Dailydave mailing list archives
Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology
From: sai <sonicsai () gmail com>
Date: Wed, 22 Aug 2007 11:05:09 +0500
On 8/22/07, Dave Aitel <dave.aitel () gmail com> wrote:
1. Hacking has an economy of scale. 10 hackers working together are more productive than 10*1 hacker. Less advanced countries have easier technology to hack - NT 4.0 has unpatchable remote roots on it. Management software is more easily used on modern stuff than old crusty stuff. Technology rots, in other words. And rotted stuff is easy to break. We all know very well how to write Windows 2000 heap overflows. Nico is just getting Vista heap support into Immunity Debugger now.
Less advanced countries dont worry about licences :-) Generally you will not find ANY advertising for PCs with Windows. They all allegedly come installed with (free)DOS or Linux. In fact they usually will have Vista installed. Getting Vista installed on an older PC costs $5 at your corner computer shop.
3. Complexity breeds resilience.
Well, yes, sometimes. It depends... Well connected networks are usually more secure, but generally complexity in components and systems produces vulnerabilities.
People say that hacking the United States and causing damage is easier because more of what the US does is connected, in many cases, to the Internet. However, it's also more resilient - a SCADA system in a country that is less dependent on network technology is harder to reach initially, but you're more likely to find a single point of failure once you do reach it.
Less developed places : the SCADA system was probably built and designed by foreigners, meaning the blueprints may be fairly easy to get, maybe even for free.
5. Having a "target rich environment" overwhelms an attacker's analytical capability. Even understanding one branch of the US military's IT infrastructure is too large a project for even the most well funded non-US attacker.
If you mean that having a very large number of potential targets, of which only a small number have vulnerabilities then yes I would agree with that. sai _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Myth: The US is more vulnerable to information warfare because it is more reliant on information technology Dave Aitel (Aug 21)
- Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology Jeffrey Denton (Aug 21)
- Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology sai (Aug 22)
- Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology Timothy R. Chavez (Aug 22)
- Re: Myth: The US is more vulnerable to information warfare because it is more reliant on information technology Jake Brodsky (Aug 23)