Gadi Evron - Professional Feed

Cyber Security and Privacy News of the Week, 10 - 17 Feb 2015

noreply@blogger.com (Gadi Evron) — Thu, 19 Feb 2015 21:19:00 +0000

Cyber Security and Privacy News of the Week

Links to stories/ pictures:
1. http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216

2. http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html

3. http://www.invincea.com/2015/02/chinese-espionage-campaign-compromises-forbes/

4. http://www.gallup.com/poll/178856/hacking-tops-list-crimes-americans-worry.aspx

5. http://www.wired.com/2015/02/nsa-acknowledges-feared-iran-learns-us-cyberattacks/

6. http://www.databreachtoday.com/ny-to-launch-cyber-exams-for-insurers-a-7901

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

Cyber Security and Privacy News of the Week, 3 - 10 Feb 2015

noreply@blogger.com (Gadi Evron) — Tue, 10 Feb 2015 18:28:00 +0000

This Week in Cyber Security and Privacy

Links to stories/ pictures:
1. www.forbes.com/sites/thomasbrewster/2015/02/02/yet-another-adobe-flash-zero-day/

2. http://www.theguardian.com/us-news/2015/feb/05/millions-of-customers-health-insurance-details-stolen-in-anthem-hack-attack

3. http://www.reuters.com/article/2015/02/05/us-sony-pascal-idUSKBN0L92BG20150205

4. https://nakedsecurity.sophos.com/2015/02/06/facebooks-deepface-facial-recognition-technology-has-human-like-accuracy/

5. http://www.bbc.com/news/technology-31296188

6. http://thenextweb.com/insider/2015/02/10/uber-reportedly-left-lost-found-items-log-exposed-online/

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

Anthem and the stock market post breach

noreply@blogger.com (Gadi Evron) — Sun, 08 Feb 2015 04:47:00 +0000

This was the pre-trading situation with Anthem yesterday. Impressive, yet ups and downs are a regular thing, we'll see how they're doing in a couple of weeks.

(via Ram Levi)

Gadi Evron.

Cyber Security and Privacy News of the Week, 27 January - 3rd February, 2015

noreply@blogger.com (Gadi Evron) — Wed, 04 Feb 2015 01:55:00 +0000

This Week in Cyber Security and Privacy

Links to stories/ pictures:
1. http://www.scmagazine.com/report-most-us-weapons-programs-contain-significant-vulnerabilities/article/394499/
http://element-y.com/wp-content/uploads/2013/01/pentagon.jpg

2. http://www.infosecurity-magazine.com/news/us-army-releases-cyberforensic/
3. http://www.cnet.com/news/chrome-becoming-tool-in-googles-push-for-encrypted-web/

4. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
https://cve.mitre.org/
5. http://www.spiegel.de/international/world/regin-malware-unmasked-as-nsa-tool-after-spiegel-publishes-source-code-a-1015255.html

6. http://www.pcworld.com/article/2878437/bmw-cars-found-vulnerable-in-connected-drive-hack.html
http://www.autoblog.com/2015/02/03/bmws-connected-drive-feature-vulnerable-to-hackers/

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

Where did they go wrong?

noreply@blogger.com (Gadi Evron) — Wed, 04 Feb 2015 01:50:00 +0000

My experience was short lived but fascinating to me.

I rang the bell. The receptionist came out through an open door, tried for this combo biometric plus code authentication device on the main door, failed, asked me to wait and went in through the other door, walked around and opened the door from the inside.

Where did whoever designed this security go wrong? :)

Gadi Evron.

Cyber Security and Privacy News of the Week, 20-27 January - 2015

noreply@blogger.com (Gadi Evron) — Thu, 29 Jan 2015 18:00:00 +0000

Cyber Security and Privacy News of the Week, 20-27 January - 2015

This Week in Cyber Security and Privacy

Links to stories/ pictures:

1. http://kukuruku.co/hub/infosec/backdoor-in-a-public-rsa-key?ModPagespeed=noscript
2. http://www.bbc.com/news/uk-wales-south-west-wales-30898417
3. http://www.secretsofthefed.com/15-year-old-swatted-gamer-convicted-domestic-terrorism-25-years-life-federal-prison/
4. https://news.yahoo.com/kenya-govt-considers-request-repatriate-chinese-hackers-121447172.html
5. http://thehackernews.com/2015/01/progressive-snapshot-device-hacking-car.htm
6. https://www.eff.org/who-has-your-back-government-data-requests-2014

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

This Week in Cyber Security and Privacy, 13-20 January 2015

noreply@blogger.com (Gadi Evron) — Wed, 21 Jan 2015 08:19:00 +0000

This Week in Cyber Security and Privacy, 5-12 January 2015.

