Full Disclosure mailing list archives

RE: Please post to the list

From: "b0iler _" <b0iler () hotmail com>
Date: Fri, 22 Nov 2002 14:41:17 -0700

I received one response (so far) to my request to explain how "black
hats" would propose I keep my network secure.  I would appreciate it if
responses could at least be cc'd to the list so they can be discussed
openly.

My request still stands.  Any takers?

I'll take the bait. This is a pretty nonsense question. Of course if itwas up to a blackhat they would allow you to have an insecure network. Butlets think for a second about a few common goals of some blackhat actions.


way #1 for blackhats to secure your network:

Take down the network. No network = secure network. Many blackhat's goalis to DoS the network so it cannot be used.


way #2 for blackhats to secure your network:

Comprise it and then improve security. Once a blackhat has control of asystem then they tend to want to keep it away from other blackhats, so theywill secure the system moreso than it was before. (who says blackhats haveto cause damage? there are good blackhats with the ethic of doing nodamage. some even break in just for fun!)


way #3 for blackhats to secure your network:

Tell you about it. Not all blackhats want to break into every box. Someonly have a few targets and do not care about any other systems. Some arenice people, who don't always play by societies views of what is right andwrong. - depends on how you define blackhat/whitehat.

Some say whitehat = anyone who helps security at all and blackhat = anyonewho hurts security at all. (aka (in idiots terms) greyhat).

Others say whitehat = anyone who helps security without ever hurting it andblackhat = anyone who hurts security without ever helping it.


way #4 for blackhats to secure your network:

Comprise it and get detected. This will cause your boss or yourself toforce security to be improved. May even point out something which you didnot know was a problem before.

Blackhats are not one group of cookie cutter people. Their goals, ethics,and techniques vary. Not all of them want to cause harm. Not all of themwant your box to be insecure. Same with whitehats, not all wish to makemoney. not all are script kidies.


_________________________________________________________________

STOP MORE SPAM with the new MSN 8 and get 2 months FREE*http://join.msn.com/?page=features/junkmail


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Please post to the list Schmehl, Paul L (Nov 22)
- Re: Please post to the list Day Jay (Nov 22)
- <Possible follow-ups>
- RE: Please post to the list Schmehl, Paul L (Nov 22)
  - RE: Please post to the list Day Jay (Nov 22)
  - Re: Please post to the list Alexander Bartolich (Nov 22)
- RE: Please post to the list b0iler _ (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- Re: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 23)
- RE: Please post to the list ratel (Nov 23)
  - Re: Please post to the list John Andersen (Nov 23)
- RE: Please post to the list Schmehl, Paul L (Nov 23)