On 2011-02-15, at 4:43 PM, Wayne Teeple wrote:

Their approach to solving the = malware problem by looking the Internet sounds similar. Check them = out at
cheers
Wayne Teeple, CD, PMP, CISA, = ITIL
Managing Partner

Phirelight = E-Business Solutions Inc.
908-75 Albert = Street
Ottawa, ON, = Canada K1P 5E7
Tel: = 1.613.276.8443 x101
Toll: 1.877.672.8070
Fax: = 1.613.422.8475

This communication = contains confidential information intended solely for the use of the = individual/s and/or entity or entities to whom it was intended to be = addressed. If you are not the intended recipient, be aware that any = disclosure, distribution or use of the contents of this transmission is = prohibited. If you have received this communication in error, please = contact the sender immediately, delete the communication from your = system and do not disclose its contents to any third party or use its = contents. Any opinions expressed are solely those of the author and do = not necessarily represent those of Phirelight E-Business Solutions Inc. = unless otherwise specifically stated.

Classification: = UNCLASSIFIED
Content-Type: multipart/alternative; boundary=Apple-Mail-1--468395710 Message-Id: Date: Tue, 15 Feb 2011 18:51:07 -0500 To: Karim Hijazi Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (iPad Mail 8C148) X-Mailer: iPad Mail (8C148) --Apple-Mail-1--468395710 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii InformationWeek (@InformationWeek) 2/15/11 16:22 Security Spending Grabs Greater Share Of IT Budgets http://twb.io/dHx2WA -J. --Apple-Mail-1--468395710 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=utf-8
InformationWeek (@InformationWeek)
2/15/11 16:22
Security Spending Grabs Greater Share Of IT Budgets http://twb.io/dHx2WA

-J.
--Apple-Mail-1--468395710-- From - Sat May 21 19:25:28 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.75.203 with SMTP id z11cs367806faj; Tue, 15 Feb 2011 15:51:57 -0800 (PST) Received: by 10.100.4.12 with SMTP id 12mr2483092and.245.1297813916871; Tue, 15 Feb 2011 15:51:56 -0800 (PST) Return-Path: Received: from mail-gw0-f45.google.com (mail-gw0-f45.google.com [74.125.83.45]) by mx.google.com with ESMTPS id c24si8660839ana.84.2011.02.15.15.51.56 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 Feb 2011 15:51:56 -0800 (PST) Received-SPF: neutral (google.com: 74.125.83.45 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) client-ip=74.125.83.45; Authentication-Results: mx.google.com; spf=neutral (google.com: 74.125.83.45 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) smtp.mail=jtubbs@unveillance.com Received: by gwaa12 with SMTP id a12so388872gwa.4 for ; Tue, 15 Feb 2011 15:51:56 -0800 (PST) Received: by 10.151.99.19 with SMTP id b19mr142336ybm.432.1297813916145; Tue, 15 Feb 2011 15:51:56 -0800 (PST) Return-Path: Received: from [192.168.1.70] (99-1-188-105.lightspeed.tukrga.sbcglobal.net [99.1.188.105]) by mx.google.com with ESMTPS id q31sm373345yba.18.2011.02.15.15.51.55 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 Feb 2011 15:51:55 -0800 (PST) Subject: @CNETNews, 2/15/11 16:44 From: "J. Tubbs" Content-Type: multipart/alternative; boundary=Apple-Mail-2--468346562 Message-Id: <126C4EEE-B07F-4A5A-8568-F00609969A41@unveillance.com> Date: Tue, 15 Feb 2011 18:51:56 -0500 To: Karim Hijazi Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (iPad Mail 8C148) X-Mailer: iPad Mail (8C148) --Apple-Mail-2--468346562 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii CNET News (@CNETNews) 2/15/11 16:44 Defense Dept. proposes armoring civilian networks http://cnet.co/e7zOlD -J. --Apple-Mail-2--468346562 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=utf-8
CNET News (@CNETNews)
2/15/11 16:44
Defense Dept. proposes armoring civilian networks http://cnet.co/e7zOlD

-J.
--Apple-Mail-2--468346562-- From - Sat May 21 19:25:28 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.75.203 with SMTP id z11cs363252faj; Tue, 15 Feb 2011 13:34:41 -0800 (PST) Received: by 10.42.220.4 with SMTP id hw4mr7307899icb.420.1297805680567; Tue, 15 Feb 2011 13:34:40 -0800 (PST) Return-Path: Received: from mail-01.primus.ca (smtp-noauth7.primus.ca [216.254.180.38]) by mx.google.com with ESMTP id r10si10554504ict.137.2011.02.15.13.34.39; Tue, 15 Feb 2011 13:34:40 -0800 (PST) Received-SPF: neutral (google.com: 216.254.180.38 is neither permitted nor denied by best guess record for domain of wteeple@phirelight.com) client-ip=216.254.180.38; Authentication-Results: mx.google.com; spf=neutral (google.com: 216.254.180.38 is neither permitted nor denied by best guess record for domain of wteeple@phirelight.com) smtp.mail=wteeple@phirelight.com Received: from [209.183.16.122] (helo=remote.phirelight.com) by mail-01.primus.ca with esmtp (Exim 4.72) (envelope-from ) id 1PpSXe-0003rQ-2y; Tue, 15 Feb 2011 16:34:39 -0500 Received: from HQ-SERVER01.phirelight.local ([fe80::ac3e:9afd:c989:bdb7]) by HQ-SERVER01.phirelight.local ([fe80::ac3e:9afd:c989:bdb7%10]) with mapi; Tue, 15 Feb 2011 16:34:37 -0500 From: Wayne Teeple To: Chris Davis , "khijazi@unveillance.com" Date: Tue, 15 Feb 2011 16:34:36 -0500 Subject: FW: Phirelight Security Solutions (U) Thread-Topic: Phirelight Security Solutions (U) Thread-Index: AcvJPMPqjQ492UB/RgCHBGcK6ni+sgAAXqAQAN0oEmAAKAj6IA== Message-ID: <80963646E3F14941BE5B9A59D4B477F5FB53EBD2E5@HQ-SERVER01.phirelight.local> Accept-Language: en-US, en-CA Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-classification: UNCLASSIFIED acceptlanguage: en-US, en-CA Content-Type: multipart/alternative; boundary="_000_80963646E3F14941BE5B9A59D4B477F5FB53EBD2E5HQSERVER01phi_" MIME-Version: 1.0 --_000_80963646E3F14941BE5B9A59D4B477F5FB53EBD2E5HQSERVER01phi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Classification: UNCLASSIFIED FYI, what was it you had mentioned about these guys?? I would like to know= before I respond or whether or not I should? I have a pretty good inroad = with the DND Int folks, and I don't want to present something that may leav= e egg on my face!! cheers Wayne Teeple, CD, PMP, CISA, ITIL Managing Partner Phirelight E-Business Solutions Inc. 908-75 Albert Street Ottawa, ON, Canada K1P 5E7 Tel: 1.613.276.8443 x101 Toll: 1.877.672.8070 Fax: 1.613.422.8475 www.phirelight.com This communication contains confidential information intended solely for th= e use of the individual/s and/or entity or entities to whom it was intended= to be addressed. If you are not the intended recipient, be aware that any = disclosure, distribution or use of the contents of this transmission is pro= hibited. If you have received this communication in error, please contact t= he sender immediately, delete the communication from your system and do not= disclose its contents to any third party or use its contents. Any opinions= expressed are solely those of the author and do not necessarily represent = those of Phirelight E-Business Solutions Inc. unless otherwise specifically= stated. From: Asher Sinensky [mailto:asinensky@palantir.com] Sent: Monday, February 14, 2011 8:53 PM To: Doug Kirkpatrick Cc: Wayne Teeple Subject: RE: Phirelight Security Solutions (U) Hello Doug, Wayne, Thanks for the information. Can you describe a bit what sort of partnershi= p you would envision between Palantir and Phirelight? Would this be a resel= ler arrangement? Would you be using Palantir to assist your clients? Any in= sight you can give me on your desired goals in this matter would be great. Best, Asher From: Doug Kirkpatrick [mailto:dkirkpatrick@phirelight.com] Sent: Thursday, February 10, 2011 8:30 AM To: Asher Sinensky Subject: FW: Phirelight Security Solutions (U) Classification: UNCLASSIFIED Hello Asher, Wayne Teeple asked me to send off some corporate collateral that outlines o= ur firm, our market and our expertise. Attached please find our Phirelight corporate Glossy and data sheets on our= 3 streams of business. I was first made aware of Palantir at an ISSA meeting where a Dr form UoT s= poke on Ghostnet and then at a SECDEV presentation a year later when he cam= e back to speak again. I was then and continue to be keenly interested in your capability as it mi= rrors nicely our expertise and current direction. I look forward to hearing more. If you have any further questions please don't hesitate to call. Regards, Doug Kirkpatrick Director Major Accounts Phirelight Security Solutions 75 Albert St., Suite 908, Ottawa, Ontario K1P 5E7 Tel: 613-276-8443 x108 Cell: 613-668-5656 Fax: 613-422-8475 www.phirelight.com Classification: UNCLASSIFIED --_000_80963646E3F14941BE5B9A59D4B477F5FB53EBD2E5HQSERVER01phi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Classif= ication: UNCLASSIFIED

