lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040720203700.46006.qmail@web51707.mail.yahoo.com>
From: lathama at lathama.com (Andrew Latham)
Subject: Re: Motivations... (was IE now on-topic

Thank you. 

I was fishing for info and found a gold mine. So to put it very vaugly we could
say that greed, anger, or boredom.

So as a moralist/agnostic geek - translated - I truely do understand most all
of the sides and agree with everyone to a degree

What are the important things to think about to secure any client.

1. Leaving employees.
2. Current employees.
3. Targeted systems (how interesting do I look to a black hat.)
4. Financial gain - how to apply this vaugly to most clients?


-- Valdis.Kletnieks@...edu wrote:
> On Tue, 20 Jul 2004 12:36:06 PDT, Andrew Latham said:
> 
> > 1. Boredom - more brains than hobbies
> > 2. Needs 
> > - burstable bandwidth - downloads
> > - knowledge
> > - bragin rights
> > 3. Challenges
> > 4. Other
> 
> You're equating "black hat" with one subset thereof, more or less.  It's a
> lot
> more complicated in the real world...
> 
> I'd posit that the goals and motivations of the black hat can be classified
> in
> three wide ranges, with totally different threat models:
> 
> 1) "type of target" - you don't care who's box it is - you want "any suitable
> zombie", "any suitable Windows/IIS server", "any suitable Solaris box".
> 
> 2) "identity of target" - The target has been selected because it's a server
> for company X, or you want to deface the webpage for organization Y, or it's
> payback time for black-hat Z.
> 
> 3) "monetary/related gain" - you really don't care who the target is, it's
> all
> about the paycheck - whether it's 500K zombies created by a virus-for-pay, or
> a
> hacking run against a server that has credit card numbers on it...
> 
> Notice that there can be overlap - a black hat engaging in (2) or (3) may
> very
> well want to pick up a collection of type (1) stepping-stone machines to
> launch
> the attack from.
> 
> Also, a target can be in different categories at the same time - it can be
> probed by a script kiddie looking for zombies, while at the same time it's
> being targeted by a disgruntled ex-employee and a professional criminal.
> 
> Understanding the differences is important - a defense sufficient to stop the
> random probing (1) won't slow down either of the other two.  However, the
> professional criminal is more likely to nail you with a 0-day - but will move
> along if they decide the risk/payoff ratio is bad (they see you have enough
> network monitors to nail their ass in court, they're outta there ;).  The
> disgruntled ex-staffer may not have a 0-day - but they may well decide it's a
> personal issue and *keep* attacking when a professional would move on...
> 
> 

> ATTACHMENT part 2 application/pgp-signature 



=====
*----------------------------------------------------------*
Andrew Latham AKA: LATHAMA (lay-th-ham-eh) - LATHAMA.COM
LATHAMA@...HAMA.COM - LATHAMA@...OO.COM
If yahoo.com is down we have bigger problems than my email!
*----------------------------------------------------------*


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