The babies are born!

Long time has passed since the last post in our blog. Were we sleeping?
Not really.
We were just busy in cooperating with OneShield UTM manufacturer and we were thinking that facts are better than words.
As previously announced online and through conferences, WabiSabiLabi was selected by Delemont Technology as a 0day signatures contributor for a new generation of UTM (Universal Threat Management) appliances.
You'll be able to find all the technical details here.

There are already four different models of OneShield UTM appliances, they are all ready to be deployed to defend your network and a fifth one is on its way. As you can see from the pictures below, the appliances are now a reality, thanks to the effort of Delemont Technology (located in the Venice Gateway for Science and Technology) which is the owner of the OneShield brand, the Eurotech Group, which is the hardware provider and WabiSabiLabi backed up by the private security researchers community, which will contribute to the applaince 0day signatures packs.

More details about the appliances and the security researchers rewarding scheme behind them will be disclosed at the HITB security conference (Oct. 27th - 30th - Kuala Lumpur - Malaysia), where curious people, journalists, prospect clients and distributors will be able to touch them.

Meanwhile, enjoy them in a live test installation.

For more information about the OneShield UTM appliances you are welcome to contact OneShield's Development Manager Mr. Alberto Boratto: a.boratto [at] delemont.com


SecurityFocus: we can't believe our eyes

Recently on SecurityFocus (read: Symantec) appeared an article written by Jamie Reid, a privacy, security and risk consultant to healthcare agencies in Toronto.

While reading the article, we could not believe our eyes. In a nutshell, the article is brilliantly demonstrating why the current level of money offered by traditional security vendors to security researchers (yes, somobedy finally used the proper term) for their 0day findings is not representing the real value of them. No need to report here SecurityFocus columnist's ideas backing up such statement, we totally agree with them, especially with the final part which is stating that perhaps, the proper model should be a model including a sort of revenue sharing scheme. Just go and read the article.

But... there is a but. To demonstrate that the traditional security vendors' model is not providing a proper value to the researcher's efforts, the columnist wrote:
"Competitors in the bug-buying space like WabiSabiLabi's auction scheme, and iDefense's VCP offer lower rewards, but provide different structured incentive packages for disclosing 0-day exploits to them."

Initially, we didn't pay much attention to it, but then... questions started to pop up in our mind.
As everybody knows, stating something like "Competitors in the bug-buying space like WabiSabiLabi's auction scheme(...) offer lower rewards" is actually not representing the reality. In fact, WabiSabiLabi doesn't offer ANY sort of reward at all. We just provide a marketplace, where the reward level is the natural result of the interaction of offer and demand. Why the need to say that WSL itself is providing low reward to researchers? It puzzled us.

Then we paid attention to the fact that the columnist is wishing for security researchers a sort of revenue sharing model, deliberately (?) forgetting to mention that WabiSabiLabi announced such scheme since the time of its very foundation. Go and read our almost-one-year-old post.

At that point, we mailed to Jamie Reid, pointing out the fact that we were not providing "low rewards scheme" and that we were already promoting since a year our revenue sharing scheme, hoping that he would have corrected his article.
Guess what? We received a polite mail in which he answered "Thank you. That's an interesting model. I will be interested in following up in a year or so about how it is working". But no amendments on his article.

A distracted columnist? Or perhaps an anticipation of a future Symantec's move toward a different approach in the security research industry?

As you know, we are working hard since one year in the realization of such rewarding scheme, having initially half of the world against us. Our efforts are concretizing in the recently announced partnership for the production of the UTM OneShield Security, which will integrate a revenue sharing model, for those security researchers who are contributing with their findings.

We took all of the risk and heat, we faced the shadiness of the current laws, we took all the insults from that part of the researcher's community which didn't agree with us, we standed strong hits from some lobbied press.
Nevertheless, we are still alive so it might be the right time from the big industry to take advantage of the results of our work?

We'll see. It will be interesting for us, to see how our competitors (who much criticized our model, defining it unethical) will find excuses to adopt it.

Our forecast? Perhaps they will adopt only part of it. They won't adopt the auction part but they will eventually adopt the revenue-sharing scheme.

With a problem: it will be the demonstration that they abused of the work of the security researchers, paying them peanuts, up to the moment somebody popped out of the blue and forced them to adopt new business models, in which security researchers are not anymore considered as freebies or peanuts workers.

Please remember... that somebody, was us.


Are South Africans aliens from another planet?

They must be, at least this is what we think after being invited to hold a keynote speech at the ITWeb Security Summary 2008, (Johannesburg - South Africa), and after having checked the reaction of the attendees at the end of it.

