Re: How Sharing Thwarts Hacks

[InfoSec News <isn () c4i org>]

Forwarded from: H C <keydet89 () yahoo com>
Cc: dennis_fisher () ziffdavis com

It occurs to me...no amount of information sharing will be effective
until the information is actually used for some purpose.

And to be honest, we already know how most of the compromises are
taking place...via publicly known vulnerabilities, and publicly
available exploits.  The only "secret" information is who (which orgs)
is actually succumbing to the attacks.

Case in point(s): The directory transversal exploit to IIS was known
for a while, but was exploited by sadmin/IIS worm, and others.  
Machines are *still* falling to this exploit.  Microsoft, and others,
have endorsed the common sense procedure of disabling unnecessary
services, yet admins still fell to Code Red in record numbers...when
simply disabling the ida/idq script mapping (which most of them
weren't/aren't using anyway) would have protected them.

The adage, "You can lead a horse to water but you can't make him
drink" comes to mind.  Set up an encrypted version of iMesh or Kazaa
or whatever you want to share files...the fact remains that security
will remain the red-headed stepchild of IT, and will not receive the
necessary resources (funding, time, personnel, etc).  Consulting firms
will continue to dominate the landscape when it comes to security.


--- InfoSec News <isn () c4i org> wrote:
> http://www.eweek.com/article2/0,3959,825430,00.asp
>
> By Dennis Fisher
> January 13, 2003 
>
> Two Harvard University security researchers have developed a model
> showing that enterprises that share their sensitive data about
> network attacks and security breaches are less attractive targets
> and, hence, less likely to be attacked.
>
> The paper, to be presented later this month at the Financial
> Cryptography conference in Gosier, Guadeloupe, supports the U.S.  
> government's contentions about the importance of sharing attack
> data.  But it also concludes that many of the benefits that can
> accrue from such an arrangement won't be realized soon.
>
> "I absolutely believe that there's value in information sharing, and
> I think that value will grow," said Stuart Schechter, a doctoral
> candidate in computer science at Harvard, in Cambridge, Mass., and
> co-author of the paper. "I think the change [toward information
> sharing] will be driven by insurance companies, who will offer lower
> premiums for companies that share."

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.