Re: Cert warns of automated attacks

[InfoSec News <isn () c4i org>]

Forwarded from: security curmudgeon <jericho () attrition org>
cc: cert () cert org

Random comments from the peanut gallery. I'm tired and grumpy, so bear
with me.

> http://www.vnunet.com/News/1130755
>
> By James Middleton [09-04-2002]
>
> Hacking tools are becoming increasingly sophisticated
>
> The Computer Emergency Response Team (Cert) has released a report
> pinpointing the six fastest evolving trends in the black hat world
> of internet security.
>
> The organisation, which has been monitoring hacker activity since
> 1998, found that the most notable trend to evolve over recent years
> is the automation and speed of attack tools.

CERT has been around for over a decade, and they are monitoring
'hacker activity' for only the last five? Jeez, either that is serious
errata or CERT is full of slackers that overlooked a key part of their
function.

> Although widespread scanning over the internet has been common since
> 1997, today's tools are set to maximise impact and speed.
>
> Freely available attack tools now exploit vulnerabilities as part of
> the scanning process and are capable of self-initiating new attacks
> on a well-managed and co-ordinated global scale.

"now"? This has been going on a lot longer than people realize or
admit. ADM did a proof of concept 'worm' that hit 1 or 2 linux vulns
that spread for a while some 3+ years ago.

> Public communications protocols such as IRC and Instant Messenger
> have now become popular methods for co-ordinating attack tools.

This warning, and the last about "social engineering over irc!!"
really do cry out "we're desperate for attention". Remote root
vulnerabilities flying across Bugtraq left and right, while CERT is
resigning itself to pure shit advisories. Why?

> The increasing permeability of firewalls is also posing a problem,
> as security is being sacrificed to convenience. More technologies
> are being designed to bypass firewalls, such as IPP (the Internet
> Printing Protocol) and WebDAV (Web-based Distributed Authoring and
> Versioning).

Lets see here..

IPP: RFC 2568, by S. Zilles of Adobe Systems Inc.
WebDAV: RFC 2518, by Microsoft, UC Irvine, Netscape, Novell

Adobe, who likes to forego security in favor of litigating.. and then
we have Microsoft and others.

And don't forget SOAP!!

Anyone else remember the SOAP "documentation"?

"Currently, developers struggle to make their distributed applications
work across the Internet when firewalls get in the way.  Since most
firewalls block all but a few ports, such as the standard HTTP port
80, all of today's distributed object protocols like DCOM suffer.."

I love it when these companies with big security initiatives are
behind entire protocols designed to bypass firewalls. Funny that CERT
doesn't mention the culprits of these protocols. Oh yeah, they are
sissies. Nevermind.

> Analyst firm Computer Economics recently estimated that the total
> economic impact of Code Red was $2.6bn, and that SirCam cost another
> $1.3bn. The 11 September attacks will cost around $15.8bn to restore
> IT and communication infrastructure.

Oh great firm to quote. "Computer Economics", the company that has
absolutely ZERO economists on their staff. Jeez.

I bet they are sure experts on all things related to economics.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.