BreachExchange mailing list archives

Re: An amazing use of DLDOS

From: Adam Shostack <adam () homeport org>
Date: Thu, 7 Sep 2006 18:40:47 -0400

On Wed, Sep 06, 2006 at 01:50:52PM -0500, Chris Walsh wrote:
| On Wed, Sep 06, 2006 at 10:24:03AM -0700, George Toft wrote:
| > What would also make the database really useful for research is if we 
| > could categorize the primary (and secondary) causes of the loss.  For 
| > example:
| > pri_cause - laptop theft
| > sec_cause - policy violation
| 
| 
| Forget about sec_cause :^)
| 
| For pri_cause, you often find that it was a compromised web site.  So, that
| could mean an application flaw (SQL injection), a misconfigured web server,
| poor or no authentication, a braindead firewall, etc.  The same logic 
| applies to other compromises.  You get the general "cause", but not what
| really happened.  It is frustrating, but sort of interesting.

I've been thinking for a bit that it would be great if reporters had a
document that helped guide them to ask interesting, probing questions
about these failures.  We might provide similar guideance to the
agencies who accept these reports on what questions they should offer
up on their sites.

Adam
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 337 incidents over 6 years.

Current thread:

An amazing use of DLDOS lyger (Sep 05)
- Re: An amazing use of DLDOS Chris Walsh (Sep 06)
  - Re: An amazing use of DLDOS George Toft (Sep 06)
    - Re: An amazing use of DLDOS Chris Walsh (Sep 06)
    - Re: An amazing use of DLDOS Adam Shostack (Sep 07)
    - Re: An amazing use of DLDOS lyger (Sep 07)
    - Re: An amazing use of DLDOS Al Mac (Sep 07)
    - Re: An amazing use of DLDOS lyger (Sep 07)
    - Re: An amazing use of DLDOS Chris Walsh (Sep 07)
    - Re: An amazing use of DLDOS blitz (Sep 07)