Links to stories/ pictures:

1. http://www.gironsec.com/blog/2015/01/owning_modems_and_routers_silently/

2. http://itinsight.hu/en/posts/articles/2015-01-28-android-bypass/

3. http://thehackernews.com/2015/01/google-windows-vulnerability.html

4. http://www.theregister.co.uk/2015/01/18/snowden_doc_leak_confirms_china_stole_f35_data/

5. http://www.businessinsider.com/apple-touch-id-icloud-patent-2015-1

6. http://thehackernews.com/2015/01/microsoft-windows-7-support.html

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

This Week in Cyber Security and Privacy, 5-12 January 2015

noreply@blogger.com (Gadi Evron) — Wed, 14 Jan 2015 09:06:00 +0000

This Week in Cyber Security and Privacy, 5-12 January 2015.

Links to stories/pictures:

1. http://www.darkreading.com/attacks-breaches/banking-trojans-disguised-as-ics-scada-software-infecting-plants/d/d-id/1318542
http://threatpost.com/is-it-time-for-certified-ics-security-specialists/104804
2. https://privacyassociation.org/news/a/obama-announces-legislation-on-student-id-consumer-privacy/
3. http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/
4. http://www.engadget.com/2015/01/02/google-posts-unpatched-microsoft-bug/
5. http://motherboard.vice.com/read/you-can-now-install-the-north-korean-operating-system-redstar-30
6. http://www.morganstanley.com/about/press/articles/7f189537-f51c-40b0-a963-fc0dc6c65861.html

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

This Week in Cyber Security and Privacy, 28 Dec - 4 Jan 2015

noreply@blogger.com (Gadi Evron) — Tue, 06 Jan 2015 02:41:00 +0000

This Week in Cyber Security and Privacy, 28 Dec - 4 Jan 2015

Links to stories and photos:
1. http://mashable.com/2014/12/31/sony-cyberattack-blackberrys/

2. http://uk.businessinsider.com/report-angela-merkels-office-hit-by-cyber-attack-2014-12?r=US

3. http://threatpost.com/cellular-privacy-ss7-security-shattered-at-31c3/110135

4. http://www.reuters.com/article/2014/12/27/hacking-tool-idUSL1N0UB00U20141227

5. http://venturebeat.com/2014/12/28/chaos-computer-club-claims-it-can-reproduce-fingerprints-from-peoples-public-photos/

6. http://mobile.nytimes.com/blogs/dealbook/2014/12/22/entry-point-of-jpmorgan-data-breach-is-identified/?_r=2&referrer

7. http://www.haaretz.com/news/diplomacy-defense/1.633119

8. http://www.healthcareinfosecurity.com/nist-to-address-medical-device-security-a-7718

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

This Week in Cyber Security and Privacy, 21-27 December, 2014

noreply@blogger.com (Gadi Evron) — Tue, 23 Dec 2014 19:51:00 +0000

This Week in Cyber Security and Privacy's summary is released early this week, due to the holidays - with a personal message, on how cyber affects us personally. Merry Christmas! :)

Stories that didn't make it include hacking a skateboard, the FBI making "Cyber" a top priority, and the Kremlin announcing that Russia is on constant cyber alert.

Links to stories:
1. http://m.nextgov.com/cybersecurity/2014/12/opm-alerts-feds-second-background-check-breach/101622/

2. http://www.reuters.com/article/2014/12/21/us-southkorea-nuclear-idUSKBN0JZ05120141221
http://www.theguardian.com/world/2014/dec/22/south-korea-nuclear-power-cyber-attack-hack

3. http://www.threatconnect.com/news/operation-poisoned-helmand/

4. http://www.itworld.com/article/2861675/cyberattack-on-german-steel-factory-causes-massive-damage.html
http://www.bbc.com/news/technology-30575104

5. http://www.wired.com/2014/12/mathematicians-make-major-discovery-prime-numbers/

6. http://www.geekrepublic.org/tor-exit-node-cluster-shut-down/

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

Cyber is not "passwords" - it's about YOU - Sony experience

noreply@blogger.com (Gadi Evron) — Mon, 22 Dec 2014 13:42:00 +0000

Cyber is personal, it is about your life, your business - your kids.

