[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2FE3228499A87F47ADF0B903A063D7450577A431@bdo-syd-nt-02.bdonsw.local>
Date: Sat, 25 Feb 2006 14:16:48 +1100
From: "Craig Wright" <cwright@...syd.com.au>
To: "Ansgar -59cobalt- Wiechers" <bugtraq@...netcobalt.net>,
<bugtraq@...urityfocus.com>
Subject: RE: Vulnerabilites in new laws on computer hacking
In response to "But if there really *was* a hole that allowed an actual break-in they
would have to do that anyway, because they wouldn't know if anyone had
broken in before and just wiped his tracks, would they?"
There is a world of difference to knowing that you have a vulnerability and knowing you have been attacked and worse compromised.
Each time that a vulnerability is patched you do not rebuild the host. You can not think deteministically that a vulnerability equals a rebuild. At the same time when a systems is compromised you need to start again.
There are always tracks. The best attacker who can cover their tracks using all the best known techniques still leaves tracks - the difference is how effectively they may be tracked back after the event. A drive with files wiped crypographically and with no slack space is still covered with tracks - more so than the simple hacker who does not clear a log file.
None of the above will be generally completed, as I have stated in prior posts - the skills are not widely available. Again I will also state that this is a probabilistic risk function we are talking about. Having a vulnerability equates to a low risk that you have actually been compomised. Being compromised is determinsitic.
Regards
Craig
Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
Powered by blists - more mailing lists