FYI, what was it you had mentioned about the= se guys?? I would like to know before I respond or whether or not I s= hould? I have a pretty good inroad with the DND Int folks, and I don&= #8217;t want to present something that may leave egg on my face!!
<= /o:p>
cheers

Wayne Teeple, CD, PMP, CISA, ITIL
Managing Partner
Phirelight E-Business Solutions Inc.
908-75 Albert Street
Ottawa, = ON, Canada K1P 5E7
Tel: 1.613.276.8443 x101
Toll: 1.877.672.8070 Fax: 1.613.422.8475
www.phirelight.com

This communication contains confident= ial information intended solely for the use of the individual/s and/or enti= ty or entities to whom it was intended to be addressed. If you are not the = intended recipient, be aware that any disclosure, distribution or use of th= e contents of this transmission is prohibited. If you have received this co= mmunication in error, please contact the sender immediately, delete the com= munication from your system and do not disclose its contents to any third p= arty or use its contents. Any opinions expressed are solely those of the au= thor and do not necessarily represent those of Phirelight E-Business Soluti= ons Inc. unless otherwise specifically stated.
=
=
From: Asher Sinensky [mailto:asinensky= @palantir.com]
Sent: Monday, February 14, 2011 8:53 PM
To:= Doug Kirkpatrick
Cc: Wayne Teeple
Subject: RE: Phi= relight Security Solutions (U)

Hello Doug, Wayne,
Thanks for the information. Can you describe a = bit what sort of partnership you would envision between Palantir and Phire= light? Would this be a reseller arrangement? Would you be using Palantir to= assist your clients? Any insight you can give me on your desired goals in = this matter would be great.
Best,
Asher

<= p class=3DMsoNormal>From: Doug Kirkpatrick [mailto:dkirkpatrick@phirelight.co= m]
Sent: Thursday, February 10, 2011 8:30 AM
To: Asher= Sinensky
Subject: FW: Phirelight Security Solutions (U)

Classification: UNCLASSIFIED<= /span>

Hello Asher,
Wayne Teeple asked me to send off some corporate coll= ateral that outlines our firm, our market and our expertise.
Attached please find our Phirelight co= rporate Glossy and data sheets on our 3 streams of business.

I was first made aware of Palantir at an ISSA meeting= where a Dr form UoT spoke on Ghostnet and then at a SECDEV presentation a = year later when he came back to speak again.

I was then and continue to be keenly interested in your capability as = it mirrors nicely our expertise and current direction.

I look forward to hearing more.

If you have any further questions please don’t hesitate to call.=

Regards,

Doug Kirkpatrick
Director Major Accounts
= Phirelight Security Solutions
7= 5 Albert St., Suite 908,
Ottawa, Ontario = K1P 5E7
Tel: 613-276-8443   x108
Cell: 613-668= -5656
Fax: 613-422-8475
www.phirelight.co= m
<= /o:p>
Classification: = UNCLASSIFIED

= --_000_80963646E3F14941BE5B9A59D4B477F5FB53EBD2E5HQSERVER01phi_-- From - Sat May 21 19:25:28 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 References: <918394DE-63D5-45B3-A674-A7581A8EF6D5@morrigan.ca> From: Karim Hijazi In-Reply-To: <918394DE-63D5-45B3-A674-A7581A8EF6D5@morrigan.ca> Mime-Version: 1.0 (iPhone Mail 8C148) Date: Tue, 15 Feb 2011 16:34:44 -0500 Delivered-To: khijazi@unveillance.com Message-ID: <-3664044879306219915@unknownmsgid> Subject: Re: proposal To: Chris Davis Content-Type: multipart/alternative; boundary=0015173ff5a6027b1f049c58ef01 --0015173ff5a6027b1f049c58ef01 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Did you respond? On my way back. Meet me in the bar in 15 or so? -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** On Feb 15, 2011, at 3:22 PM, Chris Davis wrote: *From: *Daniel Ingevaldson *Date: *February 15, 2011 2:48:38 PM EST *To: *Chris Davis *Subject: **proposal* Chris=97thank you for putting together the proposal for your services. I'm happy that you guys sorted out the organization between you and Keith and I believe it will help contribute to an even higher quality product going forward. Our current deal for sinkhole data ends in March at the $60k/year level. What I would like to do going forward is to give you a two year commitment for the Botnet Sinkhole Feed, with 1 minimum of three new botnets added per month, monthly volume over 700k and 0% false positives. We'd also like to trial the VIP sinkhole for a few months to get a sense of the quality and usefulness of the data. As discussed on the phone, I don't want to bite of= f the SOA feed just yet, but fully expect that we're going to move forward with both the VIP sinkhole and SOA feed at sometime in 2011. I would also like to define a construct where we can contract with you directly for specific efforts going forward. Our current contract with you is for $60k/or $5/month. I'm prepared to increase out commitment to Morrigan to $7/mo for these services with an option to increase to $10k/mo for 90-day exclusivity on the VIP sinkhole within the first six months. If these general terms are agreeable, we can iterate on the current proposal and knock out all the terms and conditions/legal stuff. I'm very much looking forward to working with you again and am excited to learn more about your efforts in academia. I have = a sense that we may be able to work on some interesting projects in addition to the feeds going forward. I'm at RSA for the next couple days and am available to chat/discuss. I'm back in ATL on Friday. Thanks Chris. Best, -d -------------------------------- Daniel S. Ingevaldson, COO Endgame Systems, Inc. dsi@endgames.us (w)404-941-3891 (f)404-795-0821 (m)404-992-9449 --0015173ff5a6027b1f049c58ef01 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable
Did you respond? =A0On my way back. Me= et me in the bar in 15 or so?

