Re: Looking for help against Chinese Hacking Team

["Adriel T. Desautels" <ad_lists () netragard com>]

Comments are embedded below.

On Dec 15, 2008, at 9:34 AM, ArcSighter Elite wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mike Hale wrote:
> > You volunteering Tom?  ;)
> >
> > On 12/13/08, Tom Le <dottom () gmail com> wrote:
> > > On Fri, Dec 12, 2008 at 6:22 PM, Mike Hale <eyeronic.design () gmail com 
> > > >
> > > wrote:
> > > > Your choices are cheap, fast and properly.
> > > >
> > > > Pick two.
> > > > ;)
> > > Yes, often quoted, but not necessarily always true.
> > >
> > > You can get pro bono work from security experts who are "fast" and  
> > > know what
> > > they are doing.  But you would have to trust them to some degree  
> > > depending
> > > on what information is needed.
>
> Well, I agree with list, $200 won't get you far.

I think/hope he was talking about $200/hr.

> If you require professional services that would seem a joke, at  
> least to
> me.
> In the mean time, this is what I think.
>
> Yes, consider porting, we won't debate linux vs win here, but linux is
> securer and easier to adapt, you know.
> Second, what company are you working for that doesn't provide an
> incident response politic and team? They should do this, for any
> non-trivial business process.
> Third, review logs, do forensics, trace the attack vector and in some
> very few cases, the source of the attack. If you're only interested in
> securing the web site then the attack vector is the main target you  
> have
> to identify. Don't blindly trust in automated products, they will give
> you false positives and negatives; those cases a human being will spot
> and assess accurately. Set up and configure a IDS (Snort and Encase  
> will
> do fine) and configure SQL injection detection rules, for example,  
> this
> is in the most cases will evade only script-kiddies, the way I known,
> but I will provide you with another layer of security, I don't think  
> you
> have many of them.

Thats a waste of time and resources.  Don't waste your time tracking  
down the ways that an insecure application can be attacked. Implement  
security then find weaknesses that were missed.

> Lastly, consider going downtime, and set up a honey with the web
> server's IP and DNS, then analyze the honey, and determine the source.

Why would anyone do that? Its not like he can track down and beat up  
the hackers. He needs to prevent the attacks from working.  Thats bad  
advice man.

> That's all I can figure out in the moment.
>
> Sincerely.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJRmr7H+KgkfcIQ8cRAmZPAKCtg+r8OpMcn2EcP5Ro7Kt4nn0PrwCgshI0
> zFxOBJgGy/V69tONVRcvyBU=
> =/BXl
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------

Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------