Full Disclosure mailing list archives
Re: All China, All The Time
From: Benji <me () b3nji com>
Date: Fri, 15 Jan 2010 18:48:18 +0000
I'll put it this way. Im an attacker in your network, trying to get access to your "most sensitive information". Ive identified the server that stores this information and Im looking around for keys/passwords etc etc etc. Are you saying it wouldnt help me to know that I needed 5 keys, thus pointing me towards what to look for? On Fri, Jan 15, 2010 at 6:44 PM, Christian Sciberras <uuf6429 () gmail com>wrote:
No, that was actually configuration description; best of luck finding our facility. On Fri, Jan 15, 2010 at 7:42 PM, Benji <me () b3nji com> wrote:Actually you were boasting, it was irrelevant to have what you have as a security precausion. Infact, one could argue that you were making yoursetupinsecure by telling people how you're secured from the get go. On Fri, Jan 15, 2010 at 6:38 PM, Christian Sciberras <uuf6429 () gmail com> wrote:My question was mostly rhetoric, I tried to imply the point on why computers with sensitive information were; 1. not fully up to date (=>from the top of my had, the exploit had several issues in non-standard browser versions?) 2. running internet explorer (=>more known as a target, nothing against MSIE) 3. used to surf the web (=>why else would you be using IE [rhetoric]) 4. not monitored correctly (=>our most sensitive information is stored in a server locked up 5 times, the only way to get in is either getting all the keys or through a remote exploit*) I think the above points violate a couple of rules in security auditing. * I'm not boasting about our configuration; this is very easy to achieve in a company of 5 and one server rack. On Fri, Jan 15, 2010 at 7:08 PM, Peter Besenbruch <prb () lava net> wrote:On Thursday 14 January 2010 21:49:05 Christian Sciberras wrote:"They used an IE exploit to get in." The people at *Google* use *IE*?!! Besides, how does an exploit in IE affect the server?It would affect a person with login rights to a server. This wasn't just an attack on Google, btw, it was an attack on 32 different companies. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: All China, All The Time, (continued)
- Re: Fwd: All China, All The Time Christian Sciberras (Jan 14)
- Re: All China, All The Time Stuart Dunkeld (Jan 13)
- Re: All China, All The Time Michael Holstein (Jan 14)
- Re: All China, All The Time Ivan . (Jan 14)
- Re: All China, All The Time James Matthews (Jan 14)
- Re: All China, All The Time Christian Sciberras (Jan 14)
- Re: All China, All The Time Peter Besenbruch (Jan 15)
- Re: All China, All The Time Christian Sciberras (Jan 15)
- Re: All China, All The Time Benji (Jan 15)
- Re: All China, All The Time Christian Sciberras (Jan 15)
- Re: All China, All The Time Benji (Jan 15)
- Re: All China, All The Time Christian Sciberras (Jan 15)
- Re: All China, All The Time Ivan . (Jan 14)
- Re: All China, All The Time Thor (Hammer of God) (Jan 15)
- Re: All China, All The Time r00t (Jan 15)
- Re: All China, All The Time Marc Maiffret (Jan 15)
- Re: All China, All The Time Stack Smasher (Jan 15)
- Re: All China, All The Time Dan Kaminsky (Jan 15)
- Re: All China, All The Time Marc Maiffret (Jan 15)
- Re: All China, All The Time Christian Sciberras (Jan 18)