Showing posts from August, 2006

Christopher Maxwell, botnet master, sentenced to 3 years +

I was in attendance at the four hour sentencing hearing for Christopher Maxwell, the botnet master. After extensive testimony from the investigating agent Dave Farquhar, as well as representatives from Northwest Hosptital, the DoD, and a California school district, Judge Pechman spoke at length and eloquently about her decision to send Mr. Maxwell to prison.
Where Asst. US Attorney Kathryn Warma sought 6 years imprisonment, the defense sought probation. The judge, after much thoughtful deliberation, gave him three years, followed by three years probation, and more that $250,000 in restitution to Northwest Hospital and DoD. He may well pay more to the school district too.
By any real standard, Mr. Maxwell's life is ruined, thanks to sadly flexible morals and the desire for easy cash.
It's a shame as, on one hand I felt bad for him, as I watched his family weep and pray, and noted his own readily visible emotions. He was indeed remorseful and accepted responsibility for his actio…

Snort management scripts

In a recent thread on the Internet Storm Center I offered some scripts that I wrote entirely for convenience at the shell prompt. Save each as the # commented title, add them to your working directory, chmod a+x them, and use at will:

For Bleeding-Edge rules, I prefer the single bleeding-all.rules so I use this to update it rather than Oinkmaster:

cd /etc/snort/rules/
rm -f bleeding-all.rules
To fire Oinkmaster manually rather than cron:
#oink -C /etc/oinkmaster.conf -C /etc/autodisable.conf -o /etc/snort/rules
To kill the daemon:
killall snort
To confirm Snort process state:
ps aux | grep snort
To confirm Snort running cleanly after config or rule changes:
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth1 -v
To start the daemon:
/usr/local/bin/snort -c /etc/snort/snort.conf -i e…

RE: Hackers and Employment - What the heck's wrong with us?

Hackers and Employment - What the heck's wrong with us?
This essay describes a scenario that has long bothered me to no end.
What place does a hacker with obvious moral flexibilty have in our
enterprises? Certainly they may be talented and quite brilliant, but can
they truly be trusted?
An associate, whose views I respect greatly, said this regarding
Mitnick's books. "I'll check them out of the library and read them for
the value they hold. But I won't buy them, I simply can't fund the
The essay's author is right. We willingly pay for the breakdown of
simple societal standards that not so long ago were the expected norm.
Is it too much to ask that our information be safe, our systems
unhindered by malware designed to rob us financially and strategically,
and that organizations will choose not to hire the morally flexible?
Sadly, we know it is too much to ask.
But, I for one, will continue in my quest to protect that information,
those systems, and the peo…