Ask Fyodor Your Network Security Questions 274
Fyodor is the driving force behind Insecure.org and the top-rated Nmap network exploration and security auditing tool. He's also involved in The Honeynet Project (and is a coauthor of the project's book, Honeynet: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community). One question per post, please. We'll run Fyodor's answers to 10 of the highest-moderated questions as soon as he gets them back to us.
Assurance, not blocking attacks (Score:5, Insightful)
Naturally, fighting in the dirt with the black hats is a lot "sexier" and more entertaining than building highly robust and reliable systems which will guarantee future security. The popularity of honeypots with security hobbyists (as opposed to researchers) seems to be a result of this: people enjoy seeing the attacker flummoxed, feeling superior to him, defeating him. Yet this doesn't really result in the improvement of security against new attacks, and it arguably distracts from that purpose.
I'm interested to know where you see progress in security assurance, as opposed to scanning or blocking of old, known attacks. Who else, besides OpenBSD, is in the camp of improving the guarantees that systems provide their users: guarantees such as W^X, packet normalization, and so forth?
Re:Weakest link: Between systems and people (Score:3, Insightful)
It ain't the same thing...
--
Simon
Re:Weakest link: Between systems and people (Score:4, Insightful)
Users tend to ignore such warnings because similar warnings appear far too often for invalid reasons. This is not a new problem; Aesop wrote about the boy who cried wolf.
Re:Recent increases in anal-retentiveness... (Score:2, Insightful)
HTH.
Re:IPv6 (Score:3, Insightful)
Not been adopted by whom?
No, most companies/endpoints haven't adopted it, but most of the major equipment manufacturers (Cisco, Lucent, etc) have and have equipment available for it. It's in use by the University/Research-only "Internet2" currently. The major backbone providers are in the process of slowly switching to it.
Sure, it'd be cheaper to invent another standard now and move to that on a widescale basis than to adopt IPv6, switch to it, and then adopt a new standard and switch to THAT, but you're talking about another decade at this point, minimum.
Developing new standards takes awhile, and having people actually implement them in a non-buggy fashion takes even longer. Develop IPv10 right now (yes, v7, v8, and v9 are already in development) and you're probably talking about implementation in 20 years. By which time we'll know enough about what's broken with it to make the same argument about implementation.
Re:Super-DMCA (Score:4, Insightful)
FFS, what a stupid question
Re:Have you ever been tempted to use your gifts (Score:3, Insightful)
Fyodor responded by using information disclosure vulnerabilities in yahoo email to find the originating IP address of the Slashdot prankster (SumDeusExMachine) who was at the time a college student based on the Pacific coast. SDEM was using an open X server for windows, MI/X, with no security enabled. Fyodor quickly scanned SDEM's box, found the open X server, and attached to it, monitoring SDEM's life for nine hours. He took many screen shots of SDEM's machine and posted them to his web site, insecure.org.
A lot of personal information was revealed in these screenshots, including the existence and ip address of a "secret troll irc server", which was running an irc bot capable of tracking and posting new stories. Jamie McCarthy used the information disclosed by Fyodor's attack to log onto this server, discover the new-story-bot, and modify Slashdot to break the troll's new-story-robot.
So in short, Fyodor has an open record of malicious entry, and Slashdot's admins have used the information he has gleaned to combat Slashdot trolling.
What you have to understand is that illegal and malicious hacking won't land you in jail. The FBI won't prosecute interstate computer hacking unless there are $5000 or more in damages. In this case, there were no damages, rending the "crime" unprosecuteable. Whether this makes the perpetrator a whitehat, greyhat, or blackhat is an exercise for the reader.