Full Disclosure mailing list archives
Re: morning_wood should stop posting xss
From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 25 Jul 2003 13:35:38 -0500 (CDT)
[snip]Consider then the concept of a 'Honey Token' http://securityfocus.com/infocus/1713Yet, the article states that these are more of a 'insider threat' monitoring tool. Few if any honeytokens would probably ever be exposed to the internet at large.Why not? Example: tokens for account info in an extranet application, easily catches sql injection, brute force attacks, intellectual property theft... Just some possibilities for this: portals customer accts inactive web pages fake confidential documents ...
Alright, I'll grant that in these semi restricted environs one might also make use of such toys, yet, again, these are not open to to all public consumption applications, and a variation on the 'insider threat' scenario. Additionally, if you create false records in a database, and monitor and log accesses to those records, the rest of the data is probably still available for exploit and consumption, nothing has really been stopped or prevented, though it's attempted access might have been logged. Honeypots, in their various forms, are placed for tracking abuse and logging of activities for later analysis and perhaps replay, they are not preventive measures, nor are they IDS/IPS kind of systems. If prevention is combined within the toy, then you have created something altogether different. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: morning_wood should stop posting xss, (continued)
- Re: Re: morning_wood should stop posting xss Knud Erik Højgaard (Jul 24)
- RE: Re: morning_wood should stop posting xss Altheide, Cory B. (Jul 24)
- Re: Re: morning_wood should stop posting xss Jeremiah Cornelius (Jul 24)
- Re: morning_wood should stop posting xss Valdis . Kletnieks (Jul 24)
- Re: morning_wood should stop posting xss morning_wood (Jul 25)
- RE: Re: morning_wood should stop posting xss Gerald Cody Bunch (Jul 24)
- RE: Re: morning_wood should stop posting xss Ron DuFresne (Jul 25)
- Re: Re: morning_wood should stop posting xss morning_wood (Jul 25)
- Re: morning_wood should stop posting xss Jason (Jul 25)
- Re: morning_wood should stop posting xss madsaxon (Jul 25)
- Re: morning_wood should stop posting xss Ron DuFresne (Jul 25)
- Re: morning_wood should stop posting xss morning_wood (Jul 25)
- Re: HoneyTokens - WAS - morning_wood should stop posting xss Jason (Jul 25)
- Re: HoneyTokens - WAS - morning_wood should stop posting xss Ron DuFresne (Jul 29)
- Re: morning_wood should stop posting xss Jeremy Gaddis (Jul 26)
- RE: Re: morning_wood should stop posting xss Ron DuFresne (Jul 25)