Full Disclosure mailing list archives
RE: Calcuating Loss
From: Scott Taylor <security () 303underground com>
Date: Wed, 12 May 2004 11:32:12 -0600
Do you know how many people have unconfigured and therefore wide open wireless access points in the same county as me? Well over 2000. The number of configured though not necessarily secure is over 5000. That is all less than 20 miles from home. And I didn't even bother to map out most of the side streets. I doubt any of those are really bothering to keep or even know what a logfile is. Yeah lets get a good record of who has their ip address, so that the FBI can come drag them off when someone parks in their neighborhood and blasts out malware pleasantly stamped with their ip address. In fact with a good antenna and amplifier one could do that from over a mile away. You could do that and not even know where the poor sucker hosting your temporary internet connection is. Just nailing down a few addresses is not going to solve the problem, i'm afraid. On Wed, 2004-05-12 at 09:56, Schmidt, Michael R. wrote:
Well one of the biggest issues that allows people to remain anonymous is DHCP. If everyone on the internet was required to get a static IP address, or to log which IP they were using - using a secure technology then everyone could be tracked, sure a few "super" hackers could still manage to escape detection I am sure, but there is nothing that is the equivalent of a drivers license on the internet. Sure there would still be criminals using stolen credentials, but IPs are handed out based on location or where you dialed in from. Dialing in can be traced using caller ID, wireless by IP and base station proximity, so just like today, people would have a alibi for the time and place the criminal used their identity. What we need is something that you have to log into (securely) or your DHCP is revoked immediately. And of course static IPs are well, static and since they are routed, routes can be logged and therefore trackable. So again it is anonymity that causes most of the grief. If all code had to be signed, then you'd know who wrote it, and running unsigned code would be your own stupid fault. If you replace a part on some new cars with a non-manufacturers part, you void the warranty. But when you run unsigned downloaded for free or sent through email code on your dell, who do you call and expect to fix it when it stops working? The end user is the moron, we require no test to get on the internet and yet we let more people anonymously sign on the net everyday.
<stuff deleted> -- Scott Taylor - <security () 303underground com> A woman went into a hospital one day to give birth. Afterwards, the doctor came to her and said, "I have some... odd news for you." "Is my baby all right?" the woman anxiously asked. "Yes, he is," the doctor replied, "but we don't know how. Your son (we assume) was born with no body. He only has a head." Well, the doctor was correct. The Head was alive and well, though no one knew how. The Head turned out to be fairly normal, ignoring his lack of a body, and lived for some time as typical a life as could be expected under the circumstances. One day, about twenty years after the fateful birth, the woman got a phone call from another doctor. The doctor said, "I have recently perfected an operation. Your son can live a normal life now: we can graft a body onto his head!" The woman, practically weeping with joy, thanked the doctor and hung up. She ran up the stairs saying, "Johnny, Johnny, I have a *wonderful* surprise for you!" "Oh no," cried The Head, "not another HAT!" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Calcuating Loss, (continued)
- RE: Calcuating Loss Schmidt, Michael R. (May 12)
- Re: Calcuating Loss Valdis . Kletnieks (May 12)
- RE: Calcuating Loss Frank Knobbe (May 12)
- RE: Calcuating Loss Gary E. Miller (May 12)
- RE: Calcuating Loss Frank Knobbe (May 12)
- RE: Calcuating Loss Gary E. Miller (May 12)
- RE: Avoiding traceability (was: Calculating Loss) Frank Knobbe (May 12)
- RE: Avoiding traceability (was: Calculating Loss) Ron DuFresne (May 13)
- Re: Calcuating Loss Valdis . Kletnieks (May 13)
- RE: Calcuating Loss Schmidt, Michael R. (May 12)