Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: morning_wood should stop posting xss

From: Jason <security () brvenik com>
Date: Fri, 25 Jul 2003 12:21:09 -0400
[snip]


Consider then the concept of a 'Honey Token'
http://securityfocus.com/infocus/1713





Yet, the article states that these are more of a 'insider threat'
monitoring tool.  Few if any honeytokens would probably ever be exposed to
the internet at large.



Why not?

Example:
tokens for account info in an extranet application, easily catches sql injection, brute force attacks, intellectual property theft... 

Just some possibilities for this:

portals
customer accts
inactive web pages
fake confidential documents
...

J





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: