From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs248826qah; Thu, 12 May 2011 13:41:59 -0700 (PDT) Received: by 10.236.185.230 with SMTP id u66mr693334yhm.504.1305232919443; Thu, 12 May 2011 13:41:59 -0700 (PDT) Return-Path: Received: from mx.echosign.com (mx.echosign.com [72.3.215.120]) by mx.google.com with ESMTP id o10si3846492yha.99.2011.05.12.13.41.59; Thu, 12 May 2011 13:41:59 -0700 (PDT) Received-SPF: pass (google.com: domain of echosign@echosign.com designates 72.3.215.120 as permitted sender) client-ip=72.3.215.120; Authentication-Results: mx.google.com; spf=pass (google.com: domain of echosign@echosign.com designates 72.3.215.120 as permitted sender) smtp.mail=echosign@echosign.com Received: from app6.echosign.com (localhost [127.0.0.1]) by mx.echosign.com (Postfix) with ESMTP id 36FED7F8FD for ; Thu, 12 May 2011 13:41:59 -0700 (PDT) Date: Thu, 12 May 2011 13:41:59 -0700 (PDT) From: EchoSign Reply-To: EchoSign To: Karim Hijazi Message-ID: <1139955001.968691305232919224.JavaMail.root@app6.echosign.com> Subject: Your EchoSign document Arbor Confidentiality Agreement 6-4-09 has been created MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_193342_2084849900.1305232919217" X-EchoSign-Bounce: 2L5ABW4NFX52WH X-EchoSign-Template: echosign:agreement/formCreation.vm:en_US:103366097 ------=_Part_193342_2084849900.1305232919217 Content-Type: multipart/related; boundary="----=_Part_193343_1729084848.1305232919217" ------=_Part_193343_1729084848.1305232919217 Content-Type: text/html;charset=UTF-8 Content-Transfer-Encoding: 7bit

Send. Sign. Done.
 

Your EchoSign document Arbor Confidentiality Agreement 6-4-09 has been created and added to your library!

You'll be able to reuse this document any time you need someone to sign this document.

Click here to send this document to someone for their signature.


To ensure that you continue receiving our emails, please add echosign@echosign.com to your address book or safe list.

------=_Part_193343_1729084848.1305232919217-- ------=_Part_193342_2084849900.1305232919217-- From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs243737qah; Thu, 12 May 2011 11:12:37 -0700 (PDT) Received: by 10.236.112.199 with SMTP id y47mr618665yhg.170.1305223957298; Thu, 12 May 2011 11:12:37 -0700 (PDT) Return-Path: Received: from mail-gw0-f45.google.com (mail-gw0-f45.google.com [74.125.83.45]) by mx.google.com with ESMTPS id n34si3559986yhi.100.2011.05.12.11.12.36 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 May 2011 11:12:36 -0700 (PDT) Received-SPF: neutral (google.com: 74.125.83.45 is neither permitted nor denied by best guess record for domain of mmolloy@unveillance.com) client-ip=74.125.83.45; Authentication-Results: mx.google.com; spf=neutral (google.com: 74.125.83.45 is neither permitted nor denied by best guess record for domain of mmolloy@unveillance.com) smtp.mail=mmolloy@unveillance.com Received: by gwb19 with SMTP id 19so741434gwb.4 for ; Thu, 12 May 2011 11:12:36 -0700 (PDT) Received: by 10.147.21.15 with SMTP id y15mr464297yai.2.1305223955893; Thu, 12 May 2011 11:12:35 -0700 (PDT) Return-Path: Received: from megas-macbook-pro.local (c-98-196-178-134.hsd1.tx.comcast.net [98.196.178.134]) by mx.google.com with ESMTPS id s7sm967974anl.3.2011.05.12.11.12.34 (version=SSLv3 cipher=OTHER); Thu, 12 May 2011 11:12:35 -0700 (PDT) Date: Thu, 12 May 2011 13:12:33 -0500 From: Meaghan Molloy Message-ID: <4DCC2311.8030709@unveillance.com> Subject: Return Receipt (displayed) - Fwd: RE: reg. unclassified drone from 170.252.160.1 To: Karim Hijazi Unveillance Email References: <4DCC1B5D.4010405@unveillance.com> MIME-Version: 1.0 Content-Type: multipart/report; report-type=disposition-notification; boundary="------------mdn050007050406030508050505" --------------mdn050007050406030508050505 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a Return Receipt for the mail that you sent to mmolloy@unveillance.com. Note: This Return Receipt only acknowledges that the message was displayed on the recipient's computer. There is no guarantee that the recipient has read or understood the message contents. --------------mdn050007050406030508050505 Content-Type: message/disposition-notification; name="MDNPart2.txt" Content-Disposition: inline Content-Transfer-Encoding: 7bit Reporting-UA: megas-macbook-pro.local; Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 Final-Recipient: rfc822;mmolloy@unveillance.com Original-Message-ID: <4DCC1B5D.4010405@unveillance.com> Disposition: manual-action/MDN-sent-manually; displayed --------------mdn050007050406030508050505 Content-Type: text/rfc822-headers; name="MDNPart3.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline Delivered-To: mmolloy@unveillance.com Received: by 10.231.61.212 with SMTP id u20cs161710ibh; Thu, 12 May 2011 10:39:43 -0700 (PDT) Received: by 10.150.117.18 with SMTP id p18mr523000ybc.448.1305221982427; Thu, 12 May 2011 10:39:42 -0700 (PDT) Return-Path: Received: from mail-gy0-f173.google.com (mail-gy0-f173.google.com [209.85.160.173]) by mx.google.com with ESMTPS id q35si4523864yba.20.2011.05.12.10.39.41 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 May 2011 10:39:41 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.160.173 is neither permitted nor denied by best guess record for domain of khijazi@unveillance.com) client-ip=209.85.160.173; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.160.173 is neither permitted nor denied by best guess record for domain of khijazi@unveillance.com) smtp.mail=khijazi@unveillance.com Received: by gyg4 with SMTP id 4so727689gyg.4 for ; Thu, 12 May 2011 10:39:40 -0700 (PDT) Received: by 10.100.18.28 with SMTP id 28mr299285anr.140.1305221980747; Thu, 12 May 2011 10:39:40 -0700 (PDT) Return-Path: Received: from [192.168.1.107] (c-76-31-218-178.hsd1.tx.comcast.net [76.31.218.178]) by mx.google.com with ESMTPS id q8sm942125ann.45.2011.05.12.10.39.40 (version=SSLv3 cipher=OTHER); Thu, 12 May 2011 10:39:40 -0700 (PDT) Message-ID: <4DCC1B5D.4010405@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Thu, 12 May 2011 12:39:41 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: Meaghan Molloy , Matt Thompson Subject: Fwd: RE: reg. unclassified drone from 170.252.160.1 X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit --------------mdn050007050406030508050505-- From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs244119qah; Thu, 12 May 2011 11:25:06 -0700 (PDT) Received: by 10.42.21.204 with SMTP id l12mr673903icb.341.1305224706360; Thu, 12 May 2011 11:25:06 -0700 (PDT) Return-Path: Received: from mailc-ad.linkedin.com (mailc-ad.linkedin.com [69.28.147.155]) by mx.google.com with ESMTP id g17si3534461ibb.32.2011.05.12.11.25.04; Thu, 12 May 2011 11:25:06 -0700 (PDT) Received-SPF: pass (google.com: domain of m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V@bounce.linkedin.com designates 69.28.147.155 as permitted sender) client-ip=69.28.147.155; Authentication-Results: mx.google.com; spf=pass (google.com: domain of m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V@bounce.linkedin.com designates 69.28.147.155 as permitted sender) smtp.mail=m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V@bounce.linkedin.com; dkim=pass header.i=@linkedin.com DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=prod; d=linkedin.com; h=DKIM-Signature:Sender:Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:X-LinkedIn-Template:X-LinkedIn-Class:X-LinkedIn-fbl; b=HKDOcKRh7sE906MKs0tFPND/2yEUdgYADfynfVN85LqFSpmSlpAtHEmejTEVLPZN NlloBwz/YEiSDOumQ5NP+XPaESKUYcn8O6ceX6xcFIvOF+yputEcYb6UQ/IjcpYV DKIM-Signature: v=1; a=rsa-sha1; d=linkedin.com; s=proddkim; c=relaxed/relaxed; q=dns/txt; i=@linkedin.com; t=1305224704; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=1J7ahylYGD+8i/CG/Eiv+caRevE=; b=cG+9Bdd1X5By9jmbpDhsS/5c64jTIzhVx3SA8OBscyuzgaes3IC+DY92ibILyFtL LXWrmNAdoW6vp5Jt68+slPC0L72GQvveYQH29DXzKlt+WRnFo5yNIf+Z7tDN7RCS; Sender: messages-noreply@bounce.linkedin.com Date: Thu, 12 May 2011 18:25:04 +0000 (UTC) From: CYBER SECURITY Forum Initiative - CSFI Group Members To: Karim Hijazi Message-ID: <1127220676.57293353.1305224704383.JavaMail.app@ela4-bed51.prod> Subject: [10] new discussions and [8] new comments on LinkedIn MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_57293352_1078775593.1305224704379" X-LinkedIn-Template: anet_digest_type X-LinkedIn-Class: GROUPDIGEST X-LinkedIn-fbl: m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V ------=_Part_57293352_1078775593.1305224704379 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit CYBER SECURITY Forum Initiative - CSFI Today's new discussions from CYBER SECURITY Forum Initiative - CSFI group members. Change the frequency of this digest: http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ahs/1836487/EMLt_anet_settings/ Send me an email for each new discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/snp/1836487/true/grp_email_subscribe_new_posts/ Active Discussion of the day * Felipe Martins started a discussion on a news article: Hacking & Security Complete Movie List (108) > Yeah, I've got one..I prefer the dedicated keybd..am using it as > hotspot..been playing around with wifi accessing my net and VoIP to > another net..then tunneling.. > > Thanks for the heads up on Google store ..will check it out...and stay > out of the Diamond Club in Hong Kong...they video.. View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/vai/1836487/48366635/member/EMLt_anet_act_disc/ * Richard de Silva started a discussion on a news article: Does Europe need an internet kill switch? (10) > In all honesty I had previously thought a very well researched and > carefully implemented internet kill switch may be a good thing in the US > in a doomsday scenario. However, after this bit of discussion and after > reading a few papers on the matter I believe I was wrong. A kill switch > really would not outweigh the negative effects and from a military > standpoint if an attack occured we'd have to fight through it not close > ourselves off. Closing ourselves off could cut needed connections to our > troops abroad and that simply isn't acceptable. View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/vai/1836487/51990373/member/EMLt_anet_act_disc/ * Anthony M. Freed started a discussion on a news article: Nine Deadly Cyberwarfare Sins (7) > With all due respect, I think all overestimate the difficulty for > causing death and disruption. I understand where you are coming from, > but there are other methods and targets not listed in those scenarios > discussed. That and coupled attacks can do significant and synergistic > damage as all know. A small example...years back I was flying out of > D.C. returning to London...the I.R.A. made some improvised mortars and > placed them outside of Heathrow Airport..some went off...some were > discovered in time. Regardless of the physical damage they caused the > synergistic effect was to close the busiest International Airport in the > world...and cause a snarl in all US/Europe Travel for two days or > more...additionally London became moribound with security alerts and > checkpoints...cab service..was spotty at best..the tubes got closed for > a while...people missed appointments and meetings...there were large > economic losses...news coverage was off the charts..and people > died...not from the improvised mortars...but from traffic fatalities and > missed organs being delivered for critical operations. Thats what a few > guys, no computer skill ,some household chemicals, metal and pipe did. I > shudder at what a group with Cyberskills could..especially with tacit > backing of even a small nation/state. View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/vai/1836487/53074010/member/EMLt_anet_act_disc/ New Discussions ({0}) * Niels Groeneveld Security Intelligence Report (SIR) vol.10 View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53818280/1836487/EMLt_anet_qa_ttle/ * Ivica Gjorgjievski What is the value of hacked computers / networks on black markets ? View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53754850/1836487/EMLt_anet_qa_ttle/ * Jeff Peri Facebook Patches Access Token Leak -- InformationWeek View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53735368/1836487/EMLt_anet_qa_ttle/ * Anthony M. Freed DoD to Carry Out Clandestine Operations in Cyberspace View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53732406/1836487/EMLt_anet_qa_ttle/ * Paul Piva Banking on .bank for Security View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53703303/1836487/EMLt_anet_qa_ttle/ * Douglas Lloyd European VC falls behind as other markets come to the fore View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53703164/1836487/EMLt_anet_qa_ttle/ * Matt Langan Massive Leak of Personal Information on Facebook View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53687582/1836487/EMLt_anet_qa_ttle/ * Paul Piva Another slap in the Facebook View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53685493/1836487/EMLt_anet_qa_ttle/ * Jeff Peri LastPass CEO reveals details on security breach | Security - CNET News View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53680390/1836487/EMLt_anet_qa_ttle/ * Tom Billington Cybersecurity Virtual Seminar with Dept. VA, NRC, UNISYS, NIST Speakers... View discussion » http://www.linkedin.com/e/pyok5x-gnm137gb-4o/ava/53678820/1836487/EMLt_anet_qa_ttle/ ------=_Part_57293352_1078775593.1305224704379 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Linkedin GroupsMay 12, 2011
CYBER SECURITY Forum Ini= tiative - CSFI