A story from an employee at Sony, following the hack. Worth reading:
http://fortune.com/2014/12/20/sony-pictures-entertainment-essay/

Gadi Evron.

Sony and PRNK, still a better love story than...

noreply@blogger.com (Gadi Evron) — Mon, 22 Dec 2014 00:35:00 +0000

Gina from Cymmetria Research created another meme on Sony's incident.

Real damage, you say? SCADA is here.

noreply@blogger.com (Gadi Evron) — Sat, 20 Dec 2014 22:11:00 +0000

I'm often asked "has cyber ever done any real damage?" as if billions lost, lives ruined, and children harassed isn't enough. Cyber is not a separate entity - it's about living our lives and doing our business.

Today, this news story was published. A lot yet remains to be seen, but such case studies are exactly what we've been waiting for.

Apparently, a steel factory in Germany suffered an attack, which resulted in an industrial attacks... or SCADA, cyber-physical, ICS, or whatever you want to call it - attack.

I hope there will be more published on this.

Gadi Evron.

Importance of intelligence :)

noreply@blogger.com (Gadi Evron) — Sat, 20 Dec 2014 14:20:00 +0000

According to this new story, streets thugs jumped the guy who shot Bin Laden, demonstrating the importance of collecting intelligence before an operation. ;)

Too bad it's a satire. :)

#darwinawards

Gadi Evron.

Wasn't me!

noreply@blogger.com (Gadi Evron) — Sat, 20 Dec 2014 12:37:00 +0000

We didn't want to stay out of the meme paradise this past week has offered. :)

Meme created by Gina from Cymmetria Research.

Gadi Evron.

This Week in Cyber Security & Privacy - 14-20 December, 2014

noreply@blogger.com (Gadi Evron) — Sat, 20 Dec 2014 01:36:00 +0000

This Week in Cyber Security and Privacy
14-20 December, 2014

Links to stories:

- ICANN hacked: http://www.theregister.co.uk/2014/12/17/icann_hacked_admin_access_to_zone_files/
- Oslo snooping mobile towers: http://rt.com/news/214327-snooping-mobile-towers-norway/
- "Misfortune Cookie" vulnerability: http://www.geekrepublic.org/millions-of-routers-from-different-vendors-are-vulnerable-to-misfortune-cookie-attacks/
- Iranian hackers: http://www.foxbusiness.com/technology/2014/02/12/hackers-bust-las-vegas-sands-sites-in-cyber-attack/
- Sheldon Adelson's casino attack attributed to Iranian hackers: http://www.businessinsider.com/iranian-hackers-shut-down-sheldon-adelsons-casino-in-las-vegas-2014-12
- Linux: http://www.techworm.net/2014/12/privilege-escalation-vulnerability-in-linux-cve-2014-9322.html- Git vulnerability: http://wptavern.com/critical-git-vulnerability-patched-update-your-git-clients-immediately
https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
- Sony breach:http://www.csoonline.com/article/2859535/business-continuity/breach-insurance-might-not-cover-losses-at-sony-pictures.html- NIST revision: http://www.nist.gov/itl/csd/sp8000-53a-121614.cfm

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/

Also on Facebook: http://www.facebook.com/gadioncyber

And on Twitter: http://twitter.com/gadievron

Gadi Evron.

Sony is interesting, but not in what people speak of

noreply@blogger.com (Gadi Evron) — Fri, 19 Dec 2014 22:01:00 +0000

Some interesting things happening at Sony - and they are the ones deserving of our attention. Not this attribution nonsense.

Was it N. Korea behind the Sony attacks? Why? Why not? Fact is, nobody knows. It just happened 30 seconds ago. Speak about something important instead - like how to do better.

Honestly, if I was still a CISO, with today's horrible state of cyber security's systematic failure - I'd not be sleeping at night.
I like to avoid FUD and speak facts and measurements - I'm mentioning such "scare talk" as, honestly - would you be sleeping at night if you were a CISO?

