Full Disclosure mailing list archives
Re: n3td3v has a fan
From: n3td3v <xploitable () gmail com>
Date: Wed, 9 Apr 2008 17:49:05 +0100
On Wed, Apr 9, 2008 at 8:06 AM, <malix () hush com> wrote:
First, learn the proper use of the English language before choosing to mouth off with it.
People think english and spelling matters, but its what you say that counts not the way you say it. This is a concept many have failed to grasp in recent times. For instance, I went on Cnet News last night and told them about offline machines: Connected to the internet?: reader comment from n3td3v Posted on: April 8, 2008, 8:10 PM PDT Story: Breaking into a power station in 3 easy steps Computers don't need to be connected to the internet to get infected with the latest and greatest zero-day, someone, a rogue employee downloads code from the internet or makes his own, then uploads it to his memory key, then walks into power station, plugs it in with the intent to infect and hey presto, your infrastructure gets compromised. Valuable lesson: _ALL_ your computers need to be patched against the latest zero-day threats, not just online ones BUT offline systems too. Even computers which will NEVER have an internet connection _still_ need to be patched. The threat from rogue employees and the inside job is far greater than an internet facing computer. Is anyone listening? I've been repeating this for years, the internet isn't the threat, the real number one threat to cyber security is the inside job. Got the message yet? The national infrastructure terrorists want to attack is *permanently offline* and the terrorists know this, but what they also know is those offline systems are *permanently unpatched* because the administrators think the bugs being released by security researchers on-the-internet won't touch offline-machines, think again. The terrorists aren't trying to hit your internet facing stuff, they are far more interested in going after your offline machines, as these are the most important ones. All the best, n3td3v. http://www.news.com/5208-10784_3-0.html?forumID=2&threadID=36712&messageID=396611 [/snip] Now it may look like the above isn't written correctly, but I think I got my point across pretty well. Weather the english, grammar, spell checker police take it seriously is another matter. ;) My online friend who worked in the US Navy for 6 years in cyber security said I should have wrote it like this: ---------- Forwarded message ---------- From: Chris Mills <E-mail Removed> Date: Wed, Apr 9, 2008 at 5:07 AM Subject: Try this To: xploitable () gmail com Computers don't need to be connected to the internet to get infected with the latest and greatest zero-day malware. Insiders are one of the greatest threats to any enterprise: business or government. Consider This: An employee with any amount of access can download code from the internet or make his or her own. With a simple copy to his USB memory key, he then walks into power station, plugs it in with the intent to cause harm. An unpatched, offline system IS vulnerable. Valuable lesson: All your computer systems are vulnerable. They all need to be patched against the latest threats, just as you would patch your internet connected devices. Even computers which will never have an internet connection still need to be patched. The threat from rogue employees and the inside job is far greater than an internet facing computer. This has been seen over and over in news articles and threat reports published by the top security companies. The national infrastructure terrorists want to attack is permanently offline and the terrorists know this, but what they also know is those offline systems are permanently unpatched because the administrators think the bugs being released by security researchers on the internet won't touch offline-machines. This is a dangerous assumption on the part of security administrators. The terrorists aren't trying to hit internet facing devices, they are far more interested in going after offline machines which control far more important devices. This is their gold mine. All the best, n3td3v. [/snip] But I don't agree with him because its not got the same punch and passion. Regards, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: n3td3v has a fan, (continued)
- Re: n3td3v has a fan n3td3v (Apr 08)
- Message not available
- Re: n3td3v has a fan n3td3v (Apr 08)
- Re: n3td3v has a fan Valdis . Kletnieks (Apr 10)
- Re: n3td3v has a fan Razi Shaban (Apr 10)
- Re: n3td3v has a fan Garrett M. Groff (Apr 10)
- Message not available
- Re: n3td3v has a fan n3td3v (Apr 08)
- Re: n3td3v has a fan Pat (Apr 08)
- Re: n3td3v has a fan dickbutt dickbutt (Apr 08)
- Re: n3td3v has a fan Static Rez (Apr 08)
- Re: n3td3v has a fan n3td3v (Apr 09)
- Message not available
- Fwd: n3td3v has a fan DUDE DUDERINO (Apr 09)
- Re: Fwd: n3td3v has a fan n3td3v (Apr 09)
- Re: Fwd: n3td3v has a fan Ureleet (Apr 09)
- Re: Fwd: n3td3v has a fan n3td3v (Apr 09)
- Re: Fwd: n3td3v has a fan Micheal Cottingham (Apr 09)
- Re: Fwd: n3td3v has a fan Ureleet (Apr 09)
- Re: Fwd: n3td3v has a fan G D Fuego (Apr 09)
- Re: Fwd: n3td3v has a fan Valdis . Kletnieks (Apr 10)
- Re: Fwd: n3td3v has a fan n3td3v (Apr 10)
- Re: Fwd: n3td3v has a fan steve menard (Apr 10)