Re: Questions after morning log review

From: Bradley Bartram <Bradley.Bartram_at_oag.state.ny.us>
Date: Tue, 04 Sep 2007 15:40:50 -0400

Ben, et. all;

This is the interface template we discussed.

In general, the actual interface is very simple. I have thumbnailed images being displayed at 150x150px with a full enlargement on click. I limit the results per page to 50 lines. The rest is pretty self explanatory, but if you have any questions, let me know.

Brad Bartram
716-783-1215

>>> "Ben Grodsky" <grodsky_at_mediadefender.com> 09/04/07 2:20 PM >>>
Michael,

We're in a meeting now that should be over by 1130, but we may be a few minutes late on the call to you. This meeting may spill over a little beyond the scheduled time.

Sorry about that,
Ben

----- Original Message -----
From: Michael McCartney <michael.mccartney_at_oag.state.ny.us>
To: Amaechi L. Okonko; Ben Grodsky; Jay Mairs; Bradley Bartram <Bradley.Bartram_at_oag.state.ny.us>; James Domres <James.Domres_at_oag.state.ny.us>; Peri Kadanoff <Peri.Kadanoff_at_oag.state.ny.us>
Sent: Tue Sep 04 07:54:31 2007
Subject: Re: Questions after morning log review

Yes that works for us. But call 716-568-4820 instead.

Thanks. See ya all then....

Mike

>>> "Ben Grodsky" <grodsky_at_mediadefender.com> 9/4/2007 10:37 AM >>>
Michael,

Does 1130 AM PST (230 PM EST) work for y'all? We would just call directly, without a conference dial-in number to 716-853-8539, if that's ok with you.

-Ben

----- Original Message -----
From: Michael McCartney <michael.mccartney_at_oag.state.ny.us>
To: Amaechi L. Okonko; Ben Grodsky; Jay Mairs; Bradley Bartram <Bradley.Bartram_at_oag.state.ny.us>; James Domres <James.Domres_at_oag.state.ny.us>; Peri Kadanoff <Peri.Kadanoff_at_oag.state.ny.us>
Sent: Tue Sep 04 06:47:19 2007
Subject: RE: Questions after morning log review

Can we do another call today to discuss the specifics of the application on our server, the Hash Library that we have that we can use to check files we collect, and the image review tool that we will need to develop to review the contraband files we pull form the suspect IP's.

Please let me know your availablility today.

Thanks in advance.

Michael G. McCartney
Sr. Special Investigator
New York State Office of the Attorney General
Statler Towers
107 Delaware Avenue, Room 4-130
Buffalo, New York 14202
vm 716-853-8539
cell 716-983-4635
e-mail: michael.mccartney_at_oag.state.ny.us

>>> "Ben Grodsky" <grodsky_at_mediadefender.com> 8/31/2007 12:58 PM >>>
Amaechi,
 
Please set up a conference call-in number for a call today at 12 PM PST with the Attorney General of New York and e-mail around the call-in info.
 
Thanks,
Ben

________________________________

From: Michael McCartney [mailto:michael.mccartney_at_oag.state.ny.us]
Sent: Fri 31-Aug-07 09:17
To: Ben Grodsky; Jay Mairs; Ben Grodsky; Bradley Bartram; James Domres; Peri Kadanoff
Subject: Re: Questions after morning log review

That works for Brad and I and that is all that really needs to be on the call. But if the others are available to join, they certainly can.

Michael G. McCartney
Sr. Special Investigator
New York State Office of the Attorney General
Statler Towers
107 Delaware Avenue, Room 4-130
Buffalo, New York 14202
vm 716-853-8539
cell 716-983-4635
e-mail: michael.mccartney_at_oag.state.ny.us

>>> "Ben Grodsky" <grodsky_at_mediadefender.com> 08/31/07 11:41 AM >>>
Michael,

Would 12 pm pst (3 pm est) be okay? If so, we will set up a conference call-in number for that call today.

Thanks,
Ben

----- Original Message -----
From: Michael McCartney <michael.mccartney_at_oag.state.ny.us>
To: Ben Grodsky; Jay Mairs; Bradley Bartram <Bradley.Bartram_at_oag.state.ny.us>; James Domres <James.Domres_at_oag.state.ny.us>; Peri Kadanoff <Peri.Kadanoff_at_oag.state.ny.us>
Sent: Fri Aug 31 08:00:48 2007
Subject: RE: Questions after morning log review

I hear from Brad that we "may" have a solution to this issue? Lets have a call on this today! Let me know what time is good for all of you.

Michael G. McCartney
Sr. Special Investigator
New York State Office of the Attorney General
Statler Towers
107 Delaware Avenue, Room 4-130
Buffalo, New York 14202
vm 716-853-8539
cell 716-983-4635
e-mail: michael.mccartney_at_oag.state.ny.us

>>> "Ben Grodsky" <grodsky_at_mediadefender.com> 8/30/2007 12:23 PM >>>
Brad or Michael,

What's the IP address you're seeing? This e-mail doesn't give us enough info to track anything down.

Thanks,
Ben

________________________________

From: Michael McCartney [mailto:michael.mccartney_at_oag.state.ny.us]
Sent: Thu 30-Aug-07 08:01
To: Ben Grodsky; Jay Mairs; Bradley Bartram
Subject: Re: Questions after morning log review

Jay:

Is this one of your engineers? Because if not, this is very disturbing! Who ever this was obviously had the non standard port as well as your user name to attempt these logins. This leads me to believe that your system is compromised and/or our communications were either sniffed or accessed providing this fella with much of the relevant information to attempt access. As of now, all out side access has been disabled until we can figure this out further.

Please let me know what you have learned about this as soon as possible.

Michael G. McCartney
Sr. Special Investigator
New York State Office of the Attorney General
Statler Towers
107 Delaware Avenue, Room 4-130
Buffalo, New York 14202
vm 716-853-8539
cell 716-983-4635
e-mail: michael.mccartney_at_oag.state.ny.us

>>> Bradley Bartram 8/30/2007 8:44 AM >>>
Ben / Jay;

I was reviewing the security logs on the server setup for your application this morning and came across some failed logins that I wanted to ask you about.

At 7:23 Eastern Time this morning, an ip from, what appears to be sweden, connected to the server using your username, made two failed password entries and then disconnected 4 seconds after the initial connection.

Are you aware of any of your people working on this project coming from a Scandinavian ISP and connecting to our system?

On that note, do you have a list of ip addresses that you would be accessing the server from so that I can update the ACL accordingly? Considering the nature of the information being collected, I would like to restrict access as much as possible.

Thank you.

Brad Bartram

JPEG image
Received on Fri Sep 14 2007 - 10:56:21 BST

This archive was generated by hypermail 2.2.0 : Sun Sep 16 2007 - 22:19:49 BST