Announcement

Collapse
No announcement yet.

One Hacker Kit Accounts For 71% Of Attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • One Hacker Kit Accounts For 71% Of Attacks

    From a Dr. Dobbs article. Excerpts:

    The "Q406 Roll-up" is a security headache because the exploits are heavily encrypted, say experts.

    A multi-exploit hack pack was responsible for nearly three-fourths of all Web-based attacks during December, a security company said Tuesday.
    "Men entrusted with power, even those aware of its dangers, tend, particularly when pressured, to slight liberty." - , The Church Committee, April 26 (legislative day, April 14), 1976

  • #2
    Re: One Hacker Kit Accounts For 71% Of Attacks

    Originally posted by liberator View Post
    A multi-exploit hack pack was responsible for nearly three-fourths of all Web-based attacks during December, a security company said Tuesday.
    i sure hope folks wash their hands after pulling statistics right out of their ass like that.

    not to say that it can't be true somehow... but i just hate when comments like that aren't at least somewhat couched with other phrasing. ("according to the majority of IDS log files we've been seeing" or "said a security company who samples from over 1000 honeypots worldwide" etc)

    personally, i feel that the vast majority of malicious code and exploits banging around on the intarweb nowadays wouldn't even properly be designated as "attacks" in the first place... it's more automated worms and zombies that merely scan over and over and over looking to exploit other unpatched systems. i guess you could consider that an "attack" (especially if your network is the one being slammed) but it makes about as much sense from a semantic point of view as me saying "yeah, many of the people i work with were attacked by the flu this winter"

    NOTE - after i opted to RTFA i now see that it appears they're talking only about "web attacks" whatever the fuck that's supposed to mean. it is unlikely they are referring to exploiting HTTP daemons or webmail systems, but rather setting up traps that leverage browser security holes. this, too, is debatable as far as the title of "attack" is concerned, in my opinion. is digging a pit and covering it with leaves an "attack"? more of a booby-trap, really.

    expanded theoretical ranting

    a part of me has grown OVERWHELMINGLY cynical and apathetic about web-based exploits and phishing attacks. i know that not everyone online is as savvy as us... but for fuck's sake... the internet is a frontier territory, people, there are few controls and some significant risks if you don't know what you're doing. and if someone can't figure out that it's a bad idea to give out their personal info to strangers then they deserve to part with their money. if someone absolutely insists that their browser must be capable of rendering all kind of code-based bullshit then they deserve to get infected with crap.

    i realize that this second point is a bit tricky... as browser extensions are primarily industry-driven. still, the mindset there pains me. companies (microsoft primarily) said to themselves "we're not satisfied with text and images being plainly offered in a static fasion on user's screens... let's add a feature whereby a web site can load a word document directly in the web browser"

    this in itself is a fucking retarded notion (as is just about any idea that involves a browser parsing and rendering files which aren't in the HTML family) and then on top of that, it gets implemented badly. next, web site designers start making content that uses this ridiculous new feature. before we know it, the public becomes accustomed to yet another dumbass, out of spec, unnecessary feature of the web.

    gah, i'm just ranting here without a lot of structure so i'll kill it there. it's monday and someone did something assinine over the weekend at one of my sites, plus i may have to take someone here to the doctor before i even get to work this morning so i'm just in a frustrated mood.
    Last edited by Deviant Ollam; January 29, 2007, 06:44.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

    Comment


    • #3
      Re: One Hacker Kit Accounts For 71% Of Attacks

      and if someone can't figure out that it's a bad idea to give out their personal info to strangers then they deserve to part with their money
      AMEN.

      To many people complain about how evil the internet is. "The hackers are so smart...." Then pick up a book and read. I am tired of the mass public wanting to be spoon feed information. The lack of curiosity and the desire to learn is what is making them the easy target.
      -=FireWalker=-

      Comment


      • #4
        Re: One Hacker Kit Accounts For 71% Of Attacks

        of course, we are slightly over-simplifying here. while i'm a fan of the comparison to, say, the north american frontier during the 19th century, the analogy doesn't apply perfectly. back then, it was quite obvious that beyond the western borders of established states the population was less "civilized" and far less regulated by law and social norms of the east. naturally, someone like a retired grandmother wouldn't venture out there under almost any circumstances. she (or her family) would have the good sense to recognize that such a land was no place for her... it held inherent dangers that could overwhelm her and she lacked the skill and knowledge to make it out there.

        however, there would be little, if any, reason for a person like this to venture to the frontier. any product or service that she could need would be available in merchant shops back east. the internet, however, is increasingly becoming an unavoidable aspect of life... even for our hypothetical retired grandmother. sending and receiving email may be the only way such a person nowadays might get to regularly speak with grandchildren. want to get family members the exact specific gifts they want for the holidays? again, the internet may be the only way to do that (possibly even the most convenient way for someone who is home-bound)

        i'll admit, however, that it is pretty dumb to assume that just because you can make a life-service web-enabled that it's a good idea to do so. in our hypothetical, i wouldn't think that it's smart for grandma to be going online to refill her prescriptions, manage her social secuirty benefits, or balance her checkbook. some things work perfectly well in the brick-and-mortar / snail-mail world. trying to push someone onto the internet when they had a perfectly workable and useful solution before is just a bad idea.

        so i think we can understand why people without proper training and skill wind up online... the real culprit isn't them (simply for being there) but vendors and businesses who think "well, now that the public uses computers, let's just fire all of our phone staff and downsize our mail operations... people can conduct all their business via email and the web!"
        "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
        - Trent Reznor

        Comment


        • #5
          Re: One Hacker Kit Accounts For 71% Of Attacks

          Originally posted by Deviant Ollam View Post
          so i think we can understand why people without proper training and skill wind up online... the real culprit isn't them (simply for being there) but vendors and businesses who think "well, now that the public uses computers, let's just fire all of our phone staff and downsize our mail operations... people can conduct all their business via email and the web!"
          Just because you can do something, doesn't mean you should.

          Far too often people get caught in the whizzbang of new tech and fail to properly evaluate the needs of themselves and the consumers. You see this alot with things like PDA's. I remember making a killing selling Palm devices back in the day to execs and salesman. Most had to have one as if they were the cure for cancer, but most spent more time brow beating it to work to their methods than gaining any functionality. Their productivity dropped over the previous pen and paper methods.

          As deviant pointed out, just because you can web enable a service, doesn't mean you should
          Never drink anything larger than your head!





          Comment


          • #6
            Re: One Hacker Kit Accounts For 71% Of Attacks

            russians say "Don't overtake if you are not sure" or something like that
            this principle is universal.
            somebody don't have to dive at the vortex of the www, i mean nowadays the choice is needed untill hypothetical retired grandmothers still exist. This question will become unsufficient for next generations.

            PGP Key ID:0x6113CBE6
            PGP Fingerprint:92AE C7A5 26B6 DD99 5688 84AD 5524 D919 6113 CBE6

            Comment

            Working...
            X