That said, here are some interesting tangential stories to follow on this:

Geo-politics are warming up to something... but what? I am slightly concerned by this message from Obama, and yet it makes me wonder if he knows something we don't, or just responds to the public to instill calm... or?

Story: Obama vows US response to Sony hack
http://www.bbc.co.uk/news/world-us-canada-30555997

Cyber insurance is being put to its first major test. I'll be following this story closely.

Story: Breach insurance might not cover losses at Sony Pictures
http://www.csoonline.com/article/2859535/business-continuity/breach-insurance-might-not-cover-losses-at-sony-pictures.html

Sony is not making a very good job at incident response, and in fact, is making a bad show of it - doing what the attackers want, lashing out at file sharers, etc. But knowing they are vulnerable right now and can't do much about it - what would you have done differently? I can't really judge them.

That said, it will be interesting to watch how the movie's numbers do, now that it gains the "forbidden fruit" infamy.

Story: Sony pulls movie "The Interview"
http://www.theguardian.com/film/2014/dec/18/sony-pictures-the-interview-north-korea

Gadi Evron.

Using Laser To Fingerprint Paper

noreply@blogger.com (Gadi Evron) — Thu, 18 Mar 2010 14:56:00 +0000

I like it when old technologies and known scientific facts are used in a new way that makes them pure genius.

A discovery of old, which will change the future.

Ingenia Technology Limited today launches an exciting breakthrough proprietary technology, developed by Imperial College London and Durham University - the Laser Surface Authentication system (LSA). The LSA system recognises the inherent 'fingerprint' within all materials such as paper, plastic, metal and ceramics.

The LSA system is a whole new approach to security and could prove valuable in the war against terrorism through its ability to make secure the authenticity of passports, ID cards and other documents such as birth certificates.

This technological breakthrough has been masterminded by Professor Russell Cowburn, Professor of Nanotechnology in the Department of Physics at Imperial College London.

Every paper, plastic, metal and ceramic surface is microscopically different and has its own 'fingerprint'. Professor Cowburn's LSA system uses a laser to read this naturally occurring 'fingerprint'. The accuracy of measurement is often greater than that of DNA with a reliability of at least one million trillion.

The inherent 'fingerprint' is impossible to replicate and can be easily read using a low-cost portable laser scanner. This applies to almost all paper and plastic documents, including passports, credit cards and product packaging.

An interesting day in information security

noreply@blogger.com (Gadi Evron) — Thu, 18 Mar 2010 14:10:00 +0000

A Mafia boss was caught because of his using Facebook, while unrelated to that the EFF released the result of their Freedom of Information request for material on how law enforcement uses social networking to investigate suspects. "under cover".

The SEC moved to freeze portfolios and accounts following attacks by a Russian hacker, who manipulated stocks.

InfoSecurity magazine has a story on espionage in sport, mentioning how where there's a motive, cyber-crime follows.

And of course, the leading story (which I discovered thanks to a post on Facebook by Dave Aitel) is how an hacker (if that is a descriptive word in this case) broke into 100 cars to cause inconvenience, such as honking, or immobilizing customer the cars.

He hijacked the remote control system ("web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments") by logging on with an account of an employee. He used to be an employee himself, until fired later on.

Also, check out this extremely interesting paper from Cormac Herley at Microsoft Research on why people reject security advice:
So Long, And No Thanks for the Externalities:
The Rational Rejection of Security Advice by Users

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron

Email Portability Approved by Knesset Committee

noreply@blogger.com (Gadi Evron) — Mon, 22 Feb 2010 15:06:00 +0000

The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament.

While many users own a free email account, many in Israel still make use of their ISP's email service.

According to this proposed bill, when a client transfers to a different ISP the email address will optionally be his to take along, "just like" mobile providers do today with phone numbers.

This new legislation makes little technological sense, and will certainly be a mess to handle operationally as well as beurocratically, but it certainly is interesting, and at least the notion is beautiful.

The proposed bill can be found here [Doc, Hebrew]:
http://my.ynet.co.il/pic/computers/22022010/mail.doc

Linked to from this ynet (leading Israeli news site) story, here:
http://www.ynet.co.il/articles/0,7340,L-3852744,00.html

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron

Chuck Norris Botnet and Broadband Routers

noreply@blogger.com (Gadi Evron) — Mon, 22 Feb 2010 14:09:00 +0000

Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news.

