Firewall Wizards mailing list archives
RE: Scare Me !!
From: "Joseph Judge" <joej () ultranet com>
Date: Fri, 18 Jun 1999 22:46:57 -0400
Jody - Mark Gembecki - War Room Research ex-analyst from one of the analyst firms. Some big 5's paid for some research (released April). The complete set of info costs a large amount of $$. I feel/felt the same way ... I work in a big5. Came from a financial services firm (fortune500) -- none there. Too much liability. Sorry for the delay in rsvp ... was in NYC at a large financial services company (euro, institutional place). Nice folks -- no strike back there, either .... ANYMORE. Used to ... the newer folks (and partially why I'm there) cleaned out the old crew ... are centralizing things ... and caught that "feature" of their FWs. I've also been doing some work with spook folks. Some of the anecdotes "out there" are starting to line up -- based on some interesting tools that are aiming their way out to the commerical world (dumbed down, and w/o the offensive capabilities). Like NFR on steroids, with a SIGINT engine behind. It makes the hairs on the back of my neck stick up. - joe
-----Original Message----- From: Jody C. Patilla [mailto:jcp01 () ibm net] Sent: Tuesday, June 15, 1999 7:04 PM To: Joseph Judge; Waszak, Thomas; Ken Hardy; firewall-wizards () nfr net Subject: RE: Scare Me !! At 12:13 PM 6/13/99 -0400, Joseph Judge wrote:supporting anecdotes: - 102 of Fortune 500 have Internet "strike-back" capabilities - the terrorists that hit the Lockerbie flight targetted that exact flight due to the larger numbers of what appeared to be US govt folks as discovered from hacking into a Saaber ticketing systemI have a really hard time believing both of these "anecdotes". I've worked with a fair number of Fortune 500 companies, and none of them had a "strike-back" capability. Think about it - not only is there a huge liability associated with such a concept, most large companies barely have enough security staff to do what's absolutely necessary, let alone "strike back" shenanigans. I know - I read the trade rag article a couple of months ago, about the unnamed company who allegedly sends staff armed with baseball bats after hackers. I didn't believe it, and neither did a lot of other reputable people in the field. I'd also find it alot more plausible that the Libyans who blew up the Lockerbie flight got a passenger list (if they got one at all) through good old social engineering, and not hacking. - jcp
Current thread:
- RE: Scare Me !! Waszak, Thomas (Jun 14)
- RE: Scare Me !! Joseph Judge (Jun 15)
- RE: Scare Me !! Jody C. Patilla (Jun 15)
- RE: Scare Me !! Joseph Judge (Jun 20)
- RE: Scare Me !! Marcus J. Ranum (Jun 15)
- RE: Scare Me !! Eric Budke (Jun 20)
- RE: Scare Me !! Joseph Judge (Jun 20)
- RE: Scare Me !! Jody C. Patilla (Jun 15)
- <Possible follow-ups>
- RE: Scare Me !! andrew . c . howard (Jun 14)
- RE: Scare Me !! sean . kelly (Jun 14)
- Scare Me !! Ken Hardy (Jun 14)
- Re: Scare Me !! Ken Hardy (Jun 14)
- Re: Scare Me !! Lance Spitzner (Jun 14)
- Re: Scare Me !! Alec Muffett (Jun 14)
- Re: Scare Me !! Technical Incursion Countermeasures (Jun 15)
(Thread continues...)
- RE: Scare Me !! Joseph Judge (Jun 15)