Another NT crack (yawn)

[InfoSec News <isn () C4I ORG>]

http://www.theregister.co.uk/content/8/17344.html

By: John Leyden
Posted: 05/03/2001 at 15:54 GMT

The battleground between security vendors and crackers is shifting as
attacks are becoming more likely to come in at the application rather
than infrastructure level, according to a security firm which keeps
close tabs on the digital underground.

According to Kenneth De Spiegeleire, consulting manager at Internet
security Systems (ISS) who heads a teams of ethical hackers, crackers
get more kudos if they sniff out Web server or ecommerce applications
than when they exploit operating system flaws.

"'Black Hat' hackers have almost lost interest in Windows NT exploits
because they're becoming so common. If someone finds a flaw with a
serious ecommerce application they'll get much more attention," he
said.

This means that protecting bespoke ecommerce applications and guarding
against the dozens of exploits that use peer to peer networks, such as
Napster, are becoming more important security concerns, he added.

Despite all the publicity about Web page defacement, De Spiegeleire
said his firm's clients were far more concerned about a security
compromise that they don't detect rather than such "door rattling" by
script kiddies.

ISS, whose main business is in security assessment and intrusion
detection products, believes that 60-70 per cent of those in the
digital underground are unable to do anything more than follow simple
scripts or instructions, and are thus labelled script kiddies. One in
five could be described as "security professional wannabes" with more
knowledge.

Only one in ten members of the digital underground is capable of
finding and writing an exploit that takes advantage of a security
vulnerability. Around one per cent of the entire community are classed
as "super crackers", state or company paid criminals who works in the
shadows, and whose work seldom comes to the attention of the wider
world.

To illustrate his point that "innovation" is slow to comes from
crackers, De Spiegeleire, said AT&T researchers highlighted inherent
security weaknesses in the design of TCP in 1989 but these flaws in
authentication were only first exploited six years later, by Kevin
Mitnick, in 1995.

"A lot of hackers overstate themselves, there's few who know a system
inside out and therefore where the weak spots are," said De
Spiegeleire.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".