When I raised this issue before in 2007 on the NANOG mailing list, some other vetted mailing lists and on CircleID here and here, the consensus was that the vendors will not change their position on default settings unless "something happens", I guess this is it, but I am not optimistic on seeing activity from vendors on this now, either.

The spread of insecure broadband modems (DSL and Cable) is extremely wide-spread, with numerous ISPs, large and small, whose entire (read significant portions of) broadband population is vulnerable. In tests Prof. Randy Vaughn and I conducted with some ISPs in 2007-8 the results have not been promising.

Further, many of these devices world wide serve as infection mechanisms for the computers behind them, with hijacked DNS that points end-users to malicious web sites.

On the ISPs end, much like in the early days of botnets, many service providers did not see these devices as their responsibility -- even though in many cases they are the providers of the systems, and these posed a potential DDoS threat to their networks. As a mind-set, operationally taking responsibility for devices located at the homes of end users made no sense, and therefore the stance ISPs took on this issue was understandable, if irresponsible.

As we can't rely on the vendors, ISPs should step up, and at the very least ensure that devices they provide to their end users are properly set up (a significant number of iSPs already pre-configure them for support purposes).

The Czech researchers have done a good job and I'd like to thank them for sharing their research with us.

In this article by Robert McMillan, some details are shared in English:

Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.

The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: "in nome di Chuck Norris," which means "in the name of Chuck Norris." Norris is a U.S. actor best known for his martial arts films such as "The Way of the Dragon" and "Missing in Action."

Security experts say that various types of botnets have infected millions of computers worldwide to date, but Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs.

It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access. It also exploits a known vulnerability in D-Link Systems devices, Vykopal said in an e-mail interview.

A D-Link spokesman said he was not aware of the botnet, and the company did not immediately have any comment on the issue.

Like an earlier router-infecting botnet called Psyb0t, Chuck Norris can infect an MIPS-based device running the Linux operating system if its administration interface has a weak username and password, he said. This MIPS/Linux combination is widely used in routers and DSL modems, but the botnet also attacks satellite TV receivers.

Read more, here.

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron

Mozilla Add-on Policies and Spyware Surprises

noreply@blogger.com (Gadi Evron) — Thu, 18 Feb 2010 04:16:00 +0000

Following up on my previous post, I wrote a full accounting of how I discovered FlashGot illegitimate behavior, as well as how Mozilla's policies work on such issues:
http://www.darkreading.com/blog/archives/2010/02/mozillas_addon.html

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron

Flashgot Firefox Plugin Now Spyware

noreply@blogger.com (Gadi Evron) — Tue, 16 Feb 2010 07:45:00 +0000

FlashGot Firefox plugin, a long-time download assistant, now acts like spyware.

It gives you recommendations IN Google search to another search site, according to your searches.

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron

Personal Story, Tactical Communication and Conversation Manipulation

noreply@blogger.com (Gadi Evron) — Sun, 14 Feb 2010 16:52:00 +0000

[syndicated from my personal blog, here]

Going back home from meeting friends for a beer, I was excited. It's not often that I encounter something cool to do which also appeals to my youth's old tactical nature. When I do, I jump it! This is a story of how someone tried to manipulate me, and how I countered.

The two friends with me discussed a fascinating topic I didn't even know existed, and simply because I saw that I could do so, I decided to bring this topic to a larger audience, creating a mini-conference on the subject.

First on my list was to find a location, so I sent an email to a local academic who could be a good partner for this, and called a couple of other friends to get them on board, arranged for speakers, PR and other necessities.

The next day I received an answer with a phone number, and within a few hours had the academic in question on my cell phone. He asked me to call his land line, and I did. Our conversation was very easy-going and friendly in tone. Smiles splattered on our faces.

I told him I am excited to speak with him, as he obviously has more experience on this particular subject. I was differential as academic ego demands, showing him the respect he deserves, but in tone -- I remained an equal.

I made my case, and he cut in, asking "Can you explain what you have in mind? We ran a conference on this four years ago. Do you have something new to warrant an event?"

"No," I answered honestly in an interrupt of my own. He apparently didn't expect that, so I asked to continue my pitch, and then did.

