Full Disclosure mailing list archives
Re: MS06-019 - How long before this develops into a self propagating email worm
From: n3td3v <n3td3v () gmail com>
Date: Thu, 11 May 2006 18:22:25 +0100
On 5/10/06, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
threat meters:
Seriously, threat meters are a waste of time and should be scraped by all. UK has said it will never implement a terrorism threat meter, as the Bush administration already does to create a sense of public fear when the political climate requires the government to have public support on issues. It is known that U.S government has rasied the threat meter when their poll rating is low, to get the public on-side that "we know more than you do, just trust us." propaganda. Would a threat meter have stopped 9/11 from happening? And what do you do if the meter goes to "high alert"? Are folks supposed to stop their everyday lives and start looking at everyone who looks of eastern origin in a paranoia frenzy? On 7/7 the London bombings, the government and security services were caught by suprise, they had no idea about "the threat" yet innocent folks died and the city of London went into lock down over fears of further attacks, so much so, an innocent member of the public was shot, because the police thought he was a potential suicide bomber. He wasn't, the police had commited a murder, because of fear, the fear and paranoia the terrorists wanted the government and the public to have, they won in London, and the terrorists won in American too. Look at the way America has reacted, in the same way the UK government and intelligence services have. In the way the terrorists planned it to be. To create a fear, a paranoia, a terror in the minds of everyone. Threat meters, what do they do? They play the role of the terrorist, bring fear, let the public know the terrorists are around. Even though only one building in one city or one train in one city would be target, the whole entire nation is put on an artifical "high state of alert". The government of U.S don't even say "high state of alert for X city", they just have some threat meter covering the entire U.S The same goes for the internet. We're always being told that terrorism will one day come to cyber terrorism and hit governments and businesses hard. Yet no specific targets are ever mentioned. Its a threat meter for all, everyone, the so-called cyber security agencies can't even give estimates or likely ness of attack, they just rasie a threat meter to create a hype and a need to buy the products X security company has on offer to "protect consumers and corporations from imminent attack". Lets call it "paranoia meter" because its heresay, there is no particuler threat. Just because a vulnerability is wild and not patched, does not pose a threat. In terrorism a threat is specific information that an attack is being planned. Although, the internet threat meters are lamer than the main land threat meter (and even the mainland threat meter is lame), because its completely based on heresay, theres an unptached vulnerability, "this could happen, but we don't have any intelligence whatsoever that something is being programmed, but we thought we'd raise the internet threat level, you know because theres nothing else happening". Basically, the cyber security companies are creating a hype to be suggestive to malicious users, and of course the malicious users will often bow to such a threat level and release an exploit worm to the wild. Although, thats how it used to be. The "bad guys" have realised now how much money these cyber agencies are making out of exploit virii, that they've decided not to launch an attack, based on their threat meters. The only time a real threat will come is when cyber agencies are off-watch. Why would an attack be launched if governments and businesses are expecting something to happen? The element of suprise is as important as the terrorism which gives them the name terrorist. I conclude to say, the cyber security companies, were once good at their predictve attack guesstimations, but no longer. In today's climate (right now) folks are more than aware of whats going on around. No longer will the would-be exploit virii offer play lap puddle to cyber security agencies, mcafee, symantec, trendmicro, us-cert and the others. Attacks will come at the least expected point. Attacks won't come based on code you guys are "aware" of. Attacks will come without warning. Attacks will coem when you least expect it. Attacks will never be predicted, will never have an early warning for, will always be a suprise from now on. Welcome to the future. Times are changing. You can create a paranoia amougst the community, but the new kids on the block aren't playing a destructive game of tig between malicious users and security vendors. The ball is in the malicious users court. Each time you raise your threat level and nothing happens is eating away at the credibility of security vendors, although the bad guys always will have a cool nack of creeping up on everyone when they least expect it. Rasie your threat meters, you're spoiling your own business by doing so, malicious users the more they hold off attacks, the more security vendors will be damaging their own credibility. It makes sense to allow security vendors to keep raising their threat levels everytime. If the threat level is raised before something happens, then the job of the terrorist is done, there is no need for attack. If security vendors kept their threat meters and hype at green for say 6 months, even during times of zero-day, then that would push hackers to launch attacks, but as soon as you raise your meters for zero-day and no actual intelligence that a virii attack is being actively programmed by named individual(s), then theres no likihood that an attack will appear. Security vendors, scrap your threat meters, they only prevent you making money. Your "threat meters" are playing into the hands of the terrorists, the hackers, the script kids, the vxers. Although, has it ever been the case "thanks to your threat meter I wasn't hacked", or with mainland terrorism "thanks to the terror meter, i spotted a terrorist and called the cops and managed to divert a 9/11 style attack" Take carez, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: MS06-019 - How long before this develops into a self propagating email worm Juha-Matti Laurio (May 10)
- Re: MS06-019 - How long before this develops into a self propagating email worm n3td3v (May 11)
- Re: MS06-019 - How long before this develops into a self propagating email worm bkfsec (May 11)
- Re: MS06-019 - How long before this develops into a self propagating email worm n3td3v (May 11)
- Re: MS06-019 - How long before this develops into a self propagating email worm Valdis . Kletnieks (May 11)
- Re: MS06-019 - How long before this develops into a self propagating email worm n3td3v (May 11)
- Re: MS06-019 - How long before this develops into aself propagating email worm David Litchfield (May 11)
- Re: MS06-019 - How long before this develops into a self propagating email worm n3td3v (May 11)
- <Possible follow-ups>
- Re: MS06-019 - How long before this develops into a self propagating email worm Juha-Matti Laurio (May 10)