Re: Re: [fw-wiz] Highlighting Security Issues
firewalladmin_at_bellsouth.net
Date: 08/06/04
- Previous message: Dave Piscitello: "Re: Re: [fw-wiz] Highlighting Security Issues"
- Maybe in reply to: Victor Williams: "Re: [fw-wiz] Highlighting Security Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Marcus J. Ranum" <mjr@ranum.com> Date: Fri, 6 Aug 2004 15:03:24 -0400
Now that's a scarey picture Marcus. The real scarey part is how very possibly it would be to create such a tool. I suppose it would be possible to detect with the right AV or IDS signatures, and possibly stripped at SMTP Gateways, but based on the large number of unpatched and unprotected systems out there it would certainly find it's way into a few networks. This kind of program/tool would probably find it's heaviest use by skilled hackers and unethical systems administrators who surgically plant/run it against a select few. Imagine a scenerio where a foreign government persuads a disgruntled sysadmin (either through social engineering or for monetary reward) to "frame" a higher level government official in such a way as to remove him form his job? Your thoughts?
Mark
From: "Marcus J. Ranum" <mjr@ranum.com>
Date: 2004/08/06 Fri PM 01:41:19 EDT
To: <firewalladmin@bellsouth.net>, Victor Williams <vbwilliams@neb.rr.com>
CC: <firewall-wizards@honor.icsalabs.com>
Subject: Re: Re: [fw-wiz] Highlighting Security Issues
firewalladmin@bellsouth.net wrote:
>And would you fake screenshots of stock quotes or would fake screenshots of porn if you were trying to get a guy in trouble?
Incompetence is not an offense in the government. If you're trying to get
someone in trouble, you need to make it look like they're committing a
bona-fide offense, not just something that's going to bring them a mild
wrist-slapping. In today's climate, making them appear to be involved in
child porn, or terrorism would be better.
Hmmm.... This makes me wonder about the shifts to the balance of
power that might happen if someone introduced a tool intended to
introduce spurious "evidence" for such a purpose. Stuff the victim's
cache with kiddie-porn, load their history, create an encrypted virtual
disk of snuff movies (with a crackable password) and perhaps a few
recipes for radiologic bombs... Then the tool could automatically
dime them out to HR and the FBI.. Such a tool could make a great offensive
weapon _or_ defensive weapon, once its existence was known.
"Someone must have gotten my hard disk with Cthulhu4.0! I swear!"
now becomes a an effort in plausible deniability.
mjr.
Mark F.
MCP, CCNA
"You can spend your life any way you want... But you can only spend it once."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dave Piscitello: "Re: Re: [fw-wiz] Highlighting Security Issues"
- Maybe in reply to: Victor Williams: "Re: [fw-wiz] Highlighting Security Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
