Re: morning_wood should stop posting xss

[Ron DuFresne <dufresne () winternet com>]

> [snip]
>
> > > Consider then the concept of a 'Honey Token'
> > > http://securityfocus.com/infocus/1713
> >
> >
> > Yet, the article states that these are more of a 'insider threat'
> > monitoring tool.  Few if any honeytokens would probably ever be exposed to
> > the internet at large.
>
> Why not?
>
> Example:
>
> tokens for account info in an extranet application, easily catches sql
> injection, brute force attacks, intellectual property theft...
>
> Just some possibilities for this:
>
> portals
> customer accts
> inactive web pages
> fake confidential documents
> ...

Alright, I'll grant that in these semi restricted environs one might also
make use of such toys, yet, again, these are not open to to all public
consumption applications, and a variation on the 'insider threat'
scenario.  Additionally, if you create false records in a database, and
monitor and log accesses to those records, the rest of the data is
probably still available for exploit and consumption, nothing has really
been stopped or prevented, though it's attempted access might have been
logged.  Honeypots, in their various forms, are placed for tracking abuse
and logging of activities for later analysis and perhaps replay, they are not
preventive measures, nor are they IDS/IPS kind of systems.  If prevention
is combined within the toy, then you have created something altogether
different.



Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html