Full Disclosure mailing list archives
RE: Please post to the list
From: "b0iler _" <b0iler () hotmail com>
Date: Fri, 22 Nov 2002 14:41:17 -0700
I received one response (so far) to my request to explain how "black hats" would propose I keep my network secure. I would appreciate it if responses could at least be cc'd to the list so they can be discussed openly.
My request still stands. Any takers?
I'll take the bait. This is a pretty nonsense question. Of course if it was up to a blackhat they would allow you to have an insecure network. But lets think for a second about a few common goals of some blackhat actions.
way #1 for blackhats to secure your network:Take down the network. No network = secure network. Many blackhat's goal is to DoS the network so it cannot be used.
way #2 for blackhats to secure your network:Comprise it and then improve security. Once a blackhat has control of a system then they tend to want to keep it away from other blackhats, so they will secure the system moreso than it was before. (who says blackhats have to cause damage? there are good blackhats with the ethic of doing no damage. some even break in just for fun!)
way #3 for blackhats to secure your network:Tell you about it. Not all blackhats want to break into every box. Some only have a few targets and do not care about any other systems. Some are nice people, who don't always play by societies views of what is right and wrong. - depends on how you define blackhat/whitehat.
Some say whitehat = anyone who helps security at all and blackhat = anyone who hurts security at all. (aka (in idiots terms) greyhat).
Others say whitehat = anyone who helps security without ever hurting it and blackhat = anyone who hurts security without ever helping it.
way #4 for blackhats to secure your network:Comprise it and get detected. This will cause your boss or yourself to force security to be improved. May even point out something which you did not know was a problem before.
Blackhats are not one group of cookie cutter people. Their goals, ethics, and techniques vary. Not all of them want to cause harm. Not all of them want your box to be insecure. Same with whitehats, not all wish to make money. not all are script kidies.
_________________________________________________________________STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Please post to the list Schmehl, Paul L (Nov 22)
- Re: Please post to the list Day Jay (Nov 22)
- <Possible follow-ups>
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list Day Jay (Nov 22)
- Re: Please post to the list Alexander Bartolich (Nov 22)
- RE: Please post to the list b0iler _ (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- Re: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 23)
- RE: Please post to the list ratel (Nov 23)
- Re: Please post to the list John Andersen (Nov 23)
- RE: Please post to the list Schmehl, Paul L (Nov 23)