--
All the best,
<= div>
Karim Hijazi
CEO | President
Unveill= ance

O. (800) 540-8478
M. (561) 542-5704
www.unveillance.com
khijazi@unveillance.com

********************************************
CONFIDENTIAL &a= mp; PRIVILEGED COMMUNICATION This message is for the named
person= 's use only. The information contained in this communication is

confidential and/or privileged, proprietary information that is
<= div>transmitted solely for the purpose of the intended recipient(s). No
confidentiality or privilege is waived or lost by any
mistransmission. =A0If you receive this message in error, please
= immediately delete it and all copies of it from your system, destroy
<= div>any hard copies of it and notify the sender. You must not, directly or<= /div>
indirectly, use, disclose, distribute, print, or copy any part of this=
message if you are not the intended recipient. The sender or any= of
its subsidiaries each reserve the right to monitor all e-mail=

communications through its networks.
***********************= *********************

On Feb 15, 2011, at 3:22 PM, Chri= s Davis <cdavis@morrigan.ca>= ; wrote:

From: Daniel Ingevaldson <= dsi@endgames.us>

Date: February 15, 2011 2= :48:38 PM EST

To: Chris Davis <cdavi= s@morrigan.ca>

Subject: proposal

Chris=97thank you= for putting together the proposal for your services. =A0I'm happy that= you guys sorted out the organization between you and Keith and I believe i= t will help contribute to an even higher quality product going forward. =A0=

Our current deal for sinkhole data ends in March at the= $60k/year level. =A0What I would like to do going forward is to give you a= two year commitment for the Botnet Sinkhole Feed, with 1 minimum of three = new botnets added per month, monthly volume over 700k and 0% false positive= s. =A0We'd also like to trial the VIP sinkhole for a few months to get = a sense of the quality and usefulness of the data. =A0As discussed on the p= hone, I don't want to bite off the SOA feed just yet, but fully expect = that we're going to move forward with both the VIP sinkhole and SOA fee= d at sometime in 2011. =A0I would also like to define a construct where we = can contract with you directly for specific efforts going forward.

Our current contract with you is for $60k/or $5/month. = =A0I'm prepared to increase out commitment to Morrigan to $7/mo for the= se services with an option to increase to $10k/mo for 90-day exclusivity on= the VIP sinkhole within the first six months. =A0If these general terms ar= e agreeable, we can iterate on the current proposal and knock out all the t= erms and conditions/legal stuff. =A0I'm very much looking forward to wo= rking with you again and am excited to learn more about your efforts in aca= demia. =A0I have a sense that we may be able to work on some interesting pr= ojects in addition to the feeds going forward. =A0I'm at RSA for the ne= xt couple days and am available to chat/discuss. =A0I'm back in ATL on = Friday. =A0Thanks Chris. =A0

Best,
-d=A0
--------------------------------
= Daniel S. Ingevaldson, COO

Endgame Systems, Inc.
dsi@endgames.us
(w)404-94= 1-3891
(f)404-795-0821
(m)404-992-9449

--0015173ff5a6027b1f049c58ef01-- From - Sat May 21 19:25:28 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.75.203 with SMTP id z11cs363733faj; Tue, 15 Feb 2011 13:43:11 -0800 (PST) Received: by 10.42.169.196 with SMTP id c4mr3076632icz.483.1297806190180; Tue, 15 Feb 2011 13:43:10 -0800 (PST) Return-Path: Received: from mail-08.primus.ca (smtp-noauth7.primus.ca [216.254.180.38]) by mx.google.com with ESMTP id p19si10607175icb.12.2011.02.15.13.43.08; Tue, 15 Feb 2011 13:43:09 -0800 (PST) Received-SPF: neutral (google.com: 216.254.180.38 is neither permitted nor denied by best guess record for domain of wteeple@phirelight.com) client-ip=216.254.180.38; Authentication-Results: mx.google.com; spf=neutral (google.com: 216.254.180.38 is neither permitted nor denied by best guess record for domain of wteeple@phirelight.com) smtp.mail=wteeple@phirelight.com Received: from [209.183.16.122] (helo=remote.phirelight.com) by mail-08.primus.ca with esmtp (Exim 4.72) (envelope-from ) id 1PpSfr-0003Rf-2a; Tue, 15 Feb 2011 16:43:08 -0500 Received: from HQ-SERVER01.phirelight.local ([fe80::ac3e:9afd:c989:bdb7]) by HQ-SERVER01.phirelight.local ([fe80::ac3e:9afd:c989:bdb7%10]) with mapi; Tue, 15 Feb 2011 16:43:07 -0500 From: Wayne Teeple To: "khijazi@unveillance.com" , Chris Davis Date: Tue, 15 Feb 2011 16:43:05 -0500 Subject: Is this a competitor?? Qualys (U) Thread-Topic: Is this a competitor?? Qualys (U) Thread-Index: AcvNWVPqva189UwTTHGOzzkyDSuQYw== Message-ID: <80963646E3F14941BE5B9A59D4B477F5FB53EBD2E7@HQ-SERVER01.phirelight.local> Accept-Language: en-US, en-CA Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-classification: UNCLASSIFIED acceptlanguage: en-US, en-CA Content-Type: multipart/alternative; boundary="_000_80963646E3F14941BE5B9A59D4B477F5FB53EBD2E7HQSERVER01phi_" MIME-Version: 1.0 --_000_80963646E3F14941BE5B9A59D4B477F5FB53EBD2E7HQSERVER01phi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Classification: UNCLASSIFIED Their approach to solving the malware problem by looking the Internet sound= s similar. Check them out at http://www.qualys.com/products/qg_suite/malwa= re_detection/ cheers Wayne Teeple, CD, PMP, CISA, ITIL Managing Partner Phirelight E-Business Solutions Inc. 908-75 Albert Street Ottawa, ON, Canada K1P 5E7 Tel: 1.613.276.8443 x101 Toll: 1.877.672.8070 Fax: 1.613.422.8475 www.phirelight.com This communication contains confidential information intended solely for th= e use of the individual/s and/or entity or entities to whom it was intended= to be addressed. If you are not the intended recipient, be aware that any = disclosure, distribution or use of the contents of this transmission is pro= hibited. If you have received this communication in error, please contact t= he sender immediately, delete the communication from your system and do not= disclose its contents to any third party or use its contents. Any opinions= expressed are solely those of the author and do not necessarily represent = those of Phirelight E-Business Solutions Inc. unless otherwise specifically= stated. Classification: UNCLASSIFIED --_000_80963646E3F14941BE5B9A59D4B477F5FB53EBD2E7HQSERVER01phi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Classif= ication: UNCLASSIFIED

