 percent in comparison with 2006. * The busiest day of the week for vulnerability disclosures continued to be Tuesday, with 1,361 new vulnerabilities disclosed on this day of the week in 2007. * Of all the vulnerabilities disclosed in 2007, only 50 percent can be corrected through vendor patches. [suggests that ISPs need to be proactive about detecting and blocking compromised machines] * Nearly 90 percent of 2007 vulnerabilities could be remotely exploited, up one percentage point from 2006. Web Browser Exploitation * Most in-the-wild browser exploits are generated by Web exploit toolkits. * Critical vulnerabilities for Mozilla Firefox were dramatically lower in 2007 compared to 2006. [If you still distribute any kind of software kits that do not install FireFox, you are doing your customers a disservice and making your detection and blocking task that much bigger. When you contact customers with compromised machines you might want to make it mandatory to install Firefox from your servers before re-enabling Internet access] Spam and Phishing * Of the top 20 companies targeted by phishing in 2007, 19 are in the banking industry and one conducts recruiting. [This suggests keywords to look for in incoming email. Also, for local and regional ISPs, the number of companies in these two industries are low enough that you may want to consider establishing a direct relationship with them to configure stricter incoming email filters] Web Content * 9 percent of Internet content was classified as unwanted (criminal, pornography, etc) as compared to 12.5 percent in 2006. * The U. S. far outpaces other countries as the primary hosting source of adult, socially deviant and criminal content on the Internet, accounting for roughly 40-48 percent in each content category. * The U. S. and Germany were the only two countries consistently among the top three hosting sources for each type of "unwanted" Internet content monitored throughout 2007. [Suggests that NANOG members need to raise the bar considerably to clean up their own backyard. What do you know about your own Internet peering partners?] Malcode * Trojans represent the largest category of malware in 2007 - 109,246 varieties account for 26 percent of all malware. * The most frequently occurring malware on the Internet was Trojan.Win32.Agent - 26,573 varieties in 2007 account for 24 percent of all Trojans. * The most common worm in 2007 was Net-Worm.Win32.Allaple with 21,254 varieties. It is a family of polymorphic worm that propagates by exploiting Windows(r) vulnerabilities instead of using e-mail. [This suggests that targetting these specific attack vectors could clean up a significant amount of the problem and correspondingly recduce your costs for detection and blocking of compromised machines.] Make sure to download the report for the complete management summary and many more details. ------------------------------------------------------- Michael Dillon RadianzNet Capacity Forecast & Plan -- BT Design 66 Prescot St., London, E1 8HG, UK Mobile: +44 7900 823 672 Internet: michael.dillon@bt.com Phone: +44 20 7650 9493 Fax: +44 20 7650 9030 http://www.btradianz.com Use the wiki: http://collaborate.intra.bt.com/
Some highlights from the Management summary with my comments in [square brackets]:
Vulnerabilities * Although total vulnerability disclosures went down, the number of reported high severity vulnerabilities increased by 28 percent in comparison with 2006. * The busiest day of the week for vulnerability disclosures continued to be Tuesday, with 1,361 new vulnerabilities disclosed on this day of the week in 2007. * Of all the vulnerabilities disclosed in 2007, only 50 percent can be corrected through vendor patches. [suggests that ISPs need to be proactive about detecting and blocking compromised machines]
I think this conclusion assumes a number of facts not in evidence. If the vulnerability cannot be corrected through a vendor patch, then, one has to wonder what, exactly the vulnerability is. If it is social engineering, then, I don't believe that ISP proactivity can really address the issue. Much more detail on the nature of these vulnerabilities which cannot be corrected by vendor patches is needed before any useful conclusion about the correct solution can be drawn.
* Critical vulnerabilities for Mozilla Firefox were dramatically lower in 2007 compared to 2006. [If you still distribute any kind of software kits that do not install FireFox, you are doing your customers a disservice and making your detection and blocking task that much bigger. When you contact customers with compromised machines you might want to make it mandatory to install Firefox from your servers before re-enabling Internet access]
Huh? Why should everyone ship a browser with their software kit? Browsers are like religion. You're really not going to have a lot of success trying to force one down your customers' throats. It's great that Firefox security has improved, but, this statement alone does not really provide any details about the current relative level of vulnerability between Firefox and any other browser.