Latest: Discussions (10)

Still Active Discussions (3)

Hacking & Security Complete Movie List<= /strong> 5 new comments = »

Started by Felipe Martins

Yeah, I've got one..I prefer the dedicated keybd..am using it= as hotspot..been playing around with wifi accessing my net and VoIP to...<= br> More » By Stephen Scott Wright

Does Europe need an internet kill switch? 2 new comments = »

Started by Richard de Silva

In all honesty I had previously thought a very well researche= d and carefully implemented internet kill switch may be a good thing in the= ...
More » By Robert Lee

Nine Deadly Cyberwarfare Sins<= /td> 1 new comment &= raquo;

Started by Anthony M. Freed

With all due respect, I think all overestimate the difficulty= for causing death and disruption. I understand where you are coming from,.= ..
More » By Stephen Scott Wright

New Discussions (10)

Security Intelligence Report (SIR) vol.10
Comment or flag »

Started by Niels Groeneveld, Information Securit= y Engineer at AT&T

What is the value of hacked computers / networks on black = markets ?
1 comment »

Started by Ivica Gjorgjievski, Software Architec= t / Administrator / Developer

For example hacked computers / networks of individuals comp= anies government agencies=E2=80=A6 http://www.youtube.com/igprogram
By Ivica Gjorgjievski, Software Architect / Administrator / De= veloper

Facebook Patches Access Token Leak -- InformationWeek
Comment or flag »

Started by Jeff Peri, Strategic Growth Consultan= t

DoD to Carry Out Clandestine Operations in Cyberspace
Comment or flag »

Started by Anthony M. Freed, Managing Editor, Di= rector of Business Development at InfosecIsland.com

"There is a lack of historical precedent for what constitut= es traditional military activities in cyberspace... Section (962) would...<= br> More » By Anthony M. Freed, Managing Editor, Director of Business Dev= elopment at InfosecIsland.com

Banking on .bank for Security
Comment or flag »

Started by Paul Piva, Senior Network, Systems an= d Security Administrator

(optional)
By Paul Piva, Senior Network, Systems and Security Administrat= or

European VC falls behind as other markets come to the fore=
Comment or flag »

Started by Douglas Lloyd, Founder & CEO, Cle= an Energy pipeline, Global Security pipeline, VB/Research

$64.6 million was invested in 12 European companies during = 1Q11, marginally up 2% on the $63.2 million last quarter. However, compared= to...
More » By Douglas Lloyd, Founder & CEO, Clean Energy pipeline, Gl= obal Security pipeline, VB/Research

Massive Leak of Personal Information on Facebook<= /a>
Comment or flag »

Started by Matt Langan, Founder at L&R Commu= nications

Another slap in the Facebook
Comment or flag »

Started by Paul Piva, Senior Network, Systems an= d Security Administrator

Symantec has discovered that third parties have accidently = had access to Facebook users=E2=80=99 accounts including profiles, photogra= phs, chat,...
More » By Paul Piva, Senior Network, Systems and Security Administrat= or

LastPass CEO reveals details on security breach | Security= - CNET News
Comment or flag »

Started by Jeff Peri, Strategic Growth Consultan= t

Cybersecurity Virtual Seminar with Dept. VA, NRC, UNISYS, = NIST Speakers...
Comment or flag »

Started by Tom Billington, Produces Executive Ed= ucation and Thought Leadership about Cybersecurity

Jerry Davis, Dep. Ass. Secretary, Info. Security, VA; Pat H= oward, CISO, NRC; Patti Titus, CISO, UNISYS; Ron Ross, Senior Computer... More » By Tom Billington, Produces Executive Education and Thought Le= adership about Cybersecurity

 

Don't want to r= eceive email notifications? Adjust your message settings= .

