Re: Re: Highlighting Security Issues

[<firewalladmin () bellsouth net>]

Now that's a scarey picture Marcus. The real scarey part is how very possibly it would be to create such a tool. I 
suppose it would be possible to detect with the right AV or IDS signatures, and possibly stripped at SMTP Gateways, but 
based on the large number of unpatched and unprotected systems out there it would certainly find it's way into a few 
networks. This kind of program/tool would probably find it's heaviest use by skilled hackers and unethical systems 
administrators who surgically plant/run it against a select few. Imagine a scenerio where a foreign government persuads 
a disgruntled sysadmin (either through social engineering or for monetary reward) to "frame" a higher level government 
official in such a way as to remove him form his job? Your thoughts?

Mark

From: "Marcus J. Ranum" <mjr () ranum com>
Date: 2004/08/06 Fri PM 01:41:19 EDT
To: <firewalladmin () bellsouth net>, Victor Williams <vbwilliams () neb rr com>
CC: <firewall-wizards () honor icsalabs com>
Subject: Re: Re: [fw-wiz] Highlighting Security Issues

firewalladmin () bellsouth net wrote:
> And would you fake screenshots of stock quotes or would fake screenshots of porn if you were trying to get a guy in 
> trouble?

Incompetence is not an offense in the government.  If you're trying to get
someone in trouble, you need to make it look like they're committing a
bona-fide offense, not just something that's going to bring them a mild
wrist-slapping. In today's climate, making them appear to be involved in
child porn, or terrorism would be better.

Hmmm.... This makes me wonder about the shifts to the balance of
power that might happen if someone introduced a tool intended to
introduce spurious "evidence" for such a purpose. Stuff the victim's
cache with kiddie-porn, load their history, create an encrypted virtual
disk of snuff movies (with a crackable password) and perhaps a few
recipes for radiologic bombs... Then the tool could automatically
dime them out to HR and the FBI.. Such a tool could make a great offensive
weapon _or_ defensive weapon, once its existence was known.
"Someone must have gotten my hard disk with Cthulhu4.0! I swear!"
now becomes a an effort in plausible deniability.

mjr.


Mark F.
MCP, CCNA
"You can spend your life any way you want... But you can only spend it once."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards