Comments on: Unknown Threats

By: enterprisedesktopate

enterprisedesktopate — Thu, 23 Oct 2008 17:58:37 +0000

This tip from SearchEnterpriseDesktop.com has some info on tools that can help with malware detection and removal.

By: ysrd

ysrd — Sun, 25 May 2008 01:59:57 +0000

There are things you can do and there are things you can talk about and they are not a common set.
I run two honeypots but they do not trap but they track.
We are in the midst of determining what our true legal actions are. With the recent mini-’cyber war’ in the balkins, with the attacks last year on estonia by russian hackers and with our current analysis placing the cyber war technology of today on the same par as airplanes were in early world war 1 I think that the answer to these questions will become fluid in the months and years to come.

If you are intending to put up a pot of anykind it has to be on your own hardware. And you have to just collect data and stop access to your data but not retaliate against the attacker except to get the info required to later put a criminal or civil case forward or to help law enforcement or governmental oranizations in the future.
Please leave the cyber war to the professionals.

By: papp

papp — Tue, 11 Dec 2007 04:37:50 +0000

Mimic, tagg, and block.

Typically I would follow this with a quote from Liar, Liar, when he was picking up his car from the pound, but I do not want to offend.

I share your frustration. Today’s IT security is riddled with retreating moves of complexity until there is no room to move. To top it off, they expect you to shop at McDonalds when your hungry for tenderloin and baked potato.

By: papp

papp — Tue, 11 Dec 2007 04:21:19 +0000

Back in the day... oh sheeze here I go, we used tarpits and "Hall of Mirrors". Depending on the nature of attacks, or suspicions, and the exposed neighborhood. Tarpits can be damaging. As the name suggests unsuspecting users can get caught in them as well. Start with benign, and work your way up to sticky. Be carefull, I have been told what I was doing was illegal. So if you take tarpits off the list, Hall of Mirrors can be fun with less damage. Mimic an entire operation center and double verify users to pass through to the real servers. Depending on your industry you could go as far as logic bomb-die packs... I love those. They leach beacons so even if they drop, their trail is still visable. All depends on if you want to be feeding your community through a stir stick or start tagging them. To be "civilised" you should listen to the gentleman above. Costly? yes. Fruitless? no. It just rubbs the wrong way when your victimized, report it, and pay for the patch-fix depending on the product, in some cases the fix is 3 months out, or worse, nothing, due to intrinsic code designed to prevent piracy, or backed by lawsuits to expoit, under the guis of free speech (or worse, creativity). Honey only attacks them. Unless your in the security business for sales... why? Participating in a community effort is always a good idea, as long as you recognize that community is most likely a public company legaly bound to show profit, and more profit. Finding long term security companies is like finding the street gang that sided with one "Boss" or another to survive. In most cases they are the best money can buy, just be aware of thier duality even if they are not. I would like to see a security company that does not trade on the market! None of the owners or board members trade on the market, or sell information for trading on the market, or make any revenue other than protecting their customers. That would be a steep bill. aaaa.. what am I saying, good men like that shouldn't set themselves up to be assasinated. IT Templers= Friday the 13th. Or Charge of the Light Brigade? Russian Porn= $ US Porn= $ IT Security= -$ and complexity for governments to monitor. Let me tell you how the dialog would go if you tagged and bagged them.

You- I caught this guy trying to go through our R&D

FBI- How much money was stolen?

You- None, I stopped them

FBI- I am afraid there is nothing I can do. By the way, how did you do it? ...you have the right to remain silent... Do you know that code if copywrite protected by internation law... I am sure the script by now has been changed to phish more before they put on the cuffs, but you get the drift. If your real lucky the perp you caught is to embarassing to prosecute... you! It isn't always about right and wrong. Sometimes you have to consider the fall-out. Canada has one regulator for IT Governance. Easy to petition for change. In the U.S. Identity theift is still a minor offence with anbiguity as far as State law enforcement. I wonder how they handle this in China? U.S.= Charge of the Light Brigade.