Dailydave mailing list archives

Re: How T-Mobil's network was compromised - Honeypots & Case Studies

From: gf gf <unknownsoldier93 () yahoo com>
Date: Sat, 19 Feb 2005 21:30:05 -0800 (PST)

Interesting talk about risk and trust.  I think at a
certain point, we reach the limits of technology and
engineering, and need to get into the more
(soft-skilled) domain of risk management.  Right,
T-Mobil can ship a trojanned version of PGP.  But even
if we could somehow prevent that, other things can go
wrong - agents can take bribes.  After a certain
point, it's about reducing risk, not provable
impossibility.

*But*, I'd like to address the initial question as
well.  A lot of knowledge has been amassed on the
majority of attacks - simple, one shot vulnerabilites.
 But we have very little communal research and
documentation about the high level attacks, the ones
that succeed on highly protected, multiple lines of
defense, systems.  I think, as a community, we'd
benefit a lot from learning about these.

To quote the Honeynet Project:
6. What about advanced blackhats, have you captured
their activity?
No. The vast majority of activity the Honeynet Project
captures is mainly script-kiddie threats. These are
individuals, organizations, or automated tools (such
as worms) that randomly scan millions of systems for
known vulnerabilities, then attack anything then find
vulnerable. In general, these threats are motivated to
compromise as many systems as possible. We have
captured very little on advance threats, individuals
who target specific systems of high value.
http://www.honeynet.org/misc/faq.html#faq6

I think this is a big gap in the community's knowledge
base.  Of course, many have personal experience or
knowledge - from either side of the fence - in these
types of cases.  But we'd all gain from some more
"case studies" as well.  (my 2 cents).  and I'll
reitirate my request for anyone who can supply details
(or court transcripts) from any recent penetrations of
classified systems, financial systems, or other highly
secured systems (not - find one zero day and yer in!).

--gf gf


                
__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

How T-Mobil's network was compromised gf gf (Feb 17)
- Re: How T-Mobil's network was compromised Chris Kuethe (Feb 17)
  - Re: How T-Mobil's network was compromised Richard Porter (Feb 17)
    - Re: How T-Mobil's network was compromised Paul Wouters (Feb 17)
    - Re: How T-Mobil's network was compromised Chris Kuethe (Feb 17)
    - Re: How T-Mobil's network was compromised Paul Wouters (Feb 18)
    - Re: How T-Mobil's network was compromised - Honeypots & Case Studies gf gf (Feb 19)
    - Re: Re: How T-Mobil's network was compromised - Honeypots & Case Studies Peter Busser (Feb 23)
    - Re: How T-Mobil's network was compromised Anthony Zboralski (Feb 19)
    - Re: How T-Mobil's network was compromised halvar (Feb 19)
    - Re: How T-Mobil's network was compromised Anthony Zboralski (Feb 19)
    - Message not available
    - Re: How T-Mobil's network was compromised Anthony Zboralski (Feb 19)
    - Re: How T-Mobil's network was compromised Chris Kuethe (Feb 17)