Their approach to solving the malwar= e problem by looking the Internet sounds similar. Check them out at <= a href=3D"http://www.qualys.com/products/qg_suite/malware_detection/">http:= //www.qualys.com/products/qg_suite/malware_detection/

cheers

Wayne Teeple, CD, PMP, CISA, ITIL
Mana= ging Partner

Phirelight E-Business Solutions Inc.
908-75 Albert= Street
Ottawa, ON, Canada K1P 5E7
Tel: 1.613.276.8443 x101
Toll= : 1.877.672.8070
Fax: 1.613.422.8475
www.phirelight.com

This communication contains confidential information inten= ded solely for the use of the individual/s and/or entity or entities to who= m it was intended to be addressed. If you are not the intended recipient, b= e aware that any disclosure, distribution or use of the contents of this tr= ansmission is prohibited. If you have received this communication in error,= please contact the sender immediately, delete the communication from your = system and do not disclose its contents to any third party or use its conte= nts. Any opinions expressed are solely those of the author and do not neces= sarily represent those of Phirelight E-Business Solutions Inc. unless other= wise specifically stated.
&= nbsp;

=

&n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;             &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;
Classification: UNCLASSIFIED

= --_000_80963646E3F14941BE5B9A59D4B477F5FB53EBD2E7HQSERVER01phi_-- From - Sat May 21 19:25:28 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.75.203 with SMTP id z11cs363837faj; Tue, 15 Feb 2011 13:45:42 -0800 (PST) Received: by 10.220.192.137 with SMTP id dq9mr1644945vcb.87.1297806340826; Tue, 15 Feb 2011 13:45:40 -0800 (PST) Return-Path: Received: from smtpout08.prod.mesa1.secureserver.net (smtpout08-01.prod.mesa1.secureserver.net [64.202.165.119]) by mx.google.com with SMTP id u12si4732870vbx.56.2011.02.15.13.45.39; Tue, 15 Feb 2011 13:45:40 -0800 (PST) Received-SPF: neutral (google.com: 64.202.165.119 is neither permitted nor denied by best guess record for domain of jeff@grayconsultingco.com) client-ip=64.202.165.119; Authentication-Results: mx.google.com; spf=neutral (google.com: 64.202.165.119 is neither permitted nor denied by best guess record for domain of jeff@grayconsultingco.com) smtp.mail=jeff@grayconsultingco.com Received: (qmail 28720 invoked from network); 15 Feb 2011 21:45:39 -0000 Received: from unknown (174.49.68.30) by smtpout08.prod.mesa1.secureserver.net (64.202.165.119) with ESMTP; 15 Feb 2011 21:45:38 -0000 From: "Jeff Gray" To: References: <4D43D33F.7010409@unveillance.com> <65FF654588EEB143B327D73EFE3B86E20C7CA7B9F4@mmmmail03.mmmlaw.com> <4D49A05C.5030007@unveillance.com> In-Reply-To: <4D49A05C.5030007@unveillance.com> Subject: RE: Unveillance / MMM Date: Tue, 15 Feb 2011 16:45:30 -0500 Message-ID: <005901cbcd59$abb43ad0$031cb070$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcvDBdxkvq51f+iMT3eh687PVJZyyQKU7wZA Content-Language: en-us Hey -- We need to catch up. I'll be around a ton of investors all day tomorrow and want to go over a few things. -----Original Message----- From: Karim Hijazi Unveillance Email [mailto:khijazi@unveillance.com] Sent: Wednesday, February 02, 2011 1:20 PM To: John C. Yates Cc: Jeff Gray; Daniel E. Sineway; Linda W. Brown Subject: Re: Unveillance / MMM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John, Great seeing you the other day and I am glad we are moving along nicely. Great breakdown of the action items ahead below and Jeff and I have been navigating these issues. I have just finished settling our outstanding invoices with the lovely Linda Brown. Have a safe trip and I look forward to catching up when you get back from India. Take care, Karim On 2/2/2011 11:10 AM, John C. Yates wrote: > Karim and Jeff -- > > Good to meet with you on Monday afternoon. As a follow up, I've included several action items below: > > 1. Product Development Chronology - Karim will work on preparing a product development chronology with regard to the various components of the company's product offerings. As discussed, it will be important to verify that the technology is owned by the company. If required, we can discuss appropriate assignments of intellectual copyrights and other steps to address any issues. > > 2. Stock/Equity Ownership - You will also be putting together a capitalization table setting forth the stock/equity owned by the various persons at three points in time --current ownership; proposed ownership immediately prior to the next financing; and ownership following a financing. We will then review this information and determine appropriate documents to be prepared relating to ownership of equity in the company. > > 3. Patents/IP - Daniel Sineway in the MMM IP/Patent Group will contact Karim to find a time that you and Jerry can meet with Daniel to discuss IP and patent matters. As discussed, it may be valuable for you to file provisional patent applications with regard to your technology and the direction of the industry. > > 4. VP Sales Candidates - I've attached resumes of several possible candidates for this position. When I return from India (Feb. 11) I'd be happy to discuss them with you. > > 5. Possible Acquisition - We understand you will be working on a draft term sheet with regard to the possible acquisition of technology from the company controlled by Mr. Davis. Please let us know how we can be of assistance. We'll be happy to review the term sheet at your direction. > > 6. Venture Conference - Also, MMM is sponsoring a VC Breakfast on March 3rd and inviting clients to make a three minute "speed pitch" presentation to dozens of VCs. Would you like to be a presenting company and make a "speed pitch"? I'll send you an email invite and hope you can participate. > > Karim, we appreciate you handling payment of the outstanding invoices. I'm copying Linda Brown in the MMM Accounting Dept. who can work with you to coordinate payment. We can then move forward with matters set forth above. > > Look forward to working with you and being a part of your ongoing success! > > Thanks, > John > > John C. Yates > Partner > Morris, Manning & Martin, LLP > 1600 Atlanta Financial Center > 3343 Peachtree Road, NE > Atlanta, Georgia 30326 > Direct: 404.504.5444 > Fax: 404.365.9532 > jyates@mmmlaw.com > Blog: www.mmmtechlaw.com > > For information on Morris, Manning & Martin, LLP, please visit www.mmmlaw.com, www.mmmtechlaw.com or http://twitter.com/mmm_law. > > This e-mail message and its attachments are for the sole use of the designated recipient(s). They may contain