Secure Coding mailing list archives

Re: informIT: Building versus Breaking

From: Chris Schmidt <chrisisbeef () gmail com>
Date: Sat, 03 Sep 2011 11:26:16 -0600

On 9/3/2011 11:22 AM, Kevin W. Wall wrote:

On Fri, Sep 2, 2011 at 6:19 PM, Chris Schmidt <chrisisbeef () gmail com> wrote:

On Sep 2, 2011, at 10:44 AM, "Goertzel, Karen [USA]" <goertzel_karen () bah com> wrote:

What we need is to start building software that can fight back. Then we
could become part of "cyber warfare" which is much sexier than "software
assurance". :)

Simple. Owasp esapi + owasp appsensor + honeypot = win

I'd still consider that defensive. If you want" cyber warfare" and are willing
to go over to the dark side, you can define your own custom AppSensor response
actionsto act offensively. For instance, you could easily try to
download malware
to the attacker or mount a DoS attack against them.

Personally, I don't recommend such escalation though, even if it is a
tit-for-tat
strategy. Reacting in that manner is likely to make you a criminal as well.

-kevin

That may be, but there are ways to fight back without breaking the law..
Hence the honeypot, let the attacker exploit the hell out of a system
that does absolutely nothing track all of his movements and gather as
much intel about them as possible - then provided you have good audit
logging you have more information than you can handle about the attack
to forward on to the feds for appropriate vanning. Granted, this is
making some pretty hefty assumptions about the state of the app in
question, the skill of the attacker, and the vanning abilities of the
men in black, but it is far more sexy than purely writing defensive code
alone.
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

Re: informIT: Building versus Breaking, (continued)
- - - Re: informIT: Building versus Breaking Sergio 'shadown' Alvarez (Sep 01)
    - Re: informIT: Building versus Breaking Tom Brennan (Sep 05)
    - Re: informIT: Building versus Breaking iarce (Sep 05)
    - Re: informIT: Building versus Breaking Stephen Craig Evans (Sep 05)
- Re: informIT: Building versus Breaking Arian J. Evans (Sep 01)
- Re: informIT: Building versus Breaking Kevin W. Wall (Sep 01)
- Re: informIT: Building versus Breaking Rafal (Sep 05)
  - Re: informIT: Building versus Breaking Goertzel, Karen [USA] (Sep 05)
    - Re: informIT: Building versus Breaking Chris Schmidt (Sep 05)
    - Re: informIT: Building versus Breaking Kevin W. Wall (Sep 05)
    - Re: informIT: Building versus Breaking Chris Schmidt (Sep 05)