If you are unfamiliar with Daniel Suarez’ pair of brilliant novels: Daemon, and its sequel Freedom(tm), you really need to stop right here and go read them. They’re fascinating books and I think most folk in information security would enjoy reading them.

Possible mild spoiler alerts follow.

A major element of the two novels is a botnet, created with artificial intelligence and pathfinding elements developed by an MMO game developer, that, upon the creator’s death, begins to wreak havoc in order to affect a form of major societal change. While a botnet can autonomously do a lot electronically, such as build up funding via various forms of fraud, gather information from online systems, etc., it would be limited in what it can do in the “real world” (beyond what’s in the immediate reach of control systems).

To accomplish things outside of cyberspace the botnet recruits human operators to do various tasks, using VOIP, surveillance systems to monitor progress, and the funds it is acquiring to reward/incentivize operators. By the second book this escalates to the point that “DarkNet” operators wearing glasses that project waypoints and objectives for them to accomplish perform tasks for “DarkNet credits”, an alternative currency built around the new society being built by the system.

In short: Human nodes in a botnet. You can treat a human like a remote procedure call: arguments are task description and money, return value is measured success or failure.

Obviously this is something that Google Glass was created for. I think so, and Google appears to agree:

BGYeEuUCYAAbZfR

I don’t think they read the same books I read, but hey, maybe they did.

Honestly, I was just having a laugh at what immediately came to mind when Glass was announced. While I’d be happy to develop a nice tactical objective/waypoint control system for multiple operators using Glass, I’m not (at the moment) keen on paying $1500 and a flight to New York for the privilege.

If anyone wants human botnet software and wants to fund it, let me know.

 

Just a little noodling around, followed by fun facts:

HacBook:~ wesley$ nslookup coresecurity.com
Server:		10.0.0.1
Address:	10.0.0.1#53

Non-authoritative answer:
Name:	coresecurity.com
Address: 208.253.45.70

HacBook:~ wesley$ whois 208.253.45.70
MCI Communications Services, Inc. d/b/a Verizon Business UUNET1996B (NET-208-192-0-0-1)
208.192.0.0 - 208.255.255.255
CORE SECURITY TECHNOLOGIES UU-208-253-45-64-D9 (NET-208-253-45-64-1)
208.253.45.64 - 208.253.45.127

# ARIN WHOIS database, last updated 2009-06-28 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

HacBook:~ wesley$ grep 208.253.45 *.log > corelog_lol.txt
HacBook:~ wesley$ wc -l corelog_lol.txt
124 corelog_lol.txt

McGrew Security Late Show Fun Facts about Core Security visitors to the site :

And my favorite:

  • 1 computer with the FunWebProducts adware/spyware.

Update 6/29/09 3:26 PM

Someone at Core just figured out that mcgrewsecurity.com ranks higher than coresecurity.com for their own party:

20090629.log:208.253.45.86 - - [29/Jun/2009:14:15:29 -0400]
"GET /2009/06/24/core-security-apologizes-not-cool-enough-for-core-2009-gathering-proposed/ HTTP/1.0" 200 5366
"http://www.google.com/search?q=core+security+party+at+black+hat&rls=com.microsoft:en-us:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7ADBF_en"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

(and the FunWebProducts one came back)

 

This afternoon I received a very polite call from Kim Legelis, the vice-president of marketing at Core Security.  She and I talked for some time about the problems I spoke about in yesterday’s post, and how changes need to be made to the process they use to invite people to their “cool kids” party at Black Hat.  Over the past day I have gotten feedback from readers of this blog and followers on twitter about other cases where Core hasn’t been the friendliest to deal with.  I took the conversation as an opportunity to mention those issues, as well, and that Core, as a company with a great product, needs to be a little more careful with how they interact with the community.

I enjoyed speaking with Kim candidly about the alienating (and silly) nature of the phone conversation I had yesterday.  She assures me that they’re taking the feedback and using it to improve their processes.  If that turns out to be the case, then great!  If you, as a reader, have had a bad experience contacting Core Security, either in the past or after this incident, I would encourage you to share it in the comments for this post.  I’m sure they’re reading now.

I’m looking forward to dropping by the Core Security booth at Black Hat USA 2009 this year.  If you are going too, perhaps we’ll arrange a “Not Cool Enough For Core 2009″ outing at a buffet that night.  I’ll even let you put yourself on a “Maybe List” for it, in case you want to stay in the “waiting list” limbo for Core’s ;-) .  If you are interested, leave a comment or drop me an email if you want to be private and sneaky about it.

 

Non-technical post here, however this might be useful if you’re running a business in this industry and want to learn how not to handle your relations with members of the community.

Core Security recently sent out emails about their party at Black Hat USA 2009, asking the recipients to claim their pass.  I assumed that Core were bright enough to do their homework and only send out invites to people they wanted to attend the party, but, as you’ll see, that’s not the case.  I filled out the form, submitted it, and made sure that a colleague of mine attending the conference had also received an invite and submitted a claim.

A week later, today, I get a phone call from Core Security.  The guy on the other end of the line asks me several questions about my affiliations (McGrewSecurity and the MSU CIPC/CCSR), company size, how I heard about Core Impact, etc.  All of this was information that I had already filled out on the form requesting my pass, which was sort of irritating to start with.  Then, he explained how all of this information would be passed to their marketing folks, in order to make a decision as to whether or not they want to issue me a pass to their party…  and that if I didn’t make the cut, I would go onto a waiting list.

I realize that a party like this is an opportunity for Core Security to reward loyal customers and woo potential large clients.  I realize that there is a need for a process like this.  That process should, however, be done in such a way that they’re not alienating large chunks of the community that they sent emails out to.  Do a little legwork and figure out who you’re asking to your party ahead of time, and you might just avoid awkward situations like this.

After being given the “you just might not be cool enough for the Core Security party” speech, you can imagine that I didn’t exactly have warm and fuzzy feelings towards Core after getting off the phone.  As a matter of fact, I couldn’t wait to get off the phone with the guy.  I’m sure that a lot of productive and contributing members of the security community that don’t work for large companies will feel the same way after being grilled over the phone.

And if I’m “just cool enough for the waiting list”, that’s almost worse.  Am I expected to sit around anticipating that lucky moment when enough people bail to allow me in?  Maybe I’m the only one who feels insulted to get a phone call for the sole purpose of ranking me, without having even bothered to look up anything about me beforehand or even the thinnest veil of being interested in any of it.

Core Impact’s a cool product and all, but after that encounter, I’m not in the mood to give them five bucks for it.  Maybe that doesn’t matter to them, because they’ll have a party full of folks who will give them much more.  If they keep riding rough with their relationships with members of the security community, however, they might find their talent pool and word-of-mouth support drying up.

 

I suppose I could edit this after the fact, so if you really want to keep me honest, copy/paste or print this off for future reference :)

HacBook:Desktop wesley$ md5 the_dirt.txt
MD5 (the_dirt.txt) = a6fc95c8a8cd6f996c3a572af6d57f4d

Yet another thing you’re just going to have to hang on for.

Edit: Here’s the SHA-1 for you really picky ones :) :

HacBook:Desktop wesley$ openssl sha1 the_dirt.txt
SHA1(the_dirt.txt)= 4759da1616dce01137a57ac16a2a24b89ba311ae
© 2012 McGrew Security Suffusion theme by Sayontan Sinha