Re: Looking for help against Chinese Hacking Team

[ArcSighter Elite <arcsighter () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adriel T. Desautels wrote:
> Great,
>     If he's looking to stop attacks then he needs to remove the vector
> through which he is being attacked. IPS devices do not remove the
> vector, they make an attempt to prevent the vector from being accessed.
> While I support the use of properly configured and maintained IPS
> technologies, I'd never recommend using them as a method for remediation
> because they are only a method for mitigation.  Sure mitigation is
> great, but its not a fix.
>
>     With respect to your comment about creating properly designed
> parameterized stored procedures, it is not "almost impossible" if you
> architect things properly.  You might be able to change a variable from
> a 1 to a 2 which is technically SQL Injection, but its not usually an
> SQL Injection Attack that is of any use.  The idea here is to prevent
> SQL Injection Attacks not to prevent people from changing variables that
> should be harmless right?
>
>     
>
>
> On Dec 16, 2008, at 8:32 AM, ArcSighter Elite wrote:
>
> RaptorX wrote:
> > > > what Adriel meant was PROPERLY DESIGNED Parameterized Stored
> > > > Procedures, and
> > > > I totally agree with him.
> > > >
> > > > Providing a short time solution is a good idea but you have to finish
> > > > the
> > > > job properly which in the case of a pen-tester would be report and
> > > > provide
> > > > with a viable (permanent) solution.
> > > >
> > > > I also agree partially with Sam, specially windows systems, after
> > > > hacked it
> > > > is a MUCH BETTER idea to rebuild it improving the security of course.
>
> Well, PROPERLY DESIGNED of course if almost impossible, but you think
> this is the case? I repeat myself: he's wishing to stop the attacks, and
> of course I think/hope he'll take the appropriate measures then. IMHO he
> wouldn't be able to fix anything if he is constantly under attack. And
> sure, linux is the best solution, even a win port of apache will do
> better than IIS, again IMHO. Again, SQL injection could result in a host
> compromise, so re-deploying would be the optimal form: ex. instead of
> finding rookits, install clean.
>
> Adriel T. Desautels
> ad_lists () netragard com


Sorry, we got a little communication problem here. I mean PROPERLY
DESIGNED queries is almost impossible to SQL-inject, my bad if you
misunderstood me. I'm sure you can't trusts IDS: I already said it in a
funny way: "they will only stop script-kiddies"; but he must truly
"mitigate" the attack as you said, before taking another long-term
measures. The IDS will also mitigate other attack vectors that may
expose vulnerabilities in his web-app, that may be vulnerable to other
web-based attacks, I already said, XSS, Sessions, Includes, Injections
(LDAP/SQL, etc), and the like.




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJR7aXH+KgkfcIQ8cRAnqJAKDoLK6SBIGeDWKggSoxZ60EYLhm3gCgpPC3
dIOfXBjwnP3u1MYDsEhgoDI=
=rk++
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------