* The U. S. and Germany were the only two countries consistently among the top three hosting sources for each type of "unwanted" Internet content monitored throughout 2007. [Suggests that NANOG members need to raise the bar considerably to clean up their own backyard. What do you know about your own Internet peering partners?]
Considering that the US is also consistently among the top three sources of desirable content, I'm not sure that this ranking necessarily proves much of anything, but, I do agree that ISPs could do a better job of shutting down mal-sites.
Malcode * Trojans represent the largest category of malware in 2007 - 109,246 varieties account for 26 percent of all malware. * The most frequently occurring malware on the Internet was Trojan.Win32.Agent - 26,573 varieties in 2007 account for 24 percent of all Trojans. * The most common worm in 2007 was Net-Worm.Win32.Allaple with 21,254 varieties. It is a family of polymorphic worm that propagates by exploiting Windows(r) vulnerabilities instead of using e-mail. [This suggests that targetting these specific attack vectors could clean up a significant amount of the problem and correspondingly recduce your costs for detection and blocking of compromised machines.]
It also suggests that taking Windows off the net could do a lot to reduce the level of vulnerability, but, I'm not holding my breath until that happens either. Owen
* Owen DeLong:
If the vulnerability cannot be corrected through a vendor patch, then, one has to wonder what, exactly the vulnerability is.
You assume that a vendor patches a vulnerability once they learn about it. In my experience, this is not true. Sometimes it's easy to explain (product or vendor ceased to exist), sometimes it's not (some cross-site scripting issues I'm trying to straighten out; minor bugs to you perhaps, but huge media exposure because of their visibility and reproducibility--think FDIV bug).
On Feb 12, 2008, at 11:46 AM, Florian Weimer wrote:
* Owen DeLong:
If the vulnerability cannot be corrected through a vendor patch, then, one has to wonder what, exactly the vulnerability is.
You assume that a vendor patches a vulnerability once they learn about it. In my experience, this is not true. Sometimes it's easy to explain (product or vendor ceased to exist), sometimes it's not (some cross- site scripting issues I'm trying to straighten out; minor bugs to you perhaps, but huge media exposure because of their visibility and reproducibility--think FDIV bug).
No, I presume that a vulnerability identified as "cannot be resolved through vendor patch" means a vulnerability for which, even if a vendor patch were available, it would not resolve the vulnerability. A vulnerability for which a patch is not yet available, but, which could be resolved if the vendor released a patch is a vulnerability which "CAN be resolved through vendor patch when one becomes available." It is unclear from the text provided which of our conflicting definitions for the term applies in IBM's text. Owen
* Owen DeLong:
On Feb 12, 2008, at 11:46 AM, Florian Weimer wrote:
* Owen DeLong:
If the vulnerability cannot be corrected through a vendor patch, then, one has to wonder what, exactly the vulnerability is.
You assume that a vendor patches a vulnerability once they learn about it. In my experience, this is not true. Sometimes it's easy to explain (product or vendor ceased to exist), sometimes it's not (some cross- site scripting issues I'm trying to straighten out; minor bugs to you perhaps, but huge media exposure because of their visibility and reproducibility--think FDIV bug).
No, I presume that a vulnerability identified as "cannot be resolved through vendor patch" means a vulnerability for which, even if a vendor patch were available, it would not resolve the vulnerability.
These vulnerabilities surely exist, but they are usually not considered software vulnerabilities as such, and are usually not part of such vulnerability reports. (A popular example are attacks on the Ebay transaction protocol.)
A vulnerability for which a patch is not yet available, but, which could be resolved if the vendor released a patch is a vulnerability which "CAN be resolved through vendor patch when one becomes available."
I wouldn't view it this way, but I can understand that this is a possible interpretation.
It is unclear from the text provided which of our conflicting definitions for the term applies in IBM's text.
True, I'll try to get clarification.
On Tue, 12 Feb 2008 11:17:55 PST, Owen DeLong said:
If the vulnerability cannot be corrected through a vendor patch, then, one has to wonder what, exactly the vulnerability is.
Not necessarily - it's unclear they mean "the vuln innately can't be fixed by a mere patch, because it's a social engineering issue", or "the vuln can't be fixed because the vendor has not yet shipped a patch for some reason".
