Friday, August 01, 2008


So I'm sitting in San Fran International terminal awaiting my flight to Melbourne via Auckland and reflecting on some fun stuff in the USENIX Security Symposium in San Jose I just attended(more specifically a special part of the conference on Security Metrics called Metricon):

a) SF Airport is at "Department of Homeland Security Threat Level ORANGE", who gives a sweet flying f**k.. and what does that mean anyway? Security traffic lights 'go slow' perhaps?
b) My GMAIL (web based email obviously.. AJAX'y port 80) to my group didn't get through from either the hotel's wireless nor the free wireless at the conference as the military have me blocked as a 'prohibited sender'... cool huh? Must be that email I sent a while back with as many keywords as possible in it. Nice one Draz! Anyway, see below for more details re: SMTP headers (I'm hoping it's not a redirect or filter by the hosting company of but I'm not sure yet) ( is in there somewhere...)
c) Spent an hour listening to the radio in San Fran today whereby a liberal radio station was interviewing Vincent Bugliosi, author of 'The Prosecution of George W. Bush for Murder', which is being blacklisted as such by the weak-ass delusional US media. Rock on Vince... he wants the death penalty for Bush + cronies. The fact that he carries such weight in terms of his background and history is one reason the mainstream invertebrates in the media are side stepping the gent.
d) met some cool amurican Lockheed Martin R&D dudes at the conference, including some peeps from Darpa, CIS(Center for Internet Security) and security bloggers I follow.
e) Met Dan Geer. Mission accomplished. Met Andrew Jaquaith who was like 'ahhhh Donal'..when he saw my name badge.
f) conference was pretty weak on the ground in terms of actual content but I didn't really care as I was just there for a holiday and to say hello to some peeps.
g) ebay security chick was cute, bigfix security chick looked like my mate micanders missus Holly
h) I came up with the idea of temporarily revoking NETBLOCKS as a punitative measure for orgs on the internets
i) Myself and Russell hit the bars twice chasing Asian-American chicks and had our fair share of Coronas and Mojitos, interesting discussions, great food, phone numbers, but didn't seal the deal. What's the story again with 2am closing?
j) I was reminded of the mass delusional insular conscious state most Amuricans live in
k) I was reminded of the smell of 'sewage' that wafts in certain areas of SF, including the abundance of homeless peeps around certain neighbourhoods.
l) I was pleased to see randomers walking around Haight-Ashbury in home made super hero capes, some in wizard hats... ain't it great that I wasn't phased nor were most of the public..
m) I was reminded how beatiful parts of California are and how cool and cooky SF still is.
n) I didn't get to the Green Gulch Zen Center, maybe next time! I seem to have ended up in San Fran every 1.5 to 2 years since around 1998-1999

What follows are the SMTP headers from the f**'ing dopy military, almost like they want to expose their internal MTA's....

Received: by with SMTP id m19cs75264tim;
Tue, 29 Jul 2008 16:29:07 -0700 (PDT)
Received: by with SMTP id o1mr11435736ano.10.1217374144604;
Tue, 29 Jul 2008 16:29:04 -0700 (PDT)
Received: from ( [])
by with ESMTP id 6si327532yxg.6.2008.;
Tue, 29 Jul 2008 16:29:04 -0700 (PDT)
Received-SPF: pass ( best guess record for domain of designates as permitted sender) client-ip=;
Authentication-Results:; spf=pass ( best guess record for domain of designates as permitted sender)
Received: from (unknown [])
by (Symantec Mail Security) with ESMTP id 9D2A4520007
for ; Tue, 29 Jul 2008 18:23:31 -0500 (CDT)
X-AuditID: 844f0819-ac13fbb000001122-9a-488fa673712f
Received: from (unknown [])
by (ARNG Mail Security Out) with ESMTP id 880194DC002
for ; Tue, 29 Jul 2008 18:23:31 -0500 (CDT)
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 29 Jul 2008 18:29:02 -0500
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 29 Jul 2008 18:29:01 -0500
Received: from mail pickup service by with Microsoft SMTPSVC;
Tue, 29 Jul 2008 18:29:01 -0500
thread-index: Acjx0uGiIpV20940QBOD9qKfljCyIw==
Thread-Topic: Symantec Mail Security detected a prohibited sender in a message sent (SYM:07622397080654417781)
Subject: Symantec Mail Security detected a prohibited sender in a message sent (SYM:07622397080654417781)
Date: Tue, 29 Jul 2008 18:29:01 -0500
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Exchange 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4133
X-OriginalArrivalTime: 29 Jul 2008 23:29:01.0304 (UTC) FILETIME=[E1C17F80:01C8F1D2]
X-Brightmail-Tracker: AAAAAA==

Subject of the message: Re: [securitymetrics] Security awareness metrics
Recipient of the message: "Imran Mushtaq" ;""


me said...

Analysis: U.S. military to patrol Internet

30 Jun 2008

The U.S. military is looking for a contractor to patrol cyberspace, watching for warning signs of forthcoming terrorist attacks or other hostile activity on the Web. In a solicitation posted on the Web last week, the U.S. Army's Fifth Signal Command said it was looking for a contractor to provide "Internet awareness services" to support "force protection" -- the term of art for the security of U.S. military installations and personnel.

"The purpose of the services will be to identify and assess stated and implied threat, antipathy, unrest and other contextual data relating to selected Internet domains," says the solicitation. The solicitation says the successful contractor will "analyze various Web pages, chat rooms, blogs and other Internet domains to aggregate and assess data of interest."

Good luck to them -- blogs alone stand at over 70 million. What are they going to look for? Someone called Ahmed?

Deda said...

You have the Illinois National Guard in there. I thought you were in California.

Also address for permitted sender breaks out in Fairfax - US Army Communications - Electronics Command.

And they leave their paw prints all over the stuff.

Looks pretty disorganised to me, even if they did succeed in blocking your mail.

Maybe it was not so much your keywords, whatever they were, as the name of the gentleman to whom the mail was addressed that got them going.

Anonymous said...

Thanks for blogging your trip. Sounds amazing. Glad you got to meet the securitymetrics guys FINALLY!

How good is SF :) I Love Haight-Ashbury :)

Interesting work on the mail being blocked. I'm with dede, I think it would be the recipient who got blocked. You don't normally block on sender, but receiver. Unless you think there's some netblock-based filtering going on due to the conferences?

Again, Great post!


Donal said...

"Thread-Topic: Symantec Mail Security detected a prohibited sender in a message sent "

No I think it's me and it happened on three seperate occasions to different recipients... albeit was the common thread, thus I am in contact with their MTA admin who says they use postini, but since I left the country it's all been good.