Firewall Wizards mailing list archives
RE: Scare Me !!
From: "Joseph Judge" <joej () ultranet com>
Date: Fri, 18 Jun 1999 22:46:57 -0400
Jody -
Mark Gembecki - War Room Research
ex-analyst from one of the analyst firms. Some big
5's paid for some research (released April). The
complete set of info costs a large amount of $$.
I feel/felt the same way ... I work in a big5. Came
from a financial services firm (fortune500) -- none
there. Too much liability.
Sorry for the delay in rsvp ... was in NYC at a large
financial services company (euro, institutional place). Nice
folks -- no strike back there, either .... ANYMORE.
Used to ... the newer folks (and partially why I'm there)
cleaned out the old crew ... are centralizing things
... and caught that "feature" of their FWs.
I've also been doing some work with spook folks. Some of
the anecdotes "out there" are starting to line up -- based
on some interesting tools that are aiming their way out
to the commerical world (dumbed down, and w/o the offensive
capabilities). Like NFR on steroids, with a SIGINT engine
behind. It makes the hairs on the back of my neck stick up.
- joe
-----Original Message----- From: Jody C. Patilla [mailto:jcp01 () ibm net] Sent: Tuesday, June 15, 1999 7:04 PM To: Joseph Judge; Waszak, Thomas; Ken Hardy; firewall-wizards () nfr net Subject: RE: Scare Me !! At 12:13 PM 6/13/99 -0400, Joseph Judge wrote:supporting anecdotes: - 102 of Fortune 500 have Internet "strike-back" capabilities - the terrorists that hit the Lockerbie flight targetted that exact flight due to the larger numbers of what appeared to be US govt folks as discovered from hacking into a Saaber ticketing systemI have a really hard time believing both of these "anecdotes". I've worked with a fair number of Fortune 500 companies, and none of them had a "strike-back" capability. Think about it - not only is there a huge liability associated with such a concept, most large companies barely have enough security staff to do what's absolutely necessary, let alone "strike back" shenanigans. I know - I read the trade rag article a couple of months ago, about the unnamed company who allegedly sends staff armed with baseball bats after hackers. I didn't believe it, and neither did a lot of other reputable people in the field. I'd also find it alot more plausible that the Libyans who blew up the Lockerbie flight got a passenger list (if they got one at all) through good old social engineering, and not hacking. - jcp
Current thread:
- RE: Scare Me !! Waszak, Thomas (Jun 14)
- RE: Scare Me !! Joseph Judge (Jun 15)
- RE: Scare Me !! Jody C. Patilla (Jun 15)
- RE: Scare Me !! Joseph Judge (Jun 20)
- RE: Scare Me !! Marcus J. Ranum (Jun 15)
- RE: Scare Me !! Eric Budke (Jun 20)
- RE: Scare Me !! Joseph Judge (Jun 20)
- RE: Scare Me !! Jody C. Patilla (Jun 15)
- <Possible follow-ups>
- RE: Scare Me !! andrew . c . howard (Jun 14)
- RE: Scare Me !! sean . kelly (Jun 14)
- Scare Me !! Ken Hardy (Jun 14)
- Re: Scare Me !! Ken Hardy (Jun 14)
- Re: Scare Me !! Lance Spitzner (Jun 14)
- Re: Scare Me !! Alec Muffett (Jun 14)
- Re: Scare Me !! Technical Incursion Countermeasures (Jun 15)
(Thread continues...)
- RE: Scare Me !! Joseph Judge (Jun 15)