Full Disclosure mailing list archives
Re: MS06-019 - How long before this develops into a self propagating email worm
From: schanulleke.29172787 () bloglines com
Date: 12 May 2006 08:11:05 -0000
n3td3v, You wrote:
threat meters:Seriously, threat meters are
a waste of time and should be scraped by all. I am not a big fan of them either unless they are implemented well, meaning there are concrete reasons to go from one state to the other and each state has specific actions attached to them. All the net and IRL threat meters seem to lack these requirements.
Lets call it "paranoia meter" because its heresay, there is no particuler
threat. Just because a vulnerability is wild and not
patched, does not
pose a threat. In terrorism a threat is specific
information that an attack
is being planned. I have to disagree with you definition of a threat here. Threat is the likely hood of something happening if it is planned or not. When I go into certain neighbourhoods of certain places with a lot of gold jewelary showing the threat of being mugged it higher then when I don't show the gold. The consequeces of an event happening are also part of the threat. I have a high chance of taking coffe in the next 30 minutes, but the (negative) consequeces of that so low I do not considered it a threat. Likewise the public knowledge of a vulnerability increases the likelyhood if it being exploited. If the vulnerability has serious consequences (like the current exchange culnerability) the threat is again greater.
Although, the internet threat meters
are lamer than the main land threat meter (and even the
mainland threat
meter is lame), because its completely based on
heresay, theres an unptached
vulnerability, "this could happen, but we
don't have any intelligence whatsoever
that something is being
programmed, but we thought we'd raise the internet
threat level, you
know because theres nothing else happening".
Yes, this is hearsay, like most other intelligence. If it was not hearsay it would again increase the likeliness and the threat.
Although, thats how it
used to be. The "bad guys" have realised now
how much money these cyber
agencies are making out of exploit virii,
that they've decided not to launch
an attack, based on their threat
meters. The only time a real threat will
come is when cyber agencies
are off-watch. Why would an attack be launched
if governments and
businesses are expecting something to happen? The element
of suprise
is as important as the terrorism which gives them the name terrorist.
Thanks for that insight. I feel we might have to make the split between real hackers and the other 95%.
Welcome to the future. Times are changing.
You can create a paranoia
amougst the community, but the new kids on the
block aren't playing a
destructive game of tig between malicious users
and security vendors.
The ball is in the malicious users court. Each time
you raise your
threat level and nothing happens is eating away at the credibility
of
security vendors, although the bad guys always will have a cool nack
of creeping up on everyone when they least expect it.
True, yet the security vendors cannot afford to not make people aware of the current conditions.
Although, has it ever been the case "thanks to your threat meter I
wasn't hacked", or with mainland terrorism "thanks to the terror
meter,
i spotted a terrorist and called the cops and managed to divert
a 9/11
style attack" Unless there are specific actions associated with a threat level it will nota ccomplisch anything. Schanulleke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MS06-019 - How long before this develops into a self propagating email worm schanulleke . 29172787 (May 10)
- Re: MS06-019 - How long before this develops into a self propagating email worm David Taylor (May 10)
- Re: MS06-019 - How long before this develops into a self propagating email worm TheGesus (May 13)
- <Possible follow-ups>
- Re: MS06-019 - How long before this develops into a self propagating email worm schanulleke . 29172787 (May 10)
- Re: MS06-019 - How long before this develops into a self propagating email worm schanulleke . 29172787 (May 12)