Let us get it straight: the speech was about WabiSabiLabi's marketplace project and it was held in front of a crowd of 400 attendees.
At the end of the speech, the conference host fired up a question to the crowd:"Who think that WSL is doing the right thing in providing a marketplace for security research, raise the hand".
We panicked waiting for the response but then ... 399 hands attached to security professionals' bodies were raised.
To counter-check, the host asked then: "Who is against such initiative?". Only one hand up.

Are we THAT good in selling ideas? Or maybe it's just the marketplace idea itself that, when supported by proper motivations, doesn't find any difficulties in being adopted or even supported by security professionals?

Or is it that South Africans are aliens from another planet? We are still wondering...

Meanwhile, a few words about the ITWeb conference. We are always bragging how good the Swiss are in organizing things. Well, they have indeed some good competitors in South Africa. The ITWeb conference is a top international event, period.

Pros, Cons and Kudos

Symantec's "free of charge" espresso coffee machine at their booth. Finally, some good hardware.
Thanks a lot, from the deep bottom of an Italian heart.

ITWeb's catering service. We have the proof that aliens don't know how to properly cook pasta.
Yes, boiling it for less than two and a half hours will also help to spare Africa's energy resources and will contribute to lessen the power outages.

Johnny Long for his fabulous speech and his charity initiative. People, vendors...what are you waiting for to support it?
Johnny Cache, for being so... smurky. He knows what we mean ;)
Dino Covotsos, for being a good friend and for sponsoring through his company Johnny Long's charity initiative.
Kudos also to the Serbian community, Paul, Janine, Alissa, Mariette, Ilva and all the new and old friends we found over there.

Final round of kudos to South Africa, for giving us such dramatic sunsets.

From Earth, over.


Partnership announcement with OneShield Security

WSL is proud to announce a partnership with OneShield Security for the production of a UTM appliance. The appliance will intergrate a 0day preemtpive engine, based on the knowledge coming from WSL's marketplace and will be based on hardware provided by Eurotech, a defense, security and aerospace hardware producer.
The partnership is already in its second-phase which means that in a few weeks the product will be available for the mass-market (projected date: June 1st 2008).

In the next two blog posts we will announce how the security researchers community will benefit out of the OneShield Security network and also another strategic partnership in the security research area.

The appliance will be bundled with an optional Managed Security Services package, and will have the following characteristics:

Network Security:

- Stateful Packet Firewall
- Demilitarized Zone (DMZ)
- Intrusion Detection
- Multiple Public IPs
- Traffic Shaping

-- VoIP/SIP support
- Malformed Packet Protection
- Portscan Detection
- DoS and DDoS Protection
- SYN/ICMP Flood Protection
- Anti-Spoofing Protection

Enterprise IDS:

- Fully Web Managed Intrusion Detection System
- Integrated with the largest Networks of 0Days Threats in the world
- Ajax Instant Log Web Interface for instant alerting of Intrusion Attempts

Web Security:

- HTTP & FTP proxies
- Anti-virus (100.000+ patterns)
- Transparent Proxy support
- Content Analisys/Filtering
- URL Blacklist
- Authentication: Local, RADIUS, LDAP, Active Directory
- NTLM Single Sign-On
- Group Based Access Control

Mail Security:

- SMTP & POP3 proxies
- Anti-spam with Bayes, Pattern, SPF, Heuristics, Black- and White-lists support
- Anti-virus (100.000+ patterns)
- Transparent Proxy support
- Spam Auto-Learning
- Transparent Mail Forwarding (BCC)
- Greylisting

VPN Concentrator:

- True SSL/TLS VPN (OpenVPN)
- Encryption: DES, 3DES, AES 128-, 192-, 256-bit
- Authentication: Pre-Shared Key, X.509, Certification Authority, Local
- PPTP Passthrough
- Native VPN Client for MS Windows, MacOSX and Linux

Hotspot Security:

- Captive Portal
- Wired/Wireless support
- Pre-/Post-paid and free Tickets
- Integrated RADIUS service
- Connection Logging
- No additional software/hardware required


- Easy Web-based Administration (SSL)
- Secure Remote SSH/SCP Access
- Serial Console
- Centralized Management through Endian Network (SSL)

High Availability:

- Multi-Node Appliance Cluster
- Hot Standby (active/passive)
- Load Balancing (active/active)
- Node Data Synchronization

WAN Failover:

- Automatic WAN Uplink Failover
- Monitoring of WAN Uplinks
- VPN Failover

Network Address Translation:

- Static NAT (Port Translation)
- One-to-One NAT
- IPSec NAT Traversal


- Static Routes
- Source Based Routing
- Destination Based Routing


- Instant Log Viewer (AJAX based)
- Detailed User Based Web Access Report
- Network/System/Performance Statistics
- Syslog (Local or Remote)

