SecureTest Solution

1
SecureTest Solution

• Alex FieldingPresident CEO

2
DATU Is A Major Security Vulnerability

• Documentation as well as hardware are easily
  available to hackers.
• Hacking techniques well-understood.

3
DATU Is A Major Security Vulnerability

• Allows Malicious Attackers to
• Disable Phone Lines
• Monitor Phone Conversations
• Time Disconnect Lines (Including Critical
  Infrastructure)
• From Anywhere (Cell, Wireline, Payphone)
• With Virtually No Logging or Audit Capability
• Cost Verizon 300M without the attacker using
  wiretapping/eves-dropping capability.

4
Sarbanes-Oxley

• Under SarbOx the DATU vulnerability can
• Make it possible for communication that was
  intended to be private to become public.
• Disclosing confidential and damaging information
  over the wireline.
• Make it possible for 911 services to be
  unavailable to the end user, preventing them from
  being able to place calls in a crisis.
• Unresolved, while acknowledged, makes SBC liable
  under SarbOx.
• Lack of Audit/Logging capability is considered
  negligence.

5
Ripcord's Solution Is Extremely Secure

• Complete proprietary system
• No publicly available documentation exists
• No known hacking techniques
• No pathway to develop

They Just Cant Get In
6
Ripcord's Solution Is Extremely Secure

• 3 Token Authentication
• No Public Network Access
• Single Use Passwords
• Line Sentry Feature
• Requires Tech ID, Passcode, and SecurID pin.
• Full Audit Logging Tracking

7
Ripcord's Solution Is Fast To Implement

• 120 Days From Contract Engagement
• Appliance Solution
• Centralized
• Ultra-Secure
• Easily Integrated Into Existing SecurID System

8
Ripcord's Solution Is Extremely Affordable

• We want to work with SBC's security team as a
  tool provider and partner, enabling SBC to have
  the right tools to secure their voice
  infrastructure.
• Don't Replace Bs in Capital Equipment
• Don't Rush Into Place An Untested Replacement
• Secure The Infrastructure Centrally Securely
• Under 10k per switch (including hardware)
  configured!
• Unlimited Technicians
• Extremely Affordable Maintenance of Code
  Equipment

9
Ripcord Board Advisors

• Dr. Gil Amelio Chairman, Board of Directors
• Chairman / President / CEO, Sienna Ventures
• Chairman / President / CEO, Apple Computer
• Chairman / President / CEO, National
  Semiconductor
• Dr. Steve Wozniak Director, Board of Directors
• CTO and Co-Founder, Wheels of Zeus (WOZ.com)
• Founder, Apple Computer, Inc.
• Ellen Hancock Advisor, Board of Directors
• Chairman / CEO / President Exodus Communications
• CTO Apple Computer
• COO National Semiconductor
• Senior Vice President, IBM
• Mike Connor Director, Board of Directors
• President / COO, HedgeStreet Exchange
• COO Cable Wireless USA
• CIO and SVP Global Integration, Exodus
  Communications

10
Ripcord Board
Dr. Gil Amelio
Dr. Steve Wozniak
Ellen Hancock
Mike Connor
Alex Fielding
11
DATU Background
1/27 - Notified Ivan Seidenberg of Verizon
vulnerability
2/9 Forwarded white paper to Ross Ireland, Gil
informs Ross Ireland and John Atterbury
2003 Ripcord RD of telephony products and
services
June 1 Ross changed passwords
July 17 Verizon announcement of phreaker
Dec 31 SBC promised completion
1/27 - Notified Gil of SBC vulnerability
Discovered DATU vulnerability Dec 31, 2003
1/31 Gil informs John Atterbury
Mar 9 Ross Reported to Board we have a solution,
it will be in place by Dec 31, change passwords
by June 1
August SecureTest appliance development complete
all of 2003, 2004 Verizon is hacked (detected by
FBI et al)
12
Verizon Experience

• 1/27 Ripcord notified Verizon of vulnerability
• Adequate preventative measures apparently not
  taken
• July 17, 2004 Press Release of Decoder hack
• Lowest market cap of year, possibly attributed to
  press release
• Likely to be a topic at upcoming Verizon
  shareholder meeting in late September
• Potential Sarbanes-Oxley exposure
• Technical assessment regarding SecureTest

13
DATU Issues

• 4 digit user passcodes
• 5 digit admin passcodes
• Weak authentication, one token
• No alarm reporting, no logging of access
• Open access regardless of job functions, regions
• Requires test number directory
• Audio monitor enables eavesdropping wiretapping
• Vulnerable to Denial of Service attack
• Vulnerable to timed disconnects permanent
  disconnect

14
SecureTest DATU
Comparison

• 3 token authentication
• Access based on job function
• Access based on location
• Audit logging reporting
• Ease of use, 1 number dial-in for field
  technicians
• Voice Interface (IVR)
• Central management
• Anti-eavesdropping encryption
• Maintains existing capital investment
• 120 days implementation

v v v v v v v v v v
- - - - - v - - v N/A
15
Implementation Timeline

• Demo - today
• Contract executed
• 30 days install equip
• 45 days update of all DATU units
• Internal lab trials
• No impact on customer-facing equipment
• Day 95 Dual operation
• 120 days- Operational
• Discounted Maintenance
• Act now and implement before year end

16
Next Steps
17
Ripcord Management

• Alex Fielding President / CEO
• Dan Sokol CTO / Vice President Engineering
• Engineering Assistant to CEO - Wheels of Zeus
• CTO, Co-Founder Cobaltcard
• CTO, Best-of-China.com
• Kirk Knight VP Finance Business Development
• VP, Co-Founder Cobaltcard
• VP Strategy Business Development
  Best-of-China.com
• Marketing Consultant Sprint FTS2000, Sun,
  Motorola, Apple, Intel
• Daren Race Lead Architect
• Unix server architect at PC SQL database
  pioneers, Gupta
• Server architect at PointCast, OnLive, PointBase,
  and FineGround.
• Al Luckow VP of Marketing
• Creative Director Wheels of Zeus
• Creative Director eyeeco, Inc. and Kerbango (acq.
  by 3Com in 2000)
• Consultant Apple, LSI Logic, Mitsumi, NEC, HP,
  Agilent, A4 Vision

18
Ripcord Management

• Alex Fielding President / CEO
• Dan Sokol CTO / Vice President Engineering
• Engineering Assistant to CEO - Wheels of Zeus
• CTO, Co-Founder Cobaltcard
• CTO, Best-of-China.com
• Kirk Knight VP Finance Business Development
• VP, Co-Founder Cobaltcard
• VP Strategy Business Development
  Best-of-China.com
• Marketing Consultant Sprint FTS2000, Sun,
  Motorola, Apple, Intel
• Daren Race Lead Architect
• Unix server architect at PC SQL database
  pioneers, Gupta
• Server architect at PointCast, OnLive, PointBase,
  and FineGround.
• Al Luckow VP of Marketing
• Creative Director Wheels of Zeus
• Creative Director eyeeco, Inc. and Kerbango (acq.
  by 3Com in 2000)
• Consultant Apple, LSI Logic, Mitsumi, NEC, HP,
  Agilent, A4 Vision