A lot changed in the last four years, and even if not, in a university environment four years ia an eternity -- with many new students who would appreciate this event. I had better arguments than these, and as my purpose was cooperation rather than confrontation, I preferred to move on.

I explained how this topic is exciting, how it has direct impact on both higher education as well as real implications for daily life, governance, and the economy. I used two anecdotal examples to illustrate this, and my excitement probably dripped all over him, even over the phone.

"Well," he responded, "let me tell you about an idea I had."

DING DING DING DING DING
Warning bells sounded in my head. "Happily, what's your idea?

He told me about an event he thought of, which sounded interesting. As he spoke I got about three ideas running in my head on the subject, but I listened quietly. "I would like to work with you, and if you can take some time to think of ideas for what we can do at this event, I'd appreciate us talking about them."

Stay on message

"Of course," I said, "I'd be more than happy to." And I was. "However", I continued with the same breath, "this conversation is about the first idea, so while I'd definitely like to discuss this with you further later, let's stick to the first one for now."

"Alright." he said, and we discussed a bit further, at which point he said "well, last year we ran a small event on this topic, and there was real innovation there which we could showcase. What will be new here?"

I explained a bit more on why I am excited, and why the topic is relevant, and how such an event can be beneficial. Then I decided to change tactics to show my resolve.

Stay on message, clarify position

"As you know, I am a security professional."

"Yes, that is where I know you from. Security, Internet, Cyber Warfare... Why does this subject interest you?"

"Truth be told," I happily jumped in, "I am excited. I learned to be a strategic person, but at heart, I am a tactical person, energized by excitement. I am excited about this topic, and I am willing to put the time into making this event happen. I will make it happen, but as I know of your vast expertise, I decided I must approach you first."

After more deliberation he asked me "What do you think of my event idea? I'd appreciate your opinion on ideas for it, and we can get back together on this after you think about it."

DING DING DING DING DING
Alarm bells rang again.

"I already thought about it, and have three ideas so far."

"Oh, great! What are your ideas?"

I shared two, as my short-term memory had already erased the third. I told him as much, and I think he believed me, but it could be seen as a lure or a trick. We were extremely friendly. He asked me to email him the third one if I remember it. I promised to do so.

Stay on message

"I'd like however, to finish our discussion of my idea for now, as there is a time constraint."

When he heard I want to get it done within a month rather than a year, he was shocked. I told him how excited I am about the specific speakers I want to bring, and how one of them is leaving the country to join his new wife, and he is a major source of my energy for this. I mentioned how I understand if his events schedule is already closed for the coming year, but wanted to make sure and contact him first.

It wasn't my intention to go cold on him or play "girl negotiation" by appearing not interested, but rather to give him way out. But whether it was my excitement or the "girl tactic", or even the ego massage, it seemed to work.

He got excited about this speaker as well, and asked about getting him on video before he leaves. Then....

BANG BANG BANG BANG BANG

A trick I've never seen before, which unlike the ones used up to now, is purely manipulative from whatever perspective you may look at it.

"How about we both take a couple of days to think of our two ideas, then get back together and pick one?"

This is wrong on so many levels. To begin with, his idea is not on the agenda. Second, he assumes I am willing to give up on my idea. Third, he assumes it's one or the other, this is a false choice logical fallacy.

More importantly, with this trick he can potentially achieve four immediately obvious things. First, wipe the slate clean to run his arguments by me again. Second, put distance between the chats so that I have time to move from my strong position, and consider his, perhaps feeling uncomfortable turning him down again. Third, it puts the subject on the agenda. And fourth, potentially try to wear me down, as most people won't call again in two days, or in two months.

I didn't miss a beat.

"I would be happy to discuss your idea separately, it sounds very interesting and I'd be happy to work with you on it. However, my resources are limited and at this time I am only interested in working on this one."

I added my winning argument: "I believe that I can get very good PR coverage for this mini-event, and get cooperation with Famous-Non-Profit which will also be happy to cover a part of the costs."

He lighted up at the mention of PR. We spoke for a bit and he asked me for a few days to speak with his boss. A few days when I have only a month to get things going are critical, so I wasn't happy about it. But the request was reasonable. He threw the ball into my court though, so when I got off the phone, I sent him an email.