confidential information, legally privileged information or other information subject to legal restrictions. If you are not a designated recipient of this message, please do not read, copy, use or disclose this message or its attachments, notify the sender by replying to this message and delete or destroy all copies of this message and attachments in all media. Thank you. > > TREASURY DEPARTMENT CIRCULAR 230 DISCLOSURE: To ensure compliance with requirements imposed by the Treasury Department, we inform you that any U.S. federal tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. > > > -----Original Message----- > From: Karim Hijazi Unveillance Email [mailto:khijazi@unveillance.com] > Sent: Saturday, January 29, 2011 3:44 AM > To: John C. Yates > Subject: Unveillance Perspective on the Egyptian Crisis > > > http://www.unveillance.com/latest-news/malware-activity-from-the-country-of- egypt/ > - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNSaBcAAoJEIk0Dw4U/G3lL/wIAJNnKes9Ysvf+sHZmiqSlwCP tbcF6NNz6b3EtPMeIF9Rc8+xcFYZE7yJtRYVhMty/O+FWRuUvuO3cUyfFosqQsJm 9kKZSuQo/vejurwOjF/MWpt/ShAnI/ZfiyfEPWMt5IsoaFRlxRh3k7kIa9V9vVgk W+fKb5LkdSGf62pbMkTqZq0L9bUUtkOxuwgHlMaxNpfao3AqEJAwI4WkubT/Rdts mMlpZcdgmBIJBclV1CTyLLxNjrVH6uO76JIvKQYGpGp0Qj7ZAFBCOo8s0xlcL6rH LnVFOKP3teKu4ZqoNp+P653kHXcZN6T4HBiawm96lqkkcZqPR2ufwjaJCKa2L9k= =JxbI -----END PGP SIGNATURE----- From - Sat May 21 19:25:28 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.75.203 with SMTP id z11cs359257faj; Tue, 15 Feb 2011 11:56:44 -0800 (PST) Received: by 10.236.109.131 with SMTP id s3mr4267234yhg.92.1297799753721; Tue, 15 Feb 2011 11:55:53 -0800 (PST) Return-Path: Received: from atl-exch01.internal.earthlink.net (eef01-eef02-nsrp.ga-atlanta0.ne.earthlink.net [207.69.174.4]) by mx.google.com with ESMTPS id g14si8221075yhd.94.2011.02.15.11.55.48 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 Feb 2011 11:55:48 -0800 (PST) Received-SPF: neutral (google.com: 207.69.174.4 is neither permitted nor denied by best guess record for domain of chronispe@corp.earthlink.com) client-ip=207.69.174.4; Authentication-Results: mx.google.com; spf=neutral (google.com: 207.69.174.4 is neither permitted nor denied by best guess record for domain of chronispe@corp.earthlink.com) smtp.mail=chronispe@corp.earthlink.com Received: from atl-exch07.internal.earthlink.net ([10.10.62.43]) by atl-exch01.internal.earthlink.net ([10.10.251.11]) with mapi; Tue, 15 Feb 2011 14:55:48 -0500 From: Peter Chronis To: Karim Hijazi Date: Tue, 15 Feb 2011 14:55:46 -0500 Subject: RE: Praetorian API updated use cases Thread-Topic: Praetorian API updated use cases Thread-Index: AcvNQDwz+z+JcBoHRaGZQ5ldkAOPFgACTXre Message-ID: <2ED4195B883A1149B9F7AA6BBB8313F616C3BF1933@atl-exch07.internal.earthlink.net> References: <2ED4195B883A1149B9F7AA6BBB8313F616C471E9FB@atl-exch07.internal.earthlink.net> <4D545D32.1060101@unveillance.com> <2ED4195B883A1149B9F7AA6BBB8313F616C47EE800@atl-exch07.internal.earthlink.net> <2ED4195B883A1149B9F7AA6BBB8313F616C3BF192E@atl-exch07.internal.earthlink.net> <409648614020801776@unknownmsgid> <2ED4195B883A1149B9F7AA6BBB8313F616C3BF1930@atl-exch07.internal.earthlink.net>,<4569457721957934101@unknownmsgid> In-Reply-To: <4569457721957934101@unknownmsgid> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Really, this is a working prototype to establish whether or not the Unveill= ance APIs will give us enough data to develop the dynamic ACL product we ar= e testing. So, without the ability to understand what how Unveillance data= will help us eliminate threats from our our "heaviest hitters" its difficu= lt for me to go back to my product team an pitch the agreement we discussed= . We can limit our inquiries to 1,000 unique queries a day if you think th= at will help turn down the fire hose, but, we need access to off network da= ta for us to go back to our product team with any credibility. Let me know your thoughts. Thanks, Pete ________________________________________ From: Karim Hijazi [khijazi@unveillance.com] Sent: Tuesday, February 15, 2011 1:43 PM To: Peter Chronis Subject: Re: Praetorian API updated use cases Pete, Help me out here: you are still asking for unfettered access to the whole data set. That is fire hose. Further, from an experimental standpoint, I am having a hard time understanding how your data set is not enough to get a good feel for a production version. I truly want a relationship with EarthLink but I need to have a reasonable contribution to the experiment with some sense of return. I hope you understand. -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** On Feb 15, 2011, at 1:22 PM, Peter Chronis w= rote: > As we discussed, the trial we are planning to use this API primarily to d= evelop custom ACLs of IPs that are hitting our network not, on our network.= Our belief is that signature based detection along with reputation based = blocking will give us a very strong defense. If we can't access data on AP= Is off our network, there is no use for the trial. I thought this we talke= d about this in depth and a little surprised this is not clear. > > I have removed others from the distro, so as not to cause any confusion. = As we discussed, we'll only search IPs that we believe are attacking our n= etwork. Once the trial is over, and our analysis is complete, we'll remove= all of your proprietary data. > > If you are ok with this, then let's move forward with the trial. If not,= I think this would be a good time to part ways. I don't believe how we pl= an to use your data is the fire hose you are concerned about, but, don't wa= nt to trivialize your concerns. > > Normally, I would pick up the phone and call, but, am under strict "order= s" not to work of no work calls while on vacation. If you agree, feel free= to drop me a line. > > Thanks, > > Pete > > > ________________________________________ > From: Karim Hijazi [khijazi@unveillance.com] > Sent: Tuesday, February 15, 2011 12:49 PM > To: Peter Chronis > Cc: J. Tubbs; David Holmes; Jay Denney > Subject: Re: Praetorian API updated use cases > > Sorry replying by phone. Please note that NO ONE currently has > fire-hose access in any capacity. What are your thoughts? > > -- > All the best, > > Karim Hijazi > CEO | President > Unveillance > O. (800) 540-8478 > M. (561) 542-5704 > www.unveillance.com > khijazi@unveillance.com > > ******************************************** > CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named > person's use only. The information contained in this communication is > confidential and/or