Re: One Hacker Kit Accounts For 71% Of Attacks

i sure hope folks wash their hands after pulling statistics right out of their ass like that.

not to say that it can't be true somehow... but i just hate when comments like that aren't at least somewhat couched with other phrasing. ("according to the majority of IDS log files we've been seeing" or "said a security company who samples from over 1000 honeypots worldwide" etc)

personally, i feel that the vast majority of malicious code and exploits banging around on the intarweb nowadays wouldn't even properly be designated as "attacks" in the first place... it's more automated worms and zombies that merely scan over and over and over looking to exploit other unpatched systems. i guess you could consider that an "attack" (especially if your network is the one being slammed) but it makes about as much sense from a semantic point of view as me saying "yeah, many of the people i work with were attacked by the flu this winter"

NOTE - after i opted to RTFA i now see that it appears they're talking only about "web attacks" whatever the fuck that's supposed to mean. it is unlikely they are referring to exploiting HTTP daemons or webmail systems, but rather setting up traps that leverage browser security holes. this, too, is debatable as far as the title of "attack" is concerned, in my opinion. is digging a pit and covering it with leaves an "attack"? more of a booby-trap, really.

expanded theoretical ranting

a part of me has grown OVERWHELMINGLY cynical and apathetic about web-based exploits and phishing attacks. i know that not everyone online is as savvy as us... but for fuck's sake... the internet is a frontier territory, people, there are few controls and some significant risks if you don't know what you're doing. and if someone can't figure out that it's a bad idea to give out their personal info to strangers then they deserve to part with their money. if someone absolutely insists that their browser must be capable of rendering all kind of code-based bullshit then they deserve to get infected with crap.

i realize that this second point is a bit tricky... as browser extensions are primarily industry-driven. still, the mindset there pains me. companies (microsoft primarily) said to themselves "we're not satisfied with text and images being plainly offered in a static fasion on user's screens... let's add a feature whereby a web site can load a word document directly in the web browser"

this in itself is a fucking retarded notion (as is just about any idea that involves a browser parsing and rendering files which aren't in the HTML family) and then on top of that, it gets implemented badly. next, web site designers start making content that uses this ridiculous new feature. before we know it, the public becomes accustomed to yet another dumbass, out of spec, unnecessary feature of the web.

gah, i'm just ranting here without a lot of structure so i'll kill it there. it's monday and someone did something assinine over the weekend at one of my sites, plus i may have to take someone here to the doctor before i even get to work this morning so i'm just in a frustrated mood.

Re: One Hacker Kit Accounts For 71% Of Attacks

AMEN.

To many people complain about how evil the internet is. "The hackers are so smart...." Then pick up a book and read. I am tired of the mass public wanting to be spoon feed information. The lack of curiosity and the desire to learn is what is making them the easy target.

Re: One Hacker Kit Accounts For 71% Of Attacks

of course, we are slightly over-simplifying here. while i'm a fan of the comparison to, say, the north american frontier during the 19th century, the analogy doesn't apply perfectly. back then, it was quite obvious that beyond the western borders of established states the population was less "civilized" and far less regulated by law and social norms of the east. naturally, someone like a retired grandmother wouldn't venture out there under almost any circumstances. she (or her family) would have the good sense to recognize that such a land was no place for her... it held inherent dangers that could overwhelm her and she lacked the skill and knowledge to make it out there.

however, there would be little, if any, reason for a person like this to venture to the frontier. any product or service that she could need would be available in merchant shops back east. the internet, however, is increasingly becoming an unavoidable aspect of life... even for our hypothetical retired grandmother. sending and receiving email may be the only way such a person nowadays might get to regularly speak with grandchildren. want to get family members the exact specific gifts they want for the holidays? again, the internet may be the only way to do that (possibly even the most convenient way for someone who is home-bound)

i'll admit, however, that it is pretty dumb to assume that just because you can make a life-service web-enabled that it's a good idea to do so. in our hypothetical, i wouldn't think that it's smart for grandma to be going online to refill her prescriptions, manage her social secuirty benefits, or balance her checkbook. some things work perfectly well in the brick-and-mortar / snail-mail world. trying to push someone onto the internet when they had a perfectly workable and useful solution before is just a bad idea.

so i think we can understand why people without proper training and skill wind up online... the real culprit isn't them (simply for being there) but vendors and businesses who think "well, now that the public uses computers, let's just fire all of our phone staff and downsize our mail operations... people can conduct all their business via email and the web!"

Re: One Hacker Kit Accounts For 71% Of Attacks

Just because you can do something, doesn't mean you should.

Far too often people get caught in the whizzbang of new tech and fail to properly evaluate the needs of themselves and the consumers. You see this alot with things like PDA's. I remember making a killing selling Palm devices back in the day to execs and salesman. Most had to have one as if they were the cure for cancer, but most spent more time brow beating it to work to their methods than gaining any functionality. Their productivity dropped over the previous pen and paper methods.

As deviant pointed out, just because you can web enable a service, doesn't mean you should

Re: One Hacker Kit Accounts For 71% Of Attacks

russians say "Don't overtake if you are not sure" or something like that
this principle is universal.
somebody don't have to dive at the vortex of the www, i mean nowadays the choice is needed untill hypothetical retired grandmothers still exist. This question will become unsufficient for next generations.