Dailydave mailing list archives

Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology

From: sai <sonicsai () gmail com>
Date: Wed, 22 Aug 2007 11:05:09 +0500

On 8/22/07, Dave Aitel <dave.aitel () gmail com> wrote:


1. Hacking has an economy of scale. 10 hackers working together are
more productive than 10*1 hacker. Less advanced countries have easier
technology to hack - NT 4.0 has unpatchable remote roots on it.
Management software is more easily used on modern stuff than old
crusty stuff. Technology rots, in other words. And rotted stuff is
easy to break. We all know very well how to write Windows 2000 heap
overflows. Nico is just getting Vista heap support into Immunity
Debugger now.


Less advanced countries dont  worry about licences  :-)
Generally  you will not find ANY advertising for PCs with Windows.
They all allegedly come installed with (free)DOS or Linux. In fact
they usually  will have Vista installed.  Getting Vista installed on
an older PC costs $5 at your corner computer shop.

3. Complexity breeds resilience.


Well, yes, sometimes. It depends... Well connected networks are
usually  more secure, but generally complexity in components and
systems produces vulnerabilities.

People say that hacking the United
States and causing damage is easier because more of what the US does
is connected, in many cases, to the Internet. However, it's also more
resilient - a SCADA system in a country that is less dependent on
network technology is harder to reach initially, but you're more
likely to find a single point of failure once you do reach it.


Less developed places : the SCADA system was probably built and
designed by foreigners, meaning the blueprints may be fairly easy to
get, maybe even for free.

5. Having a "target rich environment" overwhelms an attacker's
analytical capability. Even understanding one branch of the US
military's IT infrastructure is too large a project for even the most
well funded non-US attacker.


If you mean that having a very large number of potential targets, of
which only a small number have vulnerabilities then yes I would agree
with that.

sai
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Myth: The US is more vulnerable to information warfare because it is more reliant on information technology Dave Aitel (Aug 21)
- Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology Jeffrey Denton (Aug 21)
- Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology sai (Aug 22)
- Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology Timothy R. Chavez (Aug 22)
- Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology Jake Brodsky (Aug 23)