privileged, proprietary information that is > transmitted solely for the purpose of the intended recipient(s). No > confidentiality or privilege is waived or lost by any > mistransmission. If you receive this message in error, please > immediately delete it and all copies of it from your system, destroy > any hard copies of it and notify the sender. You must not, directly or > indirectly, use, disclose, distribute, print, or copy any part of this > message if you are not the intended recipient. The sender or any of > its subsidiaries each reserve the right to monitor all e-mail > communications through its networks. > ******************************************** > > On Feb 15, 2011, at 12:38 PM, Peter Chronis > wrote: > >> I did a quick scan and don't see an API for IPs that are not on our netw= ork. We'll be primarily querying against IPs that are not on our network o= r affiliated with our organization. Is there an existing API call already = established for those types of queries? >> >> Please clarify. >> >> Thanks, >> >> Pete >> >> >> ________________________________________ >> From: J. Tubbs [jtubbs@unveillance.com] >> Sent: Monday, February 14, 2011 5:38 PM >> To: David Holmes; Jay Denney >> Cc: Karim Hijazi; Peter Chronis >> Subject: Praetorian API updated use cases >> >> David/Jay, >> Hope this email finds you doing well. Enjoyed our quick conversation la= st week. >> >> I wanted to give you guys a quick update on some minor changes to the AP= I versus the document sent out a few weeks ago. Below I have created a sce= nario of how I suggest interacting with the API for now. >> >> You will also be soon receiving emails to both of your respective addres= ses inviting you to complete your registration for using the Praetorian pla= tform. Your user can be used for both accessing the Praetorian UI and for = the API. >> >> If you gentlemen have any questions/comments, etc... please do not hesit= ate to contact me. >> >> ------------ >> >> The authentication credentials and handshaking is the same as described = in the Doc. Essentially all calls should be POSTs. >> >> I wrote some straight-forward little PHP scripts using the cURL extensio= n to test the calls where all that would need to be updated are the restful= urls, user, and password. >> >> Example PHP: >> #!/usr/bin/php >> > $url_template =3D "http://api.unveillance.com/organization/summary/recen= t_activity/%d/data.json"; >> >> >> if($argv[1] >=3D 0) { >> $url =3D sprintf($url_template, $argv[1]); >> echo "RESTful URL:\n" . $url . "\n\n"; >> >> $ch =3D curl_init(); >> curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); >> curl_setopt($ch, CURLOPT_URL, $url); >> curl_setopt($ch, CURLOPT_POST, 1); >> curl_setopt($ch, CURLOPT_USERPWD, "user:pass"); >> $result =3D curl_exec($ch); >> curl_close($ch); >> echo "Raw JSON:\n" . $result . "\n\n"; >> $json_decoded =3D json_decode(trim($result)); >> print_r($json_decoded); >> } >> ?> >> >> Org Map: >> First call, querying Organizational Map for access to all of your data p= oints. In your case you have the Earthlink subscriber network and the Eart= hlink Corporate network which is divided between the Atlanta and Pasadena o= ffices. >> >> RESTful URL: >> http://api.unveillance.com/organization/map/suborgs/0/data.json >> >> Raw JSON (formatted): >> [ >> { >> "id":"9314", >> "name":"EL-NETWORK", >> "depth":0, >> "1":{ >> "id":"9266", >> "name":"EL-NETWORK-CORP", >> "depth":1, >> "2":{ >> "id":"9267", >> "name":"EL-NETWORK-CORP-ATLANTA", >> "depth":2 >> }, >> "3":{ >> "id":"9268", >> "name":"EL-NETWORK-CORP-PASADENA", >> "depth":2 >> } >> }, >> "4":{ >> "id":"9315", >> "name":"EL-NETWORK-NONCORP", >> "depth":1 >> } >> } >> ] >> >> >> Org. Network Map: >> An optional call to retrieve the network topology that we have mapped fo= r your Organization. (Not always an instant return as this may take a littl= e while to build out the network topology, especially in case of sub-organi= zations) >> >> You will notice a parameter after the /network/ call that defaults to ze= ro. This value is the organization id. Within the org map return above yo= u can see each organizational bucket has it's own ID. This way you can cal= l Earthlink Corp. data versus Earthlink subscriber networks. If you leave = it a zero it will simply call all available network mappings including sub-= orgs since the organizational model is hierarchical top-to-bottom. >> >> RESTful URL: >> http://api.unveillance.com/organization/map/network/0/data.json >> >> Raw JSON (formatted and clipped for size restraints, your network is obv= iously larger than this): >> { >> "69292032":{ >> "cidr":"N\/A", >> "ipv4_start":"4.33.80.0", >> "ipv4_end":"4.33.84.255", >> "ipv4_aton_start":"69292032", >> "ipv4_aton_end":"69293311", >> "asname":"EARTHLINK", >> "org_name":"EL-NETWORK-NONCORP" >> }, >> "69293312":{ >> "cidr":"N\/A", >> "ipv4_start":"4.33.85.0", >> "ipv4_end":"4.33.87.255", >> "ipv4_aton_start":"69293312", >> "ipv4_aton_end":"69294079", >> "asname":"EARTHLINK", >> "org_name":"EL-NETWORK-NONCORP" >> }, >> "69317632":{ >> "cidr":"4.33.180.0\/24", >> "ipv4_start":"4.33.180.0", >> "ipv4_end":"4.33.180.255", >> "ipv4_aton_start":"69317632", >> "ipv4_aton_end":"69317887", >> "asname":"EARTHLINK", >> "org_name":"EL-NETWORK-NONCORP" >> }, >> "69317888":{ >> "cidr":"4.33.181.0\/24", >> "ipv4_start":"4.33.181.0", >> "ipv4_end":"4.33.181.255", >> "ipv4_aton_start":"69317888", >> "ipv4_aton_end":"69318143", >> "asname":"EARTHLINK", >> "org_name":"EL-NETWORK-NONCORP" >> }, >> "69318144":{ >> "cidr":"4.33.182.0\/24", >> "ipv4_start":"4.33.182.0", >> "ipv4_end":"4.33.182.255", >> "ipv4_aton_start":"69318144", >> "ipv4_aton_end":"69318399", >> "asname":"EARTHLINK", >> "org_name":"EL-NETWORK-NONCORP" >> } >> } >> >> Recent Activity: >> Returns the your Organizational Assets based on the time of their last u= pdate in reverse chronological order. Returns a limit of 100. This value = is presently static, but if you guys want it increased or more dynamic, ple= ase let me know. (Just like the network map return, I clipped a lot of the= results as the first several give you the idea). >> >> You will notice a parameter after the /recent_activity/ call that defaul= ts to zero. This value is the organization id. Identical use as described= in the network map return above, but in this case instead of network topol= ogy coming back you will receive the appropriate assets. >> >> RESTful URL: >> http://api.unveillance.com/organization/summary/recent_activity/0/data.j= son >> >> Raw JSON (formatted): >> [ >> { >> "ip":"66.245.131.225", >> "ipv4_aton":"1123386337", >> "initial_detection_date_utime":"1293980304", >> "initial_detection_date_formatted":"Sun., Jan. 02, 2011 14:58:24 UTC= ", >> "recent_activity_date_utime":"1297720800", >> "recent_activity_date_formatted":"Mon., Feb. 14, 2011 22:00:00 UTC", >> "threat_score":"13680", >> "initial_threat_type_id":"179", >> "initial_threat_type_name":"Unclassified Drone", >> "initial_threat_type_direction":"3", >> "initial_threat_type_update_cycle":"1", >> "latest_threat_type_id":"179", >> "latest_threat_type_name":"Unclassified Drone", >> "latest_threat_type_direction":"3", >> "latest_threat_type_update_cycle":"1" >> }, >> { >> "ip":"216.175.109.251", >> "ipv4_aton":"3635375611", >> "initial_detection_date_utime":"1296239364", >> "initial_detection_date_formatted":"Fri., Jan. 28, 2011 18:29:24 UTC= ", >> "recent_activity_date_utime":"1297720795", >> "recent_activity_date_formatted":"Mon., Feb. 14, 2011 21:59:55 UTC", >> "threat_score":"34", >> "initial_threat_type_id":"215", >> "initial_threat_type_name":"P2P Limewire (10040-1)", >> "initial_threat_type_direction":"3", >> "initial_threat_type_update_cycle":"1", >> "latest_threat_type_id":"215", >> "latest_threat_type_name":"P2P Limewire (10040-1)", >> "latest_threat_type_direction":"3", >> "latest_threat_type_update_cycle":"1" >> }, >> { >> "ip":"24.238.146.66", >> "ipv4_aton":"418288194", >> "initial_detection_date_utime":"1290452328", >> "initial_detection_date_formatted":"Mon., Nov. 22, 2010 18:58:48 UTC= ", >> "recent_activity_date_utime":"1297720792", >> "recent_activity_date_formatted":"Mon., Feb. 14, 2011 21:59:52 UTC", >> "threat_score":"25797", >> "initial_threat_type_id":"169", >> "initial_threat_type_name":"Mariposa.A (10000-1)", >> "initial_threat_type_direction":"3", >> "initial_threat_type_update_cycle":"1", >> "latest_threat_type_id":"169", >> "latest_threat_type_name":"Mariposa.A (10000-1)", >> "latest_threat_type_direction":"3", >> "latest_threat_type_update_cycle":"1" >> } >> ] >> >> Basic Asset query: >> Querying the minimal amount per a specific Asset will return you only st= ateful data and saved data about that given Asset with no running Event Dat= a. >> >> The required parameter is a 32-bit integer representation of a given IPv= 4 address. It is to be passed following the /get/ call. The asset id or i= pv4_aton is available within the recent_activity return under the ipv4_aton= key. >> >> RESTful URL: >> http://api.unveillance.com/organization/asset/get/1123386337/1/data.json >> >> Raw JSON (formatted): >> { >> "ip":"66.245.131.225", >> "ipv4_aton":"1123386337", >> "recent_activity_date_utime":"1297720800", >> "recent_activity_date_formatted":"Mon., Feb. 14, 2011 22:00:00 UTC", >> "initial_detection_date_utime":"1293980304", >> "initial_detection_date_formatted":"Sun., Jan. 02, 2011 14:58:24 UTC", >> "threat_score":"13680", >> "initial_threat_type_id":"179", >> "initial_threat_type_name":"Unclassified Drone", >> "recent_type_type_id":"179", >> "recent_type_type_name":"Unclassified Drone" >> } >> >> Event Data Asset query: >> Identical in use as the Basic Asset query, but this returns Asset Detail= s along with the last Event Data associated with the Asset. >> >> RESTful URL: >> http://api.unveillance.com/organization/asset/get_events/1123386337/1/da= ta.json >> >> Raw JSON (formatted): >> { >> "ip":"66.245.131.225", >> "ipv4_aton":"1123386337", >> "recent_activity_date_utime":"1297720800", >> "recent_activity_date_formatted":"Mon., Feb. 14, 2011 22:00:00 UTC", >> "initial_detection_date_utime":"1293980304", >> "initial_detection_date_formatted":"Sun., Jan. 02, 2011 14:58:24 UTC", >> "threat_score":"13680", >> "initial_threat_type_id":"179", >> "initial_threat_type_name":"Unclassified Drone", >> "recent_type_type_id":"179", >> "recent_type_type_name":"Unclassified Drone", >> "recent_events":[ >> { >> "utime":"1297720800", >> "date":"Mon., Feb. 14, 2011 22:00:00 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> }, >> { >> "utime":"1297717199", >> "date":"Mon., Feb. 14, 2011 20:59:59 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> }, >> { >> "utime":"1297717199", >> "date":"Mon., Feb. 14, 2011 20:59:59 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> }, >> { >> "utime":"1297713599", >> "date":"Mon., Feb. 14, 2011 19:59:59 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> }, >> { >> "utime":"1297709999", >> "date":"Mon., Feb. 14, 2011 18:59:59 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> }, >> { >> "utime":"1297705212", >> "date":"Mon., Feb. 14, 2011 17:40:12 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> }, >> { >> "utime":"1297701612", >> "date":"Mon., Feb. 14, 2011 16:40:12 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> }, >> { >> "utime":"1297698012", >> "date":"Mon., Feb. 14, 2011 15:40:12 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> }, >> { >> "utime":"1297694412", >> "date":"Mon., Feb. 14, 2011 14:40:12 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> }, >> { >> "utime":"1297690811", >> "date":"Mon., Feb. 14, 2011 13:40:11 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1" >> } >> ] >> } >> >> Event Data Details Asset query: >> Identical in use as the Event Data Asset query, but additional Event Det= ails are returned per event if available. >> >> RESTful URL: >> http://api.unveillance.com/organization/asset/get_event_details/11233863= 37/1/data.json >> >> Raw JSON (formatted): >> { >> "ip":"66.245.131.225", >> "ipv4_aton":"1123386337", >> "recent_activity_date_utime":"1297720800", >> "recent_activity_date_formatted":"Mon., Feb. 14, 2011 22:00:00 UTC", >> "initial_detection_date_utime":"1293980304", >> "initial_detection_date_formatted":"Sun., Jan. 02, 2011 14:58:24 UTC", >> "threat_score":"13680", >> "initial_threat_type_id":"179", >> "initial_threat_type_name":"Unclassified Drone", >> "recent_type_type_id":"179", >> "recent_type_type_name":"Unclassified Drone", >> "recent_events":[ >> { >> "utime":"1297720800", >> "date":"Mon., Feb. 14, 2011 22:00:00 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 22:00:00 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> }, >> { >> "utime":"1297717199", >> "date":"Mon., Feb. 14, 2011 20:59:59 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 20:59:59 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> }, >> { >> "utime":"1297717199", >> "date":"Mon., Feb. 14, 2011 20:59:59 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 20:59:59 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> }, >> { >> "utime":"1297713599", >> "date":"Mon., Feb. 