On Feb 12, 2008 3:27 PM, <Valdis.Kletnieks@vt.edu> wrote:
Not necessarily - it's unclear they mean "the vuln innately can't be fixed by a mere patch, because it's a social engineering issue", or "the vuln can't be fixed because the vendor has not yet shipped a patch for some reason".
... or the patch application mechanism isn't likely to be successful against sufficiently infected machines. -Jim P.
On Feb 12, 2008 12:17 PM, Owen DeLong <owen@delong.com> wrote:
Considering that the US is also consistently among the top three sources of desirable content, I'm not sure that this ranking necessarily proves much of anything, but, I do agree that ISPs could do a better job of shutting down mal-sites.
Good thread; nice summary, Owen. There are ways for ISP's to get involved with stopping/controlling botnets e.g. the very recent work here - http://www.offensivecomputing.net/?q=node/623 and here - http://www.secureworks.com/research/threats/storm-worm/ - and the not-so-distant work here - http://www.bleedingthreats.net/index.php/2007/11/14/encrypted-storm-sigs/ ISP's are in a uniquely powerful control situation with software vendors. We can demand audits from vendors that include SAS 70 Type II / SOX 404 / AS5 or PCI-DSS (even better would be PA-DSS) on the specific parts of their applications that their customers use. We can provide a five-star rating system of "approved OS and applications" that work on our networks. I suggest starting with Microsoft, Adobe, Mozilla, and Google - specifically on products such as Windows, Office, Acrobat Reader, Firefox, and Google search. Make sure that any relationship you have with these vendors starts with a conversation about application security five-star rating systems and ends with http://www.sans.org/whatworks/poster_2008.pdf Establish relationships with two companies you may not have head of: ESET and Avira. Avira's AntiVir is the most proven free-for-non-commercial-use AV (http://free-av.com). ESET's Nod32 is the most proven AV that costs a minimal amount of money. Advertise both like they are going out of style everywhere you possibly can. For example, when I call your ISP the phone shouldn't ring, I should go through a menu, and then I should hear, "If you run Microsoft's Windows - consider FreeDashAVDotcom - AntiVir - the safest and free AV solution for your personal computer". Then the technician/salesperson who gets on the line should mention it right after the initial greetings again. All email correspondence should include it at the top of every message. Your websites should have it on the front page, at the top. I chose AntiVir and Nod32 because of http://www.av-comparatives.org and safety issues (although Symantec is the safest because they have an internal file fuzz testing harness called SEEAS that could certainly stand to be open-sourced or sold commercially). Be careful not to oversell AV as the only fix for security problems because of the inherent difficulties of these products to avoid vulnerabilities themselves (I know it's a contradiction, but life is full of contradictions) - see http://www.nruns.com/aps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Vi... I saw that other people mentioned AVG and avast, so you can just ignore their comments, please. Because of the problems with AV being particularly vulnerable to common software weaknesses (those "in the know" refer to these by their MITRE CWE definitions), I suggest adding ESET and Avira to our list of "vendors we harass about application security" and demand audits from. I understand that SAS 70 Type II and even SOX 404 do not typically cover "non-financial IT infrastructure", but we don't have to tell the vendors that. Similarly, PCI/PA-DSS do not cover applications that do not contain or transmit cardholder data, although I would argue that all of the vendors named have just gotten away with murder if you think about the reality of this presupposition. It's our fault for not pushing AV on your customers, and it's the AV's fault for not providing audit data to us, and it's the software vendors' fault for causing us to have to recommend AV and for AV to exist. The liability should land on the software vendors. Make the five-star security rating systems a company-wide movement from the top-down with support from C-level upper-management and your general counsel. Did I mention product literature? Don't forget to include the five-star security product ratings in this product literature. E.g. Windows 98 (0 stars), Windows Vista (4 stars), Mac OS X (2 stars), Windows 2000/XP (1 star), Adobe Acrobat Reader (0 stars), Mozilla Firefox (0 stars), Internet Explorer 7 (1 star), Internet