Dailydave mailing list archives
Re: How T-Mobil's network was compromised - Honeypots & Case Studies
From: gf gf <unknownsoldier93 () yahoo com>
Date: Sat, 19 Feb 2005 21:30:05 -0800 (PST)
Interesting talk about risk and trust. I think at a certain point, we reach the limits of technology and engineering, and need to get into the more (soft-skilled) domain of risk management. Right, T-Mobil can ship a trojanned version of PGP. But even if we could somehow prevent that, other things can go wrong - agents can take bribes. After a certain point, it's about reducing risk, not provable impossibility. *But*, I'd like to address the initial question as well. A lot of knowledge has been amassed on the majority of attacks - simple, one shot vulnerabilites. But we have very little communal research and documentation about the high level attacks, the ones that succeed on highly protected, multiple lines of defense, systems. I think, as a community, we'd benefit a lot from learning about these. To quote the Honeynet Project: 6. What about advanced blackhats, have you captured their activity? No. The vast majority of activity the Honeynet Project captures is mainly script-kiddie threats. These are individuals, organizations, or automated tools (such as worms) that randomly scan millions of systems for known vulnerabilities, then attack anything then find vulnerable. In general, these threats are motivated to compromise as many systems as possible. We have captured very little on advance threats, individuals who target specific systems of high value. http://www.honeynet.org/misc/faq.html#faq6 I think this is a big gap in the community's knowledge base. Of course, many have personal experience or knowledge - from either side of the fence - in these types of cases. But we'd all gain from some more "case studies" as well. (my 2 cents). and I'll reitirate my request for anyone who can supply details (or court transcripts) from any recent penetrations of classified systems, financial systems, or other highly secured systems (not - find one zero day and yer in!). --gf gf __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- How T-Mobil's network was compromised gf gf (Feb 17)
- Re: How T-Mobil's network was compromised Chris Kuethe (Feb 17)
- Re: How T-Mobil's network was compromised Richard Porter (Feb 17)
- Re: How T-Mobil's network was compromised Paul Wouters (Feb 17)
- Re: How T-Mobil's network was compromised Chris Kuethe (Feb 17)
- Re: How T-Mobil's network was compromised Paul Wouters (Feb 18)
- Re: How T-Mobil's network was compromised - Honeypots & Case Studies gf gf (Feb 19)
- Re: Re: How T-Mobil's network was compromised - Honeypots & Case Studies Peter Busser (Feb 23)
- Re: How T-Mobil's network was compromised Richard Porter (Feb 17)
- Re: How T-Mobil's network was compromised Anthony Zboralski (Feb 19)
- Re: How T-Mobil's network was compromised halvar (Feb 19)
- Re: How T-Mobil's network was compromised Anthony Zboralski (Feb 19)
- Message not available
- Re: How T-Mobil's network was compromised Anthony Zboralski (Feb 19)
- Re: How T-Mobil's network was compromised Chris Kuethe (Feb 17)
- Re: How T-Mobil's network was compromised Chris Kuethe (Feb 17)