Updates and Backup:

- Centralized Updates through Oneshield Eurotech Network
- Anti-virus Definitions
- URL Blacklist Definitions
- Scheduled Automatic Backup
- Encrypted Backups via E-mail
- Instant Recovery/Backup to USB-Stick


Addendum to :"Letter to the community"

After my recent post on this blog about the ethical dilemma that pushed me to think if I should stay or leave WSL, followed by the motivations about my decision to continue to support the project, the international press has republished excerpts of my words in the articles that followed.
Those excerpts have been in most cases interpreted correctly, I am referring to that part in my post in which I tried to describe the outlines of the big case that brought me troubles.
Specifically, with the words:

"The case for which I was arrested it's actually a huge case and believe me, no single news agency was able to picture it completely right. Probably, nobody will ever be able to picture it completely right as it's a case involving a hundred of arrested people, the Italian Secret Services, the US Secret Services, some Italian corrupted police and financial police officers, some Italian and US investigation companies, a multi-billionaire struggle between Telecom Italia and Brasil Telecom, an extraordinary rendition (kidnapping) of a presumed Islamic terrorist, and last but not least, the suicide (but many say murder) of a Telecom Italia Security top manager. Aside this, the various attempts of the Italian government to take over the control of the Italian main telecommunication carrier."

I didn't report facts known to me personally, but a short recap of the case as it was reported by the Italian press. In fact, my personal case is loosely connected to the whole, big Telecom Italia case that appeared, for nearly two years on Italian newspapers, as a case which borders are not easily identifiable.

In one specific case though, an Italian columnist of the "Il Sole 24 Ore" newspaper has interpreted my words, in the typical way of the Italian scandalistic journalism, raising suspects on the possibility that I could be the guardian of who-knows-what secrets related to the case.

No, I am not the guardian of any secret. If a was, I would have not written those words. I just reported what the Italian newspapers wrote, following the Italian investigators' findings. Within my drawers there are no secrets, on the contrary, I wish I'll be able to forget this case, which greatly damaged my personal life and professional career.


Roberto Preatoni - Letter to the community

One year has already passed, since the moment the WSL crew started to work on the marketplace project, as it went public on July '07, but a lot of preparation work has been done since several months before.
As you well know, the marketplace gained immediately a quite impressive press coverage, splitting (as we were expecting) the security world in two: those who praised the project and those who hated it.

Generally speaking, whenever you succeed to split the world in two, it's a sign you are doing the right thing. Absolute positiveness it's usually an indication that a sort of monopoly or dictatorship is ruling the game, brainwashing the thinkers.
I already know, even this post will split the world in two.
Honestly, WSL was expecting even more criticism, at least in the beginning, thus we can't deny we are quite satisfied by what the project achieved in the last months.

But eventually WSL had a problem.
Sorry, I had a problem.

The news of my arrest broke through the press titles causing havoc among WSL and the people who started to put some trust in it.
Right, trust. That's the word without which, no project such ours could ever take off.

The case for which I was arrested it's actually a huge case and believe me, no single news agency was able to picture it completely right. Probably, nobody will ever be able to picture it completely right as it's a case involving a hundred of arrested people, the Italian Secret Services, the US Secret Services, some Italian corrupted police and financial police officers, some Italian and US investigation companies, a multi-billionaire struggle between Telecom Italia and Brasil Telecom, an extraordinary rendition (kidnapping) of a presumed Islamic terrorist, and last but not least, the suicide (but many say murder) of a Telecom Italia Security top manager. Aside this, the various attempts of the Italian government to take over the control of the Italian main telecommunication carrier.

Well, right after my arrest, I clarified my position and the Court of Freedom ruled for my release a few days after. Of course, no press coverage in this case but hey, that's the way it works. At least, next time I'll meet Kevin Mitnick at TJI Friday's I'll have something to say and not only to ask.

But the damage to WSL was done and there was nothing I could do to repair the cracks. The questions I kept asking myself in the last months were: What will happen to WSL if I will stay? Will my private life and troubles effect negatively the project? Should I keep representing publicly the project?
Several people, including security researchers mailed me addressing the same questions (thanks, Jesper) forcing me finally to take a decision.

I will stay.
I will stay and continue to put pressure to security lobbies. Things must change, researchers and their discoveries should be considered beneficial to the whole security cycle.

I'll represent WSL once again, in the next planned security conference (6-7-8 May 2008, Johannesburg - South Africa). I'll be there, you are welcome to come and kick in harsh questions related to the project, I'll try to do my best to answer to you.

One more thing. We worked hard on a partnership that we will announce soon. It'll be a surprise and it'll effect positively the marklet-place and the cash the researchers might be able to get.

Yours faithfully,

Roberto Preatoni