Stop inappropri= ate content the moment it is posted. Send me an ema= il for each new discussion »

LinkedIn values your privacy. = At no time has LinkedIn made your email address available to any other Link= edIn user without your permission. © 2011, LinkedIn Corporation.

 
------=_Part_57293352_1078775593.1305224704379-- From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.1.107] (c-76-31-218-178.hsd1.tx.comcast.net [76.31.218.178]) by mx.google.com with ESMTPS id d36sm1006071and.4.2011.05.12.12.12.22 (version=SSLv3 cipher=OTHER); Thu, 12 May 2011 12:12:23 -0700 (PDT) Message-ID: <4DCC3117.7020804@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Thu, 12 May 2011 14:12:23 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: adam.sindelar@accenture.com CC: jtubbs@unveillance.com, jaroslav.vorlicek@accenture.com, jason.lewkowicz@accenture.com, carlo.farinella@accenture.com, Meaghan Molloy , Matt Thompson Subject: Re: reg. unclassified drone from 170.252.160.1 References: <4F2F24C83AFEAE42B94895F1028061990125F20B0401@EMEXM3133.dir.svc.accenture.com> <3EE6B64B-BB37-44D8-B630-68CD3EF691EB@unveillance.com> <4F2F24C83AFEAE42B94895F1028061990125F2103BE1@EMEXM3133.dir.svc.accenture.com> In-Reply-To: <4F2F24C83AFEAE42B94895F1028061990125F2103BE1@EMEXM3133.dir.svc.accenture.com> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Adam, Thank you for your verification of the traffic. I understand your interest in using the destination information that we provided to block access to our sinkhole to "quiet" some of the nominal/innocuous issues that we are currently detecting. I can imagine this can cause you to spend cycles on already known issues. This however, would impact our ability to see truly malicious threats such as ZeuS, Artro and many others, as they too use port 80/tcp. Please note that we are very careful with handing out the destination ranges for the very reason above. We know that this information aids in the effort to locate the infected host(s), but can also blind us (the good guys) should you decide to use it to block access to our sinkhole. The unfortunate result of this is that malicious traffic will continue to egress your network to the bad guys unbeknownst to us and potentially you. Ultimately it is your choice but I recommend you do not block access. I have a suggestion: We have in our work flow (as discussed during our three month review) a plan to develop an ability for you as a legitimate user of the system, to "toggle" a view of a given IP that you have formerly identified. This way, issues that are still current, but not important, can be moved to another location in the dashboard potentially. This will result in leaving you with a view of the IPs that you consider most relevant but at the same time will keep a record of all traffic that beacons to to our sinkhole. This will provide you the ability to customize your view in such a way that you can prioritize issues/IPs accordingly. Let me know your thoughts on this plan. Thanks, Karim On 5/12/2011 11:08 AM, adam.sindelar@accenture.com wrote: > Hi Jerry, > > > > Thanks for the information. I have verified that the traffic you saw was > generated by our proxies’ automatic behavior and not by a computer in > our network. > > > > Since this is not the first time we have had this problem with our > proxies we are considering blocking access to the sinkhole from our > proxies only and only over port 80/tcp. I wonder if, in your opinion, > this would decrease your ability to detect real threats in our network, > or whether HTTP traffic is not currently an important indicator. (If you > were to later add a component to your sinkholes that does work with HTTP > traffic, we could always unblock.) > > > > Thank you and regards, > > Adam > > > > *Adam Sindelar* > > * * > > *ISIRT* > > *Information Technology Risk > Accenture * > > * * > > *Office: +420.225.07.7758* > > *OC: +420.910.90.1152* > > > > *adam.sindelar@accenture.com * > > * * > > *Prague, Czech Republic* > > > > > > *From:*J. Tubbs [mailto:jtubbs@unveillance.com] > *Sent:* Tuesday, May 10, 2011 10:05 AM > *To:* Sindelar, Adam > *Cc:* khijazi@unveillance.com; Vorlicek, Jaroslav; Lewkowicz, Jason > *Subject:* Re: reg. unclassified drone from 170.252.160.1 > > > > Mr. Sindelar, > > That is an event from theDefence Intelligence sinkhole environment that > we were not 100% sure about and are awaiting further details from the > Defintel folks. Thus, this is why we have it as an unclassified > drone/zombie and scored quite low. > > > > Since this is from the Defintel environment, the destination host would > be within 67.210.170.0/24. > > > > J. "oday" Tubbs > > CTO > Unveillance, LLC > www.unveillance.com > > _jtubbs@unveillance.com _ > > ******************************************** > CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named > person's use only. The information contained in this communication is > confidential and/or privileged, proprietary information that is > transmitted solely for the purpose of the intended recipient(s). No > confidentiality or privilege is waived or lost by any mistransmission. > If you receive this message in error, please immediately delete it and > all copies of it from your system, destroy any hard copies of it and > notify the sender. You must not, directly or indirectly, use, disclose, > distribute, print, or copy any part of this message if you are not the > intended recipient. The sender or any of its subsidiaries each reserve > the right to monitor all e-mail communications through its networks. > ******************************************** > > > > On May 10, 2011, at 3:57 AM, > wrote: > > > > Hi Jerry, > > > > This morning I noticed an Unclassified Drone incident on the portal, > raised for our IP 170.252.160.1. I can see that the communication > happened over port 80/tcp – do you think you could please also share the > destination IP range so that we can isolate the device making those > connections from inside the network? > > > > Thank you and regards, > > Adam > > > > *Adam Sindelar* > > * * > > *ISIRT* > > *Information Technology Risk > Accenture* > > * * > > *Office: +420.225.07.7758* > > *OC: +420.910.90.1152* > > > > *adam.sindelar@accenture.com * > > * * > > *Prague, Czech Republic* > > > > > > > > ------------------------------------------------------------------------ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise private information. If you have > received it in error, please notify the sender immediately and delete > the original. Any other use of the email by you is prohibited. > > > - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNzDEXAAoJEIk0Dw4U/G3lkbEH/iyPpv0EaJ7Gk+INnSXIeC8Q 9V9o3LGt1rLeo5obaH99iYy3fAwT4CMxdkUyupInlLfO7pEedURXO6V8wi/DbPhP SpovhJ94BdlLBlpY1oUAJDddZEIAVgHQkJn9sTTrj5LjinckpwfRN0O1EH5rZS1/ jd0fyc+imSEwAODBSYub6wp+pSw7r1pEbYVKHVMJ23AX+8LV2jUD/rJv0o8/vjBl H5b1qy9+8g5o79QfY2EeU54IoadcmdVMklSVmqqQDfbvynR1xYeF7bWrqTx+WKaK SqkSw+58ORxK/WtVgVRa/ehKdM/iDPuWudGd3R7GSoPqiJSoXMuQcAnFHR07MQ0= =+pmr -----END PGP SIGNATURE----- From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.1.107] (c-76-31-218-178.hsd1.tx.comcast.net [76.31.218.178]) by mx.google.com with ESMTPS id x32sm942433ana.38.2011.05.12.10.37.15 (version=SSLv3 cipher=OTHER); Thu, 12 May 2011 10:37:15 -0700 (PDT) Message-ID: <4DCC1ACC.8050805@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Thu, 12 May 2011 12:37:16 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: Pedro Bustamante Lopez-Chicheri Subject: Re: Panda Security info References: <1212856997273954502@unknownmsgid> <84ECAF53A2F0F045BD9B7FD0FC56A0BD1087E165@ESMADEXH02.MADRID.PANDASOFTWARE.LOCAL> In-Reply-To: <84ECAF53A2F0F045BD9B7FD0FC56A0BD1087E165@ESMADEXH02.MADRID.PANDASOFTWARE.LOCAL> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How about after 2:00PM CST on Monday? Thanks, Karim On 5/12/2011 12:35 PM, Pedro Bustamante Lopez-Chicheri wrote: > Looks very bad as I have to do some things on Friday. How about Monday afternoon? > > -----Mensaje original----- > De: Karim Hijazi [mailto:khijazi@unveillance.com] > Enviado el: miércoles, 11 de mayo de 2011 21:30 > Para: Pedro Bustamante Lopez-Chicheri > Asunto: Re: Panda Security info > > Pedro, > > What does your schedule look like this Friday for a demo? We only need > 45 minutes to an hour. Let me know my friend. > > -- > All the best, > > Karim Hijazi > CEO | President > Unveillance > O. (800) 540-8478 > M. (561) 542-5704 > www.unveillance.com > khijazi@unveillance.com > > ******************************************** > CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named > person's use only. The information contained in this communication is > confidential and/or privileged, proprietary information that is > transmitted solely for the purpose of the intended recipient(s). No > confidentiality or privilege is waived or lost by any > mistransmission. If you receive this message in error, please > immediately delete it and all copies of it from your system, destroy > any hard copies of it and notify the sender. You must not, directly or > indirectly, use, disclose, distribute, print, or copy any part of this > message if you are not the intended recipient. The sender or any of > its subsidiaries each reserve the right to monitor all e-mail > communications through its networks. > ******************************************** > > On May 10, 2011, at 3:36 PM, Pedro Bustamante Lopez-Chicheri > wrote: > >> Was a pleasure talking to you today Karim. >> >> As promised here's some info on the different topics that I originally >> put on the table for DefIntel and which I think can have a value in a >> mutual revenue generating cooperation. >> >> Malware feed >> We have receive about 150.000 new malware samples per day. Out of these >> approx 40% are malware and whatever we process from a signature >> perspective we can share this on a daily basis. In addition we can also >> share a few hundred malicious URLs per day. All we ask in return here is >> two-way sharing of samples from your collection as well. >> >> >> Specialized high-quality data feeds >> We have a highly specialized service which we sell to banks and >> financial institutions via MarkMonitor and RSA. It's called "Targeted >> Attack Alert Service" and it's basically a banking trojan reporting >> service. Every day we process malware which targets our customers and >> provide detailed reports on successful attacks which can (a) steal >> credentials from financial institutions-our system actually verifies >> this by a special sandbox which replicates users navigating through the >> target site and validates that credentials are being stolen-- and (b) >> have a unique, never seen before, drop-host where credentials are being >> uploaded to. The customers (and MarkMonitor and RSA) use these for >> shutdown and credential recovery efforts. On any given day we produce an >> average of at least 2 or 3 reports *per customer*. I'm attaching a few >> reports from yesterday but please keep these confidential within your >> team for research and evaluation purposes only as they belong to >> MarkMonitor. Pass "panda". >> <> >> >> Cleaning & Remediation >> For special cases we can provide a command-line engine which uses our >> cloud-based detection platform which can detect and clean malware. From >> a partner perspective only AV-Test, VirusTotal, Microsoft and >> AV-Comparatives have this scanner. I created a special build for >> DefIntel to use in their multi-scanner to process malware. I'm sure Matt >> probably still has it. This can be used for remediation at customer >> sites for disinfecting malware (given that previously the malware was >> sent to our lab and we created signatures for it). >> >> >> Packaged Commercial Offerings >> We have commercial offerings for corporate customers which are more in >> line with the traditional offerings from AV companies, from corporate >> anti-malware (AV+Firewall+HIPS) which is deployed and managed from a >> SaaS perspective (www.forgetsecurity.com) to the traditional gateway >> security products >> (http://www.pandasecurity.com/usa/enterprise/solutions/security-applianc >> es/). >> >> In addition we are finishing up a really innovative zero-day protection >> technology against pretty much all browser-based drive-by exploits. It's >> currently in internal beta. We have bets going that it will even stop >> the latest Chrome zero-day that the press is talking about today. The >> agent only consumes 8mb of working set memory and is completely >> non-intrusive. This can be very interesting for corporate or government >> customers. Our plan is to release this as a free tool without any >> support with the objective of gathering intel through mass distribution, >> but if you think there's business potential we can re-think this. >> >> From a commercial perspective what we would not be interested in is >> commercializing anything different than our own products through our >> commercial network. They are not very specialized and focus mostly on >> small and mid-sized business sales. In the past when we have tried this >> it has been very disruptive with the sales force as they do not >> understand what's involved in selling a more complex service or >> offering. >> >> >> Press related efforts >> We can dedicate some lab resources to reverse engineering and forensic >> analysis of efforts whose objective is botnet shutdown that will >> generate press interest and result in PR activities. Related to this, if >> you need anything from CDMON for sinkholing purposes let me know and I >> can get law enforcement in Spain to force them to do it. Alternatively >> if you have interest in talking to them about buying their dynamic IP >> business I can definitely do the intro or get the talks going as an >> intermediary. >> >> >> Please review the information and let's talk again once you've had time >> to digest it and think about possible angles for the cooperation. Of >> course if you have any questions or would like additional information on >> any topics let me know anytime. >> >> >> Regards, >> Pedro >> >> >> - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNzBrMAAoJEIk0Dw4U/G3l9ZkIALuE0WU448XGljSezDss5QIy HVkmL+nVdQO/55NTQg+jGwsl+EckX05kXNDwtWSy6CQcjXHSmYaqbve7qFTngoFD k2rVtCmjETOXR4odEorANTLJB/WBLRT8h+riKK1o9ATYMRFMRmsRBc3WilCPjpjX /ew8nxXlCFOTJYT6hkpAmetlSEM7XxcPgDGDRlkVi4h/bAFnRHnOcHWBAoBRNHxf /ASsp+TZv2i1jQzcDWjF1I90dE0+nxmDy4p7GVY4jbQ3JBOKUVhtWK0mPul7ayTE XCoy5Fc8aaAMgiPaz/MVV/b0T8413g4PKnlSbGNpJElah3xD0lQkHGB45GDVOWA= =1lMj -----END PGP SIGNATURE----- From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.1.107] (c-76-31-218-178.hsd1.tx.comcast.net [76.31.218.178]) by mx.google.com with ESMTPS id q8sm942125ann.45.2011.05.12.10.39.40 (version=SSLv3 cipher=OTHER); Thu, 12 May 2011 10:39:40 -0700 (PDT) Message-ID: <4DCC1B5D.4010405@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Thu, 12 May 2011 12:39:41 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: Meaghan Molloy , Matt Thompson Subject: Fwd: RE: reg. unclassified drone from 170.252.160.1 X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------- Original Message -------- Subject: RE: reg. unclassified drone from 170.252.160.1 Date: Thu, 12 May 2011 18:08:42 +0200 From: To: CC: , , , Hi Jerry, Thanks for the information. I have verified that the traffic you saw was generated by our proxies? automatic behavior and not by a computer in our network. Since this is not the first time we have had this problem with our proxies we are considering blocking access to the sinkhole from our proxies only and only over port 80/tcp. I wonder if, in your opinion, this would decrease your ability to detect real threats in our network, or whether HTTP traffic is not currently an important indicator. (If you were to later add a component to your sinkholes that does work with HTTP traffic, we could always unblock.) Thank you and regards, Adam *Adam Sindelar* * * *ISIRT* *Information Technology Risk Accenture * * * *Office: +420.225.07.7758* *OC: +420.910.90.1152* *adam.sindelar@accenture.com * * * *Prague, Czech Republic* *From:*J. Tubbs [mailto:jtubbs@unveillance.com] *Sent:* Tuesday, May 10, 2011 10:05 AM *To:* Sindelar, Adam *Cc:* khijazi@unveillance.com; Vorlicek, Jaroslav; Lewkowicz, Jason *Subject:* Re: reg. unclassified drone from 170.252.160.1 Mr. Sindelar, That is an event from theDefence Intelligence sinkhole environment that we were not 100% sure about and are awaiting further details from the Defintel folks. Thus, this is why we have it as an unclassified drone/zombie and scored quite low. Since this is from the Defintel environment, the destination host would be within 67.210.170.0/24. J. "oday" Tubbs CTO Unveillance, LLC www.unveillance.com _jtubbs@unveillance.com _ ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** On May 10, 2011, at 3:57 AM, > wrote: Hi Jerry, This morning I noticed an Unclassified Drone incident on the portal, raised for our IP 170.252.160.1. I can see that the communication happened over port 80/tcp ? do you think you could please also share the destination IP range so that we can isolate the device making those connections from inside the network? Thank you and regards, Adam *Adam Sindelar* * * *ISIRT* *Information Technology Risk Accenture* * * *Office: +420.225.07.7758* *OC: +420.910.90.1152* *adam.sindelar@accenture.com * * * *Prague, Czech Republic* - ------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNzBtcAAoJEIk0Dw4U/G3lmiUH/RmCUBHuV5FwNNqmcAv76QoJ scj0hIvkCXw8KiiQRfpEU9UQcZfaxEZl29AOViHt23pdNarPVmtj9Vx2/A9syc9v Wq1Tq8/oSrge76xmb2XKDf1U+2fpND45KGv8L2OBqQFxUH2EjY7A59y39M+2MD4o d06maOlDf/UNDhJzgOP4NNhfDcid7j8+h7MU1CkiXTG4a1K4ths1zYpCGmzH1xLT boG0tjbtEenhk9Fz2Cgkt7PFvde0gJDTt84quvBX9YCwHSNp0YAVz0vO1pOoHRNZ UZWtSur7+YJntJFbwvQvNwKBW5SyRDLmJxS2MbvVVE2tH+hSGdzdzMArgiFwOb0= =0rmy -----END PGP SIGNATURE----- From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs242575qah; Thu, 12 May 2011 10:39:51 -0700 (PDT) Received: by 10.14.125.4 with SMTP id y4mr286659eeh.109.1305221990859; Thu, 12 May 2011 10:39:50 -0700 (PDT) Return-Path: Received: from imc04.pandasoftware.com (imc04.pandasoftware.com [91.216.218.75]) by mx.google.com with ESMTP id x46si3072993eea.19.2011.05.12.10.39.50; Thu, 12 May 2011 10:39:50 -0700 (PDT) Received-SPF: pass (google.com: domain of pedro.bustamante@pandasecurity.com designates 91.216.218.75 as permitted sender) client-ip=91.216.218.75; Authentication-Results: mx.google.com; spf=pass (google.com: domain of pedro.bustamante@pandasecurity.com designates 91.216.218.75 as permitted sender) smtp.mail=pedro.bustamante@pandasecurity.com Received: from escorpexh06.pandasoftware.local (unknown [192.168.100.190]) by imc04.pandasoftware.com (Postfix) with ESMTP id 821B31A4115 for ; Thu, 12 May 2011 19:39:48 +0200 (CEST) Received: from ESCORPEXH04.pandasoftware.local ([172.16.0.71]) by escorpexh06.pandasoftware.local with Microsoft SMTPSVC(6.0.3790.3959); Thu, 12 May 2011 19:39:48 +0200 Received: from ESMADEXH02.MADRID.PANDASOFTWARE.LOCAL ([172.21.1.13]) by ESCORPEXH04.pandasoftware.local with Microsoft SMTPSVC(6.0.3790.3959); Thu, 12 May 2011 19:39:48 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Panda Security info Date: Thu, 12 May 2011 19:39:43 +0200 Message-ID: <84ECAF53A2F0F045BD9B7FD0FC56A0BD1087E169@ESMADEXH02.MADRID.PANDASOFTWARE.LOCAL> In-Reply-To: <4DCC1ACC.8050805@unveillance.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Panda Security info thread-index: AcwQyz7zcqXfrnGTSuKXqF1tDZtywwAAFLrg References: <1212856997273954502@unknownmsgid> <84ECAF53A2F0F045BD9B7FD0FC56A0BD1087E165@ESMADEXH02.MADRID.PANDASOFTWARE.LOCAL> <4DCC1ACC.8050805@unveillance.com> From: "Pedro Bustamante Lopez-Chicheri" To: X-OriginalArrivalTime: 12 May 2011 17:39:48.0319 (UTC) FILETIME=[96E976F0:01CC10CB] X-GateDefender-Antispam: valid (score=0) Sounds good! -----Mensaje original----- De: Karim Hijazi Unveillance Email [mailto:khijazi@unveillance.com]=20 Enviado el: jueves, 12 de mayo de 2011 10:37 Para: Pedro Bustamante Lopez-Chicheri Asunto: Re: Panda Security info -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How about after 2:00PM CST on Monday? Thanks, Karim On 5/12/2011 12:35 PM, Pedro Bustamante Lopez-Chicheri wrote: > Looks very bad as I have to do some things on Friday. How about Monday = afternoon? >=20 > -----Mensaje original----- > De: Karim Hijazi [mailto:khijazi@unveillance.com]=20 > Enviado el: mi=E9rcoles, 11 de mayo de 2011 21:30 > Para: Pedro Bustamante Lopez-Chicheri > Asunto: Re: Panda Security info >=20 > Pedro, >=20 > What does your schedule look like this Friday for a demo? We only need > 45 minutes to an hour. Let me know my friend. >=20 > -- > All the best, >=20 > Karim Hijazi > CEO | President > Unveillance > O. (800) 540-8478 > M. (561) 542-5704 > www.unveillance.com > khijazi@unveillance.com >=20 > ******************************************** > CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named > person's use only. The information contained in this communication is > confidential and/or privileged, proprietary information that is > transmitted solely for the purpose of the intended recipient(s). No > confidentiality or privilege is waived or lost by any > mistransmission. If you receive this message in error, please > immediately delete it and all copies of it from your system, destroy > any hard copies of it and notify the sender. You must not, directly or > indirectly, use, disclose, distribute, print, or copy any part of this > message if you are not the intended recipient. The sender or any of > its subsidiaries each reserve the right to monitor all e-mail > communications through its networks. > ******************************************** >=20 > On May 10, 2011, at 3:36 PM, Pedro Bustamante Lopez-Chicheri > wrote: >=20 >> Was a pleasure talking to you today Karim. >> >> As promised here's some info on the different topics that I = originally >> put on the table for DefIntel and which I think can have a value in a >> mutual revenue generating cooperation. >> >> Malware feed >> We have receive about 150.000 new malware samples per day. Out of = these >> approx 40% are malware and whatever we process from a signature >> perspective we can share this on a daily basis. In addition we can = also >> share a few hundred malicious URLs per day. All we ask in return here = is >> two-way sharing of samples from your collection as well. >> >> >> Specialized high-quality data feeds >> We have a highly specialized service which we sell to banks and >> financial institutions via MarkMonitor and RSA. It's called "Targeted >> Attack Alert Service" and it's basically a banking trojan reporting >> service. Every day we process malware which targets our customers and >> provide detailed reports on successful attacks which can (a) steal >> credentials from financial institutions-our system actually verifies >> this by a special sandbox which replicates users navigating through = the >> target site and validates that credentials are being stolen-- and (b) >> have a unique, never seen before, drop-host where credentials are = being >> uploaded to. The customers (and MarkMonitor and RSA) use these for >> shutdown and credential recovery efforts. On any given day we produce = an >> average of at least 2 or 3 reports *per customer*. I'm attaching a = few >> reports from yesterday but please keep these confidential within your >> team for research and evaluation purposes only as they belong to >> MarkMonitor. Pass "panda". >> <> >> >> Cleaning & Remediation >> For special cases we can provide a command-line engine which uses our >> cloud-based detection platform which can detect and clean malware. = From >> a partner perspective only AV-Test, VirusTotal, Microsoft