I detailed five good ideas for his event, mentioned I was happy to talk with him, and was looking forward to hear from him soon. I also attached my phone number.

As I said when I started this post, he really is a good guy, and very friendly. But he is also a politician. He is an expert communicator who interviewed people live for a decade as a journalist. So while I dislike manipulative behavior I recognize that for some, such behavior is more than acceptable. In fact, it is regular m.o. and needs to be expected as part of the game.

Thing is, even just a few years ago I would have gotten stuck after his first interrupt, and either ended up working on his event without realizing it -- or by being too friendly. Worse still, I could have mishandled the communication in a potentially offensive fashion. Some years ago more, and I wouldn't have been able to play the game, and would have taken offense.

Being able to switch gears into "I'm being manipulated", think fast on my feet with my responses, and keep the conversation on track for my purposes (also the stated agenda of the call) -- all while keeping the rapport going without losing one heart beat, got me very excited. The content of the call was suddenly secondary.

While I am extremely straight-forward and honest in my communication style to a point of bluntness, I am a work in progress and am always learning. And I must admit, when two professionals meet, the conversation is happening on a completely different level. I am just surprised he didn't read through me that I was on to every single trick, when I was able to deflect them all. Or maybe he did and kept throwing them at me anyway to try and outwit me?

The cynic in me may in retrospect reconsider the first thing he ever said to me, to call him back on land line, as a manipulative gesture to get me in a compliant mood. But that would be too paranoid -- wouldn't it?

There are a few issues to consider about this encounter:

1. What was his motive? Perhaps he confused me for a hungry young hot shot, and wanted to use my excitement for his own ends. Perhaps a clear-cut switch-a-roo to get me to work on his event, "stealing" me from mine. Thus, bringing the conversation to where he wants it.

Then again, maybe he was just trying to end the conversation non-confrontationally.

2. His main tricks, in order were: change subject, switch-a-roo, get back together in 2 days.

3. What can you do to counter such tricks? After all, you may not always have a quick wit about you, or know the specific tricks.

The answer is similar to holding your own in politics: Stay on message. Know what your message is and stick to it. Others may try to confuse you, throw you off, and introduce a red-herring such as sending it for discussion in committee. Stay on message.

4. More importantly, the conversation made it clear it is quite possible he has no political power on this front, and thus can't give me what I want anyway.

Which brings us to...

5. What is your goal?
I kept going as I wanted to convince him, and after a fashion, I did get the best possible alternative result. But why keep at it if it won't achieve my goal?

Two tricks such as he used can be excuses as part of natural discussion, at the third, why keep at it? By this time it is clear to both sides what's going on and no positive result can come out of it.

More importantly, my purpose is to achieve a goal, and if I am not going to, why stay on a call that is probably uncomfortable for at least one of the sides, and as sure as the sky is blue, wastes my time?

If my purpose is not adversarial, why treat the situation as a battle? Cooperative discussion is a much better approach. As no cooperation was likely to happen, keeping the discussion going was pointless.

In summary, it didn't work out. But you should not get me wrong, I have a lot of respect for the guy. But it was one of the more fascinating five minutes in my life these past few months.

Here are some articles I wrote on similar experiences I had:
I'm interested, but in you
Snap! Jazz music and mass hypnosis
WTF! Or, wow, this never happened to me before!

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron

Case study: undetected malware

noreply@blogger.com (Gadi Evron) — Sun, 14 Feb 2010 07:17:00 +0000

In this case study from The George Washington University, researchers Sara Laughlin and Matthew Wollenweber released their work on previously undetected malware they discovered via their IDS system. Unknown to most anti virus products, and proceeded to analyze it:

On January 7th, 2010 GWU ISS Security identified a potential threat by a signature alert on a network sensor. Later analysis confirmed a security threat not currently detected by most antivirus products. This report details how the malware was detected and the analysis of the threat. Additionally, we hope this informs readers of a current threat.

This report underscores how anti virus products while a critical part of any computer's security, are insufficient by themselves, and inherently incomplete as a reactive solution.

I applaud the good work from the researchers, and even more, the fact they took the time to write and to release this report. These are barely ever public, and they earned my respect.

You can read the complete article here:
http://www.cyberwart.com/blog/2010/01/09/undetected-malware-case-study-jan2010-01/

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron