tag:blogger.com,1999:blog-4088979.post113735812022503769..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: DoD CyberCrime Conference Wrap-UpRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-4088979.post-1137451291394327632006-01-16T17:41:00.000-05:002006-01-16T17:41:00.000-05:00>I sat for an hour, signed one >book, and gave cop...>I sat for an hour, signed one <BR/>>book, and gave copies of my three <BR/>>books away to a few stalwart <BR/>>visitors.<BR/><BR/>This is why I would trust Richard's opinion on security matters above that of many others; he has integrity! [to say what no other book author likes to say]Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137385476390952592006-01-15T23:24:00.000-05:002006-01-15T23:24:00.000-05:00Hi Richard, I attended the conference too and shar...Hi Richard, I attended the conference too and share your sentiments on two fronts: Alan Paller and Dr. Nasir Memon. Alan gets so much ink as Director of SANS, yet I don't know why. His presentation demonstrated little technical understanding, particularly during his woeful attack demonstration. On the subject of real threats, he certainly can't pass on an opportunity to mention <A HREF="http://news.google.com/news?hl=en&ned=us&ie=UTF-8&q=%22titan+rain%22+alan+paller&filter=0" REL="nofollow">Titan Rain</A>, but continues to give the impression SANS had something to do with the Titan Rain investigation. "As best as we can tell..." he says. Who's "we"? Did those alleged Guondong province hackers also hit isc.sans.org? Or did SANS obtain access to forensic evidence from gov't/mil systems? If so, why?<BR/><BR/>It was troublesome how many conferees I overheard lauding his presentation and suggesting organizing further presentations.<BR/><BR/>On to Dr. Memon, who gave two phenomenal presentations. I had heard of ForNet prior to this conference, but had no idea how it could work. It simply blew me away. The distinction that ForNet doesn't store full packet contents opens fascinating legal opportunities. Wouldn't storing a hash of a packet fall under the pen register/trap and trace clauses of wiretap laws? Could LEO have a wiretap enacted on an individual, but use ForNet to identify if any other parties are trafficking the same information on the wire? The DOJ lawyers who presented Patriot Act trespasser wiretapping should give the good Professor a ring.<BR/><BR/>His second presentation on reassembling files from individual pieces was also very interesting. He reduced reassembling a file to solving a Hamiltonian graph. All your chunks are nodes on a graph, and the statistical likelihood that two pieces connect is the weight on that segment. Now, find the path with the highest weight.<BR/><BR/>Cheers to Dr. Memon and all his grad students for research par excellence! And cheers to the <B>DC3</B> for another fantastic conference!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137376862934681552006-01-15T21:01:00.000-05:002006-01-15T21:01:00.000-05:00I have heard of that project. Packet Vault does n...I have heard of that project. <A HREF="http://www.citi.umich.edu/projects/apv/" REL="nofollow">Packet Vault</A> does not appear to make any special effort to reduce traffic, perhaps beyond simple compression?Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137376748343908272006-01-15T20:59:00.000-05:002006-01-15T20:59:00.000-05:00Interrogator sounds like CITI's Packet Vault.Interrogator sounds like CITI's Packet Vault.Anonymousnoreply@blogger.com