14, 2011 19:59:59 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 19:59:59 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> }, >> { >> "utime":"1297709999", >> "date":"Mon., Feb. 14, 2011 18:59:59 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 18:59:59 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> }, >> { >> "utime":"1297705212", >> "date":"Mon., Feb. 14, 2011 17:40:12 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 17:40:12 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> }, >> { >> "utime":"1297701612", >> "date":"Mon., Feb. 14, 2011 16:40:12 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 16:40:12 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> }, >> { >> "utime":"1297698012", >> "date":"Mon., Feb. 14, 2011 15:40:12 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 15:40:12 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> }, >> { >> "utime":"1297694412", >> "date":"Mon., Feb. 14, 2011 14:40:12 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 14:40:12 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> }, >> { >> "utime":"1297690811", >> "date":"Mon., Feb. 14, 2011 13:40:11 UTC", >> "threat_type_id":"179", >> "threat_type_name":"Unclassified Drone", >> "threat_type_direction":"3", >> "threat_type_update_cycle":"1", >> "details":[ >> { >> "timestamp":"Mon., Feb. 14, 2011 13:40:11 UTC", >> "src ip":"66.245.131.225", >> "src port":"", >> "dst host":"", >> "dst port":"3070", >> "protocol":"tcp", >> "info":"Backdoor zz7.no-ip.info md5:= 50DC363BA54BB1A1C05F6240B0A946F2" >> } >> ] >> } >> ] >> } >> >> J. Tubbs >> CTO >> Unveillance, LLC >> O. (404) 482-3557 >> www.unveillance.com >> jtubbs@unveillance.com >> >> ******************************************** >> CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named >> person's use only. The information contained in this communication is >> confidential and/or privileged, proprietary information that is >> transmitted solely for the purpose of the intended recipient(s). No >> confidentiality or privilege is waived or lost by any mistransmission. >> If you receive this message in error, please immediately delete it and >> all copies of it from your system, destroy any hard copies of it and >> notify the sender. You must not, directly or indirectly, use, disclose, >> distribute, print, or copy any part of this message if you are not the >> intended recipient. The sender or any of its subsidiaries each reserve >> the right to monitor all e-mail communications through its networks. >> ******************************************** From - Sat May 21 19:25:28 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.75.203 with SMTP id z11cs360056faj; Tue, 15 Feb 2011 12:15:46 -0800 (PST) Received: by 10.236.109.166 with SMTP id s26mr4330312yhg.76.1297800944947; Tue, 15 Feb 2011 12:15:44 -0800 (PST) Return-Path: Received: from mail-yx0-f173.google.com (mail-yx0-f173.google.com [209.85.213.173]) by mx.google.com with ESMTPS id m2si8273162yha.40.2011.02.15.12.15.44 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 Feb 2011 12:15:44 -0800 (PST) Received-SPF: neutral (google.com: 209.85.213.173 is neither permitted nor denied by best guess record for domain of bcollins@unveillance.com) client-ip=209.85.213.173; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.213.173 is neither permitted nor denied by best guess record for domain of bcollins@unveillance.com) smtp.mail=bcollins@unveillance.com Received: by yxl31 with SMTP id 31so308710yxl.4 for ; Tue, 15 Feb 2011 12:15:44 -0800 (PST) Received: by 10.101.166.18 with SMTP id t18mr1856009ano.127.1297800943121; Tue, 15 Feb 2011 12:15:43 -0800 (PST) Return-Path: Received: from Brandy-Collinss-MacBook-Air.local (cpe-174-107-195-055.sc.res.rr.com [174.107.195.55]) by mx.google.com with ESMTPS id x31sm5409045ana.9.2011.02.15.12.15.41 (version=SSLv3 cipher=OTHER); Tue, 15 Feb 2011 12:15:42 -0800 (PST) Message-ID: <4D5ADEED.3010107@unveillance.com> Date: Tue, 15 Feb 2011 15:15:41 -0500 From: Brandy Collins Unveillance Email Reply-To: bcollins@unveillance.com Organization: Unveillance, LLC User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: john@peateventures.com CC: karim Hijazi Subject: Unveillance Overview Content-Type: multipart/alternative; boundary="------------020801020609050206080809" This is a multi-part message in MIME format. --------------020801020609050206080809 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit * * Unveillance has developed the first Software-as-a-Service (SaaS) Data Leak Intelligence Platform.Leveraging completely passive monitoring, without the use of and on premises hardware, software or agent install, our platform is able to assess whether an organization, country and/or government's network is actively compromised by advanced persistent threats (APT) and thus participating in a botnet infrastructure at a 100% zero false positive rate.The intelligence platform is able to provide metrics on severity, frequency and scope of infection as well as display successful remediation efforts via a unique rating system called the DLI (Data Leak Intelligence ) Score. -- All the best, Brandy Collins Director of Operations Unveillance, LLC O. (800) 540-8478 M. (310) 854-9499 www.unveillance.com bcollins@unveillance.com ******************************************** CONFIDENTIAL& PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** --------------020801020609050206080809 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit

Unveillance has developed the first Software-as-a-Service (SaaS) Data Leak Intelligence Platform. Leveraging completely passive monitoring, without the use of and on premises hardware, software or agent install, our platform is able to assess whether an organization, country and/or government's network is actively compromised by advanced persistent threats (APT) and thus participating in a botnet infrastructure at a 100% zero false positive rate. The intelligence platform is able to provide metrics on severity, frequency and scope of infection as well as display successful remediation efforts via a unique rating system called the DLI (Data Leak Intelligence ) Score.

-- All the best, Brandy Collins Director of Operations Unveillance, LLC O. (800) 540-8478 M. (310) 854-9499 www.unveillance.com bcollins@unveillance.com ******************************************** CONFIDENTIAL& PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ********************************************
--------------020801020609050206080809--