and >> AV-Comparatives have this scanner. I created a special build for >> DefIntel to use in their multi-scanner to process malware. I'm sure = Matt >> probably still has it. This can be used for remediation at customer >> sites for disinfecting malware (given that previously the malware was >> sent to our lab and we created signatures for it). >> >> >> Packaged Commercial Offerings >> We have commercial offerings for corporate customers which are more = in >> line with the traditional offerings from AV companies, from corporate >> anti-malware (AV+Firewall+HIPS) which is deployed and managed from a >> SaaS perspective (www.forgetsecurity.com) to the traditional gateway >> security products >> = (http://www.pandasecurity.com/usa/enterprise/solutions/security-applianc >> es/). >> >> In addition we are finishing up a really innovative zero-day = protection >> technology against pretty much all browser-based drive-by exploits. = It's >> currently in internal beta. We have bets going that it will even stop >> the latest Chrome zero-day that the press is talking about today. The >> agent only consumes 8mb of working set memory and is completely >> non-intrusive. This can be very interesting for corporate or = government >> customers. Our plan is to release this as a free tool without any >> support with the objective of gathering intel through mass = distribution, >> but if you think there's business potential we can re-think this. >> >> From a commercial perspective what we would not be interested in is >> commercializing anything different than our own products through our >> commercial network. They are not very specialized and focus mostly on >> small and mid-sized business sales. In the past when we have tried = this >> it has been very disruptive with the sales force as they do not >> understand what's involved in selling a more complex service or >> offering. >> >> >> Press related efforts >> We can dedicate some lab resources to reverse engineering and = forensic >> analysis of efforts whose objective is botnet shutdown that will >> generate press interest and result in PR activities. Related to this, = if >> you need anything from CDMON for sinkholing purposes let me know and = I >> can get law enforcement in Spain to force them to do it. = Alternatively >> if you have interest in talking to them about buying their dynamic IP >> business I can definitely do the intro or get the talks going as an >> intermediary. >> >> >> Please review the information and let's talk again once you've had = time >> to digest it and think about possible angles for the cooperation. Of >> course if you have any questions or would like additional information = on >> any topics let me know anytime. >> >> >> Regards, >> Pedro >> >> >> - --=20 All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNzBrMAAoJEIk0Dw4U/G3l9ZkIALuE0WU448XGljSezDss5QIy HVkmL+nVdQO/55NTQg+jGwsl+EckX05kXNDwtWSy6CQcjXHSmYaqbve7qFTngoFD k2rVtCmjETOXR4odEorANTLJB/WBLRT8h+riKK1o9ATYMRFMRmsRBc3WilCPjpjX /ew8nxXlCFOTJYT6hkpAmetlSEM7XxcPgDGDRlkVi4h/bAFnRHnOcHWBAoBRNHxf /ASsp+TZv2i1jQzcDWjF1I90dE0+nxmDy4p7GVY4jbQ3JBOKUVhtWK0mPul7ayTE XCoy5Fc8aaAMgiPaz/MVV/b0T8413g4PKnlSbGNpJElah3xD0lQkHGB45GDVOWA=3D =3D1lMj -----END PGP SIGNATURE----- From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs242633qah; Thu, 12 May 2011 10:41:26 -0700 (PDT) Received: by 10.142.125.2 with SMTP id x2mr253218wfc.200.1305222086092; Thu, 12 May 2011 10:41:26 -0700 (PDT) Return-Path: Received: from mta824.chtah.net (mta824.chtah.net [63.236.76.20]) by mx.google.com with SMTP id x34si4346341wfd.43.2011.05.12.10.41.24; Thu, 12 May 2011 10:41:25 -0700 (PDT) Received-SPF: pass (google.com: domain of bo-bx38e14bgwp9m3au67eabqdjhxxxp6@b.em.linkedin.com designates 63.236.76.20 as permitted sender) client-ip=63.236.76.20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of bo-bx38e14bgwp9m3au67eabqdjhxxxp6@b.em.linkedin.com designates 63.236.76.20 as permitted sender) smtp.mail=bo-bx38e14bgwp9m3au67eabqdjhxxxp6@b.em.linkedin.com; dkim=pass header.i=@em.linkedin.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=em.linkedin.com; s=20110323; t=1305222105; x=1321119705; bh=camBGnuwB4UyF1/dIEr+vis0KGU=; h=From:Reply-To; b=GzU7hRlFcPadnmxL5Cld7n7o2oMQwQw4Za2UZI9x1ESlUia0n2tYDCmfhG6z7qowp xxymro8QlQFK0fcvlMpn9+xyOfQNGnjbLfzoS/aEcvkW5uNM6GbNgkIpuIZnBhJBZA nvUWNxu1NFVMHys/Mf8TJjbAWFBPe/YU3ZGEUglY= Date: Thu, 12 May 2011 17:41:45 -0000 Message-ID: List-Unsubscribe: From: "LinkedIn" To: khijazi@unveillance.com Subject: Do you know SeungWook Cha, Joe Stewart, or David Litchfield? MIME-Version: 1.0 Reply-To: "LinkedIn" Content-type: multipart/alternative; boundary="=bx38e14bgwp9m3au67eabqdjhxxxp6" --=bx38e14bgwp9m3au67eabqdjhxxxp6 Content-Type: text/plain; charset="utf-8" Content-transfer-encoding: 8bit Karim, Staying in touch with valuable contacts can help you in your career. Quickly connect to some people we think you know. http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/hp http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con1?DMEMBER_ID_01=74249862&DFIRST_NAME_01=SeungWook&DLAST_NAME_01=Cha&DLINK_01=63aJ SeungWook Cha : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con1?DMEMBER_ID_01=74249862&DFIRST_NAME_01=SeungWook&DLAST_NAME_01=Cha&DLINK_01=63aJ at Willstech Connect to SeungWook : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con1?DMEMBER_ID_01=74249862&DFIRST_NAME_01=SeungWook&DLAST_NAME_01=Cha&DLINK_01=63aJ Other people you may know See All � : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/river http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con2?DMEMBER_ID_02=27958839&DFIRST_NAME_02=Joe&DLAST_NAME_02=Stewart&DLINK_02=Oxe6 Joe Stewart : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con2?DMEMBER_ID_02=27958839&DFIRST_NAME_02=Joe&DLAST_NAME_02=Stewart&DLINK_02=Oxe6 , Director of Malware Research at SecureWorks Connect : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con2?DMEMBER_ID_02=27958839&DFIRST_NAME_02=Joe&DLAST_NAME_02=Stewart&DLINK_02=Oxe6 http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con3?DMEMBER_ID_03=3405974&DFIRST_NAME_03=David&DLAST_NAME_03=Litchfield&DLINK_03=HBpr David Litchfield : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con3?DMEMBER_ID_03=3405974&DFIRST_NAME_03=David&DLAST_NAME_03=Litchfield&DLINK_03=HBpr , Managing Director at v3rity Connect : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con3?DMEMBER_ID_03=3405974&DFIRST_NAME_03=David&DLAST_NAME_03=Litchfield&DLINK_03=HBpr http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con4?DMEMBER_ID_04=70748898&DFIRST_NAME_04=Tammy&DLAST_NAME_04=Harget&DLINK_04=L3gl Tammy Harget : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con4?DMEMBER_ID_04=70748898&DFIRST_NAME_04=Tammy&DLAST_NAME_04=Harget&DLINK_04=L3gl , CEO at Frontline Security Solutions, LLC Connect : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con4?DMEMBER_ID_04=70748898&DFIRST_NAME_04=Tammy&DLAST_NAME_04=Harget&DLINK_04=L3gl http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con5?DMEMBER_ID_05=7164587&DFIRST_NAME_05=Robin&DLAST_NAME_05=Laudanski&DLINK_05=7QAc Robin Laudanski : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con5?DMEMBER_ID_05=7164587&DFIRST_NAME_05=Robin&DLAST_NAME_05=Laudanski&DLINK_05=7QAc , CastleCops Owner and Operator Connect : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/con5?DMEMBER_ID_05=7164587&DFIRST_NAME_05=Robin&DLAST_NAME_05=Laudanski&DLINK_05=7QAc � 2010, LinkedIn Corporation This message is part of an occasional mailing to help you get the most out of LinkedIn. If you prefer not to receive these messages, change your settings : http://em.linkedin.com/a/tBNzARuB7uVJYB8bCfjNuZlCsjV/unsub?t=BNzARuB7uVJYB8bCfjNuZlCsjV&email=khijazi@unveillance.com . LinkedIn 2029 Stierlin Ct., Mountain View, CA 94043 USA --=bx38e14bgwp9m3au67eabqdjhxxxp6 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Karim,


Staying in touch with valuable contacts can help you in your career. Quickl= y connect to some people we think you know.

SeungWook Cha
at Willstech
Connect to SeungWook
 
=09
Other people you ma= y know See All »
Joe Stewart= , Director of Malware Research at SecureWorks

 Connect

David Litchfie= ld , Managing Director at v3rity

 Connect

Tammy Harget , CEO at Frontline Security Solutions, LLC

 Connect

Robin Laudanski= , CastleCops Owner and Operator

 Connect

This is an occasional LinkedIn Market= ing email to help you get the most out of LinkedIn. Unsubscribe.<= /p>

© 2011, LinkedIn Corporation.= 2029 Stierlin Ct., Mountain View, CA 94043 USA
--=bx38e14bgwp9m3au67eabqdjhxxxp6-- From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs242374qah; Thu, 12 May 2011 10:35:27 -0700 (PDT) Received: by 10.213.17.204 with SMTP id t12mr846063eba.102.1305221726998; Thu, 12 May 2011 10:35:26 -0700 (PDT) Return-Path: Received: from imc03.pandasoftware.com (imc03.pandasoftware.com [91.216.218.74]) by mx.google.com with ESMTP id t50si3058971eeb.10.2011.05.12.10.35.26; Thu, 12 May 2011 10:35:26 -0700 (PDT) Received-SPF: pass (google.com: domain of pedro.bustamante@pandasecurity.com designates 91.216.218.74 as permitted sender) client-ip=91.216.218.74; Authentication-Results: mx.google.com; spf=pass (google.com: domain of pedro.bustamante@pandasecurity.com designates 91.216.218.74 as permitted sender) smtp.mail=pedro.bustamante@pandasecurity.com Received: from escorpexh06.pandasoftware.local (unknown [192.168.100.190]) by imc03.pandasoftware.com (Postfix) with ESMTP id EE1BD4355FA for ; Thu, 12 May 2011 19:35:24 +0200 (CEST) Received: from ESCORPEXH04.pandasoftware.local ([172.16.0.71]) by escorpexh06.pandasoftware.local with Microsoft SMTPSVC(6.0.3790.3959); Thu, 12 May 2011 19:35:24 +0200 Received: from ESMADEXH02.MADRID.PANDASOFTWARE.LOCAL ([172.21.1.13]) by ESCORPEXH04.pandasoftware.local with Microsoft SMTPSVC(6.0.3790.3959); Thu, 12 May 2011 19:35:24 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Panda Security info Date: Thu, 12 May 2011 19:35:15 +0200 Message-ID: <84ECAF53A2F0F045BD9B7FD0FC56A0BD1087E165@ESMADEXH02.MADRID.PANDASOFTWARE.LOCAL> In-Reply-To: <1212856997273954502@unknownmsgid> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Panda Security info thread-index: AcwQXUnxlgkVAhxaQnWq298ElWp5yAAbWMeA References: <1212856997273954502@unknownmsgid> From: "Pedro Bustamante Lopez-Chicheri" To: "Karim Hijazi" X-OriginalArrivalTime: 12 May 2011 17:35:24.0388 (UTC) FILETIME=[F998CA40:01CC10CA] Looks very bad as I have to do some things on Friday. How about Monday = afternoon? -----Mensaje original----- De: Karim Hijazi [mailto:khijazi@unveillance.com]=20 Enviado el: mi=E9rcoles, 11 de mayo de 2011 21:30 Para: Pedro Bustamante Lopez-Chicheri Asunto: Re: Panda Security info Pedro, What does your schedule look like this Friday for a demo? We only need 45 minutes to an hour. Let me know my friend. -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** On May 10, 2011, at 3:36 PM, Pedro Bustamante Lopez-Chicheri wrote: > Was a pleasure talking to you today Karim. > > As promised here's some info on the different topics that I originally > put on the table for DefIntel and which I think can have a value in a > mutual revenue generating cooperation. > > Malware feed > We have receive about 150.000 new malware samples per day. Out of = these > approx 40% are malware and whatever we process from a signature > perspective we can share this on a daily basis. In addition we can = also > share a few hundred malicious URLs per day. All we ask in return here = is > two-way sharing of samples from your collection as well. > > > Specialized high-quality data feeds > We have a highly specialized service which we sell to banks and > financial institutions via MarkMonitor and RSA. It's called "Targeted > Attack Alert Service" and it's basically a banking trojan reporting > service. Every day we process malware which targets our customers and > provide detailed reports on successful attacks which can (a) steal > credentials from financial institutions-our system actually verifies > this by a special sandbox which replicates users navigating through = the > target site and validates that credentials are being stolen-- and (b) > have a unique, never seen before, drop-host where credentials are = being > uploaded to. The customers (and MarkMonitor and RSA) use these for > shutdown and credential recovery efforts. On any given day we produce = an > average of at least 2 or 3 reports *per customer*. I'm attaching a few > reports from yesterday but please keep these confidential within your > team for research and evaluation purposes only as they belong to > MarkMonitor. Pass "panda". > <> > > Cleaning & Remediation > For special cases we can provide a command-line engine which uses our > cloud-based detection platform which can detect and clean malware. = From > a partner perspective only AV-Test, VirusTotal, Microsoft and > AV-Comparatives have this scanner. I created a special build for > DefIntel to use in their multi-scanner to process malware. I'm sure = Matt > probably still has it. This can be used for remediation at customer > sites for disinfecting malware (given that previously the malware was > sent to our lab and we created signatures for it). > > > Packaged Commercial Offerings > We have commercial offerings for corporate customers which are more in > line with the traditional offerings from AV companies, from corporate > anti-malware (AV+Firewall+HIPS) which is deployed and managed from a > SaaS perspective (www.forgetsecurity.com) to the traditional gateway > security products > = (http://www.pandasecurity.com/usa/enterprise/solutions/security-applianc > es/). > > In addition we are finishing up a really innovative zero-day = protection > technology against pretty much all browser-based drive-by exploits. = It's > currently in internal beta. We have bets going that it will even stop > the latest Chrome zero-day that the press is talking about today. The > agent only consumes 8mb of working set memory and is completely > non-intrusive. This can be very interesting for corporate or = government > customers. Our plan is to release this as a free tool without any > support with the objective of gathering intel through mass = distribution, > but if you think there's business potential we can re-think this. > > From a commercial perspective what we would not be interested in is > commercializing anything different than our own products through our > commercial network. They are not very specialized and focus mostly on > small and mid-sized business sales. In the past when we have tried = this > it has been very disruptive with the sales force as they do not > understand what's involved in selling a more complex service or > offering. > > > Press related efforts > We can dedicate some lab resources to reverse engineering and forensic > analysis of efforts whose objective is botnet shutdown that will > generate press interest and result in PR activities. Related to this, = if > you need anything from CDMON for sinkholing purposes let me know and I > can get law enforcement in Spain to force them to do it. Alternatively > if you have interest in talking to them about buying their dynamic IP > business I can definitely do the intro or get the talks going as an > intermediary. > > > Please review the information and let's talk again once you've had = time > to digest it and think about possible angles for the cooperation. Of > course if you have any questions or would like additional information = on > any topics let me know anytime. > > > Regards, > Pedro > > > From - Sat May 21 19:22:19 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.1.107] (c-76-31-218-178.hsd1.tx.comcast.net [76.31.218.178]) by mx.google.com with ESMTPS id z2sm944619anj.11.2011.05.12.10.35.41 (version=SSLv3 cipher=OTHER); Thu, 12 May 2011 10:35:42 -0700 (PDT) Message-ID: <4DCC1A6E.3050303@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Thu, 12 May 2011 12:35:42 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: Michael Sias Subject: Re: News Media References: <4dc34325.0980dc0a.37c0.0f98@mx.google.com> <-2955583661004747837@unknownmsgid> <1ADF21A2-CDCF-455F-8E90-B20E27F408AD@firm19.com> <103232441950128286@unknownmsgid> <1508427547236913356@unknownmsgid> <3FF867BA-CFBC-4C32-A43B-164DB43F45E9@firm19.com> <4DCAF46C.1070804@unveillance.com> In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Mike, I will get this back to you today. Best, Karim On 5/12/2011 12:32 PM, Michael Sias wrote: > Hi Karim - Here is the letter of agreement in Word format. > > > > > On May 11, 2011, at 4:41 PM, Karim Hijazi Unveillance Email wrote: > > Hi Mike, > > It was my pleasure and I appreciate the interest. I will review the > agreement and have some comments by tomorrow. > > Speak with you tomorrow for the demo. > > Take care, > > Karim > > On 5/11/2011 3:22 PM, Michael Sias wrote: >>>> Hi Karim - >>>> >>>> I really enjoyed speaking with you today. Thanks again for taking the >>>> time. Here is the consulting services agreement that I referenced. >>>> Please take a look and let me know if you have any questions. >>>> >>>> Best, >>>> Mike >>>> >>>> >>>> >>>> >>>> >>>> On May 6, 2011, at 9:16 AM, Karim Hijazi wrote: >>>> >>>>> Sure. Best bet will be my mobile as I will most likely be running >>>>> around still. (561) 542-5704 >>>>> >>>>> If you could, please send me your number in advance as I rarely pick >>>>> up calls from unknown numbers. Thanks! >>>>> >>>>> -- >>>>> All the best, >>>>> >>>>> Karim Hijazi >>>>> CEO | President >>>>> Unveillance >>>>> O. (800) 540-8478 >>>>> M. (561) 542-5704 >>>>> www.unveillance.com >>>>> >>>>> khijazi@unveillance.com >>>>> >>>>> >>>>> ******************************************** >>>>> CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named >>>>> person's use only. The information contained in this communication is >>>>> confidential and/or privileged, proprietary information that is >>>>> transmitted solely for the purpose of the intended recipient(s). No >>>>> confidentiality or privilege is waived or lost by any >>>>> mistransmission. If you receive this message in error, please >>>>> immediately delete it and all copies of it from your system, destroy >>>>> any hard copies of it and notify the sender. You must not, directly or >>>>> indirectly, use, disclose, distribute, print, or copy any part of this >>>>> message if you are not the intended recipient. The sender or any of >>>>> its subsidiaries each reserve the right to monitor all e-mail >>>>> communications through its networks. >>>>> ******************************************** >>>>> >>>>> On May 6, 2011, at 8:06 AM, Michael Sias >>>> >>>>> > wrote: >>>>> >>>>>> Hi Karim - Will it just be the two of us on the call? If so, I don't >>>>>> think I need a bridge; I could just call you directly if that works. >>>>>> >>>>>> >>>>>> On May 6, 2011, at 9:01 AM, Karim Hijazi wrote: >>>>>> >>>>>>> Mike, >>>>>>> >>>>>>> Thanks for the kind wishes. That time will be perfect. Do you want >>>>>>> to set up a conference bridge or should I? >>>>>>> >>>>>>> Looking forward to speaking. >>>>>>> >>>>>>> -- >>>>>>> All the best, >>>>>>> >>>>>>> Karim Hijazi >>>>>>> CEO | President >>>>>>> Unveillance >>>>>>> O. (800) 540-8478 >>>>>>> M. (561) 542-5704 >>>>>>> www.unveillance.com >>>>>>> >>>>>>> khijazi@unveillance.com >>>>>>> >>>>>>> >>>>>>> ******************************************** >>>>>>> CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named >>>>>>> person's use only. The information contained in this communication is >>>>>>> confidential and/or privileged, proprietary information that is >>>>>>> transmitted solely for the purpose of the intended recipient(s). No >>>>>>> confidentiality or privilege is waived or lost by any >>>>>>> mistransmission. If you receive this message in error, please >>>>>>> immediately delete it and all copies of it from your system, destroy >>>>>>> any hard copies of it and notify the sender. You must not, directly or >>>>>>> indirectly, use, disclose, distribute, print, or copy any part of this >>>>>>> message if you are not the intended recipient. The sender or any of >>>>>>> its subsidiaries each reserve the right to monitor all e-mail >>>>>>> communications through its networks. >>>>>>> ******************************************** >>>>>>> >>>>>>> On May 6, 2011, at 7:25 AM, Michael Sias >>>>>>> <msias@firm19.com >>>>>>> > wrote: >>>>>>> >>>>>>>> Hi Karim - >>>>>>>> >>>>>>>> Congratulations! That's wonderful. >>>>>>>> Next Wednesday is good for me - does 2:30 pm ET work for you? >>>>>>>> >>>>>>>> Best, >>>>>>>> Mike >>>>>>>> >>>>>>>> On May 5, 2011, at 9:03 PM, Karim Hijazi wrote: >>>>>>>> >>>>>>>>> Mike, >>>>>>>>> >>>>>>>>> My wife and I are having our second little monster tomorrow (baby >>>>>>>>> Judith). Wish me luck. >>>>>>>>> >>>>>>>>> How does Wednesday look next week for you? >>>>>>>>> >>>>>>>>> -- >>>>>>>>> All the best, >>>>>>>>> >>>>>>>>> Karim Hijazi >>>>>>>>> CEO | President >>>>>>>>> Unveillance >>>>>>>>> O. (800) 540-8478 >>>>>>>>> M. (561) 542-5704 >>>>>>>>> www.unveillance.com >>>>>>>>> >>>>>>>>> khijazi@unveillance.com >>>>>>>>> >>>>>>>>> >>>>>>>>> ******************************************** >>>>>>>>> CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the >>>>>>>>> named >>>>>>>>> person's use only. The information contained in this >>>>>>>>> communication is >>>>>>>>> confidential and/or privileged, proprietary information that is >>>>>>>>> transmitted solely for the purpose of the intended recipient(s). No >>>>>>>>> confidentiality or privilege is waived or lost by any >>>>>>>>> mistransmission. If you receive this message in error, please >>>>>>>>> immediately delete it and all copies of it from your system, destroy >>>>>>>>> any hard copies of it and notify the sender. You must not, >>>>>>>>> directly or >>>>>>>>> indirectly, use, disclose, distribute, print, or copy any part >>>>>>>>> of this >>>>>>>>> message if you are not the intended recipient. The sender or any of >>>>>>>>> its subsidiaries each reserve the right to monitor all e-mail >>>>>>>>> communications through its networks. >>>>>>>>> ******************************************** >>>>>>>>> >>>>>>>>> On May 5, 2011, at 7:39 PM, >>>>>>>>> "msias@firm19.com >>>>>>>>> " >>>>>>>>> <msias@firm19.com >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> Hi Karim, thank you for getting back to me. I'd enjoy the chance >>>>>>>>>> to talk. Is there a day/time next week that is good for you? >>>>>>>>>> Best, Mike >>>>>>>>>> >>>>>>>>>> Sent from my Verizon Wireless Phone >>>>>>>>>> >>>>>>>>>> ----- Reply message ----- >>>>>>>>>> From: "Karim Hijazi Unveillance Email" >>>>>>>>>> <khijazi@unveillance.com >>>>>>>>>> > >>>>>>>>>> Date: Thu, May 5, 2011 6:53 pm >>>>>>>>>> Subject: News Media >>>>>>>>>> To: "Michael Sias" <msias@firm19.com >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>> >>>> Michael, >>>> >>>> Great to virtually meet you. Let's plan on a conversation sometime >>>> next week. Thanks for making contact. >>>> >>>> BTW - I connected to you via my Unveillance profile. >>>> >>>> Speak with you soon. >>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>> Michael Sias >>>>>>>> Manager >>>>>>>> Firm Nineteen, LLC >>>>>>>> Tel - 828-255-8815 >>>>>>>> M - 828-707-3168 >>>>>>>> msias@firm19.com >>>>>>>> >>>>>>>> GTalk/Jabber: >>>>>>>> siasmichael@gmail.com >>>>>>>> >>>>>>>> Skype: >>>>>>>> michaelsiasfirm19.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>>> Michael Sias >>>>>> Manager >>>>>> Firm Nineteen, LLC >>>>>> Tel - 828-255-8815 >>>>>> M - 828-707-3168 >>>>>> msias@firm19.com >>>>>> GTalk/Jabber: siasmichael@gmail.com >>>>>> >>>>>> Skype: michaelsiasfirm19.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> > >>>> Michael Sias >>>> Manager >>>> Firm Nineteen, LLC >>>> Tel - 828-255-8815 >>>> M - 828-707-3168 >>>> msias@firm19.com >>>> GTalk/Jabber: siasmichael@gmail.com >>>> >>>> Skype: michaelsiasfirm19.com >>>> > > > > > > > > > > > > > > > > > > > Michael Sias > Manager > Firm Nineteen, LLC > Tel - 828-255-8815 > M - 828-707-3168 > msias@firm19.com > GTalk/Jabber: siasmichael@gmail.com > Skype: michaelsiasfirm19.com - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNzBpuAAoJEIk0Dw4U/G3l/LEH/1FrWtdkeHdUmH/GkNKW+P3h UJG3TNaFawuz9liPy1LBpZff0nBSCftaw2ic52ZAyB0XbmoUPR/xMDmNuEFuUwWY a0pxpSpmZG/FjvlPnMFNiFV2uncoNP7DDxe5M4F8u359Q6y2gKIbuLqgoFptHJ88 te8UEoILYpiddHuj57NiWSBCLQ3VVhuXBglEdEzp2o/QVXwDl2gMO2L4eneUZ7W2 dsdFFOEwBOxCwtkZ1ojSPdo5BN/z4hgJ/Y52XckZtUcMXI+m0673FEaGn7GdfoPY yDYtmKlx9TPg+V7rQkxipgK4UuuqLWVRBkSzTzYb1uKNoklNcxSHpXlOT+dMFHA= =OF0l -----END PGP SIGNATURE-----