RE: Heisenberg in the honeypot

[Harlan Carvey <keydet89 () yahoo com>]

Chuck,

Thanks for the response...

> This principle is flawed.  If you apply this
> principle to a different
> subject as well, let say, police sting operations,
> Then this would become a
> valid defense effectivly making All Sting operations
> Illegal.

Interesting.  Are you saying that the HUP is flawed,
or the application I'm proposing is flawed?

Either way, I think what you've brought up is a very
good analogy...people do bad stuff, knowing that there
are things such as sting operations.  However, that's
not quite what I'm asking...what I'm asking is if
anyone out there believes that simply b/c honeypots
are known to exist, are *new* exploits and techniques
being withheld from large scale use.  With police
sting operations, there are no new techniques they are
countering...the operations are set up around
well-known actions/habits of individuals and groups.
 
> The point of a Honeypot is that you make it look as
> real as possible.  That
> way the Cracker doesn't know its a honeypot.  The
> more we have out here on
> the Internet the safer everyone will be because
> there is a greater chance of them getting caught.

I agree, to a point.  Let's say I have a lab, and I've
discovered something entirely new...not based on brute
force or password cracking or anything like that, but
entirely new.  If I had nefarious intentions, I would
most likely test it in a lab, and then test it against
other systems in a controlled manner.  I might even
refine that technique in the lab.  If I were then to
release it outside of the lab, say, use it to gain
access to networks other than my own, I wouldn't
release it as part of a worm...I would target specific
 infrastructures where the value of the information
exceeded the level of effort I had to expend.  I would
also target only those systems that I knew were
managed in a less-than-secure nature...and didn't have
honeypots.