Explorer 3/4/5/6 (0 stars), Google Search (0 stars), MSN Search (1 star), Microsoft Office 2007 (1 star), Symantec Norton AV (3 stars), ESET Nod32 (2 stars), Avira AntiVir (1 star), McAfee AV (1 star), all other AV (0 stars), etc. Do similar security five-star ratings for your recommended/supported router, DSL, and Cable modem devices, but base it on their software from the audit reports. Hardware security is not worth time/energy. If this means that Cisco (sans Linksys) and 2WIRE are 1 star contenders in a market full of zeros (well ok Juniper gets a 2), then so be it. We've got to show improvement somehow and at some point, so this gives everyone room to grow. Finally, run Honeyclients against all of your hosting. Promote SpyBye (FOSS) and Tenable PVS (commercial) to your hosting customers in the same way you promote ESET and Avira to your access customers. Be careful how you run Honeyclients because there is a lot of malware that responds to these. It used to be that you could run low-interaction Honeyclients and then follow these scans up with high-interaction Honeyclients. Unfortunately, the career-criminals have advanced their methods to prevent this tactic by using elusive/evasive malware. I suggest running taint-mode tools such as Argos because of their efficiency, although Capture is another good high-interaction Honeyclient - http://en.wikipedia.org/wiki/Client_honeypot_/_honeyclient I suggest running your Honeyclient infrastructure on systems with hardware virtualization running Xen with the ability to shift VM guests around using xm-migrate. This requires shared-storage such as OCFS2 with iSCSI (or something old like NFS). Management systems such as http://en.wikipedia.org/wiki/Enomalism can verify that hundreds of VM guests are at certain patch levels and deployed in mass. If anyone needs any individual advice, please let me know. I'd also like to hear how you're implementing any of these ideas/concepts and how successful they are - but also encourage you to send to the mailing-list for the benefit of others. Cheers, Andre
Andre Gironda wrote:
It's our fault for not pushing AV on your customers, and it's the AV's fault for not providing audit data to us, and it's the software vendors' fault for causing us to have to recommend AV and for AV to exist. The liability should land on the software vendors.
I'm really surprised that ISPs haven't banded together to sue Microsoft for negligently selling and distributing an insecure OS that is an Attractive Nuisance - causing the ISPs (who don't own the OS infected computers) harm from the network traffic the infected OSs send, and causing them untold support dollars to handle the problem. If every big ISP joined a class action lawsuit to force Microsoft to pay up for the time ISPs spend fixing viruses on Windows computer, Microsoft would get a LOT more proactive about solving this problem directly. The consumers have no redress against MS because of the EULA, but this doesn't extend to other computer owners (e.g. ISPs) who didn't agree to the EULA on the infected machine but who are impacted by the infection. jc
On Feb 13, 2008 3:28 PM, JC Dill <lists05@equinephotoart.com> wrote: JC, Nice conjecture.
I'm really surprised that ISPs haven't banded together to sue Microsoft for negligently selling and distributing an insecure OS that is an Attractive Nuisance - causing the ISPs (who don't own the OS infected computers) harm from the network traffic the infected OSs send, and causing them untold support dollars to handle the problem.
I'm really surprised, too. However, it's more complicated than that. Read the book, "Geekonomics" for more information on this topic.
If every big ISP joined a class action lawsuit to force Microsoft to pay up for the time ISPs spend fixing viruses on Windows computer, Microsoft would get a LOT more proactive about solving this problem directly. The consumers have no redress against MS because of the EULA, but this doesn't extend to other computer owners (e.g. ISPs) who didn't agree to the EULA on the infected machine but who are impacted by the infection.
Hence the "Trustworthy Computing Initiative" which was started by Bill Gates / Craig Mundie in 2002 - http://en.wikipedia.org/wiki/Trustworthy_Computing Only now we're too late - Bill has a parachute. Cheers, Andre
JC Dill wrote:
I'm really surprised that ISPs haven't banded together to sue Microsoft for negligently selling and distributing an insecure OS that is an Attractive Nuisance - causing the ISPs (who don't own the OS infected computers) harm from the network traffic the infected OSs send, and causing them untold support dollars to handle the problem.
If every big ISP joined a class action lawsuit to force Microsoft to pay up for the time ISPs spend fixing viruses on Windows computer, Microsoft would get a LOT more proactive about solving this problem directly. The consumers have no redress against MS because of the EULA, but this doesn't extend to other computer owners (e.g. ISPs) who didn't agree to the EULA on the infected machine but who are impacted by the infection.
jc
I think I would rather see a class action against Symantec for the hundreds of hours ISP's waste fixing customers mail server settings that Symantec sees fit to screw up with every update. We can always tell when they have pushed a major update - hundreds of calls from mail users who can no longer send mail. It's 2008. How bloody hard is it to notice that the mail server SMTP port is 587 and authentication is turned on? Why do they mess with it? -- Mark Radabaugh Amplex 419.837.5015 x21 mark@amplex.net
Hear-hear: most of our customer's e-mail problems are resolved when we turn off in the in and outbound scanning offered by their favorite AV vendor. =) I bet we've had more support calls about e-mail scanning than the number of viruses that feature has ever trapped for them. And another anecdote: we experienced a rash of malware-infected subscribers spewing out spam last weekend. Most of them had some kind of AV, but of course that AV didn't prevent them from getting infected. Many of them update their definitions and scanned and thought they were clean, but because the virus/Trojan was so new, they started spewing spam again. In this case, their AV software gave them a false sense of assurance. Frank -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Mark Radabaugh Sent: 2008-02-13 17:35 To: nanog list Subject: Re: IBM report reviews Internet crime JC Dill wrote:
I'm really surprised that ISPs haven't banded together to sue Microsoft for negligently selling and distributing an insecure OS that is an Attractive Nuisance - causing the ISPs (who don't own the OS infected computers) harm from the network traffic the infected OSs send, and causing them untold support dollars to handle the problem.
If every big ISP joined a class action lawsuit to force Microsoft to pay up for the time ISPs spend fixing viruses on Windows computer, Microsoft would get a LOT more proactive about solving this problem directly. The consumers have no redress against MS because of the EULA, but this doesn't extend to other computer owners (e.g. ISPs) who didn't agree to the EULA on the infected machine but who are impacted by the infection.
jc
I think I would rather see a class action against Symantec for the hundreds of hours ISP's waste fixing customers mail server settings that Symantec sees fit to screw up with every update. We can always tell when they have pushed a major update - hundreds of calls from mail users who can no longer send mail. It's 2008. How bloody hard is it to notice that the mail server SMTP port is 587 and authentication is turned on? Why do they mess with it? -- Mark Radabaugh Amplex 419.837.5015 x21 mark@amplex.net
* Of all the vulnerabilities disclosed in 2007, only 50 percent can be corrected through vendor patches. [suggests that ISPs need to be proactive about detecting and blocking compromised machines]
I think this conclusion assumes a number of facts not in evidence.
If the vulnerability cannot be corrected through a vendor patch, then, one has to wonder what, exactly the vulnerability is. If it is social engineering, then, I don't believe that ISP proactivity can really address the issue.
It can if the kind of proactivity they mean is taking down phishing web sites. (Though I wouldn't describe a phishing site as a vulnerability.) Tony. -- f.a.n.finch <dot@dotat.at> http://dotat.at/ FISHER GERMAN BIGHT: NORTHWEST VEERING NORTHEAST 3 OR 4, BUT 5 OR 6 IN NORTH FISHER. SLIGHT OR MODERATE, OCCASIONALLY ROUGH LATER IN FISHER. FOG PATCHES THEN FAIR. MODERATE OR GOOD, OCCASIONALLY VERY POOR.
michael.dillon@bt.com wrote:
vendor patches. [suggests that ISPs need to be proactive about detecting and blocking compromised machines]
This I've seen suggested for a while yet I've seen many here shun the idea. "If we force someone who doesn't know they'll jump ship elsewhere in droves" seemed to be the consensus. How about "if some acted as a *group* and did not allow an uber infected machine from your client to get on a network. "Sorry we don't your $20.00 per month since its costing us 3 calls to tech support per month, we're getting overwhelmed with emailed complaints your machine is sending spam..." And so on. Wait, not feasible, instead of thinking about this logically it for a second, its likely some would focus more on countering it with an argument.
[If you still distribute any kind of software kits that do not install FireFox, you are doing your customers a disservice and making your detection and blocking task that much bigger. When you contact customers with compromised machines you might want to make it mandatory to install Firefox from your servers before re-enabling Internet access]
Agree, and disagree. When I am on Windows, I loathe using the newer versions of Firefox. Its become such a resource hog its scary. I've resorted to Opera. So you push them to Firefox anyway, what now, there are still countless amounts of vulnerabilities for FF many not even seen. Because the security industry has some numbers on vulnerabilities for Mozilla, what about the unknowns? What about the spambot herder/hoarder criminals who don't distribute code.
[Suggests that NANOG members need to raise the bar considerably to clean up their own backyard. What do you know about your own Internet peering partners?]
Are you suggesting that if peers don't clean up their act they should be de-peered? I'd like to see that happen even for a day and watch a large portion of the net crumble. I could point out off the top of my head about a dozen dirty peers and I mean extremely dirty, who would never be de-peered. Money talks
[This suggests that targetting these specific attack vectors could clean up a significant amount of the problem and correspondingly recduce your costs for detection and blocking of compromised machines.]
That would mean work. It would also mean the time alloted to focusing on how to fix it would be taken away from the time it takes to counter-argue your points. -- ==================================================== J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
[If you still distribute any kind of software kits that do not install FireFox, you are doing your customers a disservice and making your detection and blocking task that much bigger. When you contact customers with compromised machines you might want to make it mandatory to install Firefox from your servers before re-enabling Internet access]
Agree, and disagree.
Yes, it certainly does not apply to everyone.
So you push them to Firefox anyway, what now, there are still countless amounts of vulnerabilities for FF many not even seen.
I was actually targeting this suggestion to those who currently distribute Internet Explorer kits. So it was more of a suggestion to not distribute the browser that is most vulnerable. And if you make installation of Firefox a requirement to come out of quarantine, that does not imply that people need to uninstall their other browsers. This is to give them the experience of something new knowing that a certain percentage will continue using it and not be reinfected. And reducing reinfections cuts your costs of detection and blocking compromised PCs.
Are you suggesting that if peers don't clean up their act they should be de-peered?
That's pretty extreme. I would think that you could start by keeping regular communication with them and always showing reports about how much bad traffic comes from them versus how much comes from you. Or how many compromised hosts are in their AS versus in yours. You could share what you have learned about detection and blocking of compromised computers and the resulting reduction in helpdesk calls. In other words, if there is a problem, discuss it, make it clear how you are doing a better job than they are, and how the term "peering" refers to two companies who are equals by some measure. And how the peer is lacking by certain malware measures. In many cases, repeated communication will lead to people fixing problems, even if you have to wait until it filters up to a level where management says "What if our peers start depeering because of these problems? Go fix them!". Engineers like to figure out everything to the nth detail and cost it all out. But that's not the only way to get action. --Michael Dillon
michael.dillon@bt.com wrote: (removed cc)
I was actually targeting this suggestion to those who currently distribute Internet Explorer kits. So it was more of a suggestion to not distribute the browser that is most vulnerable. And if you make installation of Firefox a requirement to come out of quarantine, that does not imply that people need to uninstall their other browsers. This is to give them the experience of something new knowing that a certain percentage will continue using it and not be reinfected. And reducing reinfections cuts your costs of detection and blocking compromised PCs.
Then what about antivirus and antispyware. Why should one be favored over the other. How many providers are suggesting this. It has an outside view of product favoritism. Perhaps the marketing teams could suggest a few free ones e.g. Avast, AVG, Adaware. There is the potential to clean up a lot of the trash that comes in and out of the network but then what, I could see ISPs' call centers screening "I just installed AVG but I can't get it to work". Same goes for Firefox or any other product. Do you then look to support these. I agree wholeheartedly that ISP's should step up to the plate considering their own resources are being abused and have the potential for some serious damage (imagine 70% of Cox, Comcast, TW being botnets aimed at your network). Sadly, this will be argued for a few more posts then deemed offtopic to be re-argued and unevaluated in the future. -- ==================================================== J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
participants (11)
-
Andre Gironda
-
Florian Weimer
-
Frank Bulk
-
J. Oquendo
-
JC Dill
-
Jim Popovitch
-
Mark Radabaugh
-
michael.dillon@bt.com
-
Owen DeLong
-
Tony Finch
-
Valdis.Kletnieks@vt.edu