Penetration Testing mailing list archives
Re: Looking for help against Chinese Hacking Team
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Tue, 16 Dec 2008 10:36:12 -0500
Great,So then it looks like we're in agreement on what "harveyfrank" should do. Do you by chance have any affiliation with ArcSight?
On Dec 16, 2008, at 9:09 AM, ArcSighter Elite wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adriel T. Desautels wrote:Great, If he's looking to stop attacks then he needs to remove the vector through which he is being attacked. IPS devices do not remove thevector, they make an attempt to prevent the vector from being accessed.While I support the use of properly configured and maintained IPStechnologies, I'd never recommend using them as a method for remediationbecause they are only a method for mitigation. Sure mitigation is great, but its not a fix. With respect to your comment about creating properly designed parameterized stored procedures, it is not "almost impossible" if youarchitect things properly. You might be able to change a variable froma 1 to a 2 which is technically SQL Injection, but its not usually an SQL Injection Attack that is of any use. The idea here is to preventSQL Injection Attacks not to prevent people from changing variables thatshould be harmless right? On Dec 16, 2008, at 8:32 AM, ArcSighter Elite wrote: RaptorX wrote:what Adriel meant was PROPERLY DESIGNED Parameterized Stored Procedures, and I totally agree with him.Providing a short time solution is a good idea but you have to finishthe job properly which in the case of a pen-tester would be report and provide with a viable (permanent) solution. I also agree partially with Sam, specially windows systems, after hacked itis a MUCH BETTER idea to rebuild it improving the security of course.Well, PROPERLY DESIGNED of course if almost impossible, but you thinkthis is the case? I repeat myself: he's wishing to stop the attacks, and of course I think/hope he'll take the appropriate measures then. IMHO he wouldn't be able to fix anything if he is constantly under attack. Andsure, linux is the best solution, even a win port of apache will dobetter than IIS, again IMHO. Again, SQL injection could result in a hostcompromise, so re-deploying would be the optimal form: ex. instead of finding rookits, install clean. Adriel T. Desautels ad_lists () netragard comSorry, we got a little communication problem here. I mean PROPERLY DESIGNED queries is almost impossible to SQL-inject, my bad if youmisunderstood me. I'm sure you can't trusts IDS: I already said it in afunny way: "they will only stop script-kiddies"; but he must truly "mitigate" the attack as you said, before taking another long-term measures. The IDS will also mitigate other attack vectors that may expose vulnerabilities in his web-app, that may be vulnerable to other web-based attacks, I already said, XSS, Sessions, Includes, Injections (LDAP/SQL, etc), and the like. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJR7aXH+KgkfcIQ8cRAnqJAKDoLK6SBIGeDWKggSoxZ60EYLhm3gCgpPC3 dIOfXBjwnP3u1MYDsEhgoDI= =rk++ -----END PGP SIGNATURE-----
Adriel T. Desautels ad_lists () netragard com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- RE: Looking for help against Chinese Hacking Team, (continued)
- RE: Looking for help against Chinese Hacking Team George M. Garner Jr. (Dec 16)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 18)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Message not available
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 16)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 16)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 16)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 16)
- Re: Looking for help against Chinese Hacking Team Mike (Dec 18)
- Re: Looking for help against Chinese Hacking Team David Howe (Dec 18)
- Re: Looking for help against Chinese Hacking Team p4ssion (Dec 18)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- RE: Looking for help against Chinese Hacking Team George M. Garner Jr. (Dec 16)