Dailydave mailing list archives
Re: We got owned by the Chinese and didn't even get a "lessons learned"
From: Steve Wilson <S.Wilson () eris qinetiq com>
Date: Wed, 24 May 2006 15:55:29 +0100
</delurk> On Wednesday 24 May 2006 12:42, Dave Aitel wrote:
I was talking to an anonymous source yesterday at a large government organization
<snip>
* prevent the W32.backdoor.whatever from running or connecting outbound, which requires that the attacker not use a known trojan or listening post (a five minute change) So essentially, the only part of network security that protected you against this was a human component. Some random dude got suspicious and picked it up. Perhaps this was the thousandth time it was used. It certainly wasn't the first.
A large government organisation with no egress firewalling policy? No restrictive and monitored outbound proxies? What sort of a perimeter is that[1]? Please tell me that this isn't a network hosting any classified material...
Protecting networks against worms is a valuable thing. But it's not security, and I think events like this are a wake up call to what the technology you've deployed actually can do.
OK, I'm a pedant - so I can't let that slip by. If protecting networks against worms (or even deliberate targetted attacks) isn 't security, what is it? ;-p Re: deployed technology - if you've got firewalls to block incoming stuff - why not also use them to block outgoing traffic? What, you "trust" users?? What a strange concept... ;-) </relurk> Cheers, Steve. [1] Not a very good one, obviously. ;-p -- -------------------------------------------------------------- Steve Wilson Senior Security Consultant QinetiQ, St Andrews Road Malvern, WR14 3PS Tel: (01684 89) 4153 Fax: (01684 89) 7417 --------------------------------------------------------------- 'The views expressed herein are entirely those of the writer and do not represent the views, policy or understanding of any other person or official body.' --------------------------------------------------------------- 'The information contained in this e-mail and any subsequent correspondence is private and is intended solely for the intended recipient(s). For those other than the intended recipient any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on such information is prohibited and may be unlawful.' ---------------------------------------------------------------
Attachment:
_bin
Description:
Current thread:
- We got owned by the Chinese and didn't even get a "lessons learned" Dave Aitel (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Joanna Rutkowska (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Nicolas RUFF (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Joanna Rutkowska (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" val smith (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Nicolas RUFF (May 25)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" mark (May 25)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Nicolas RUFF (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Joanna Rutkowska (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Martin Johns (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Etaoin Shrdlu (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Andrew Simmons (May 24)
- Re: We got owned by the Chinese and didn't even get a"lessons learned" Halvar Flake (May 24)
- Re: We got owned by the Chinese and didn't even get a"lessons learned" Etaoin Shrdlu (May 24)
- air gap vs. covert channels (was: We got owned by the Chinese...) Joanna Rutkowska (May 24)