the ISC, the URL, and SOB's
Results 1 to 6 of 6

Thread: the ISC, the URL, and SOB's

  1. #1
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185

    the ISC, the URL, and SOB's

    Hello,

    I was just out on the SANS ISC (http://isc.sans.org/) and was reading an interesting post in the diary. (There are links on the site which help clarify the story. Browse to it for more.) This is it:

    Our handler Lorna Hutcheson, in her diary from December 7th, noted the dangers of posting URLs, in particular clickable URLs, on our site. To drive the point home, he added a "suspect" URL, and we tracked how many people clicked on it.We had about 1,000 users click on the link. 80% used the same browser they used to read the diary, so I consider them "production browsers". 10% used "safe browsers" like wget. The remainders are bots/search engines that followed the link.Most people who responded to the diary noted that they do need access to malicious code (and malicious URLs) in order to be able to block them at their web proxies, or that they use safe browsers to access suspicious links. We will continue to post links in our diaries. It is up to the particular handler to decide if it is appropriate to obfuscate the URL, post a partial URL, or not post it at all if it is deemed not appropriate or too risky.

    About 20-40,000 users typically read a diary, so 1,000 is not all that large of a number, but still considerable.
    This reminds me of a post someone put here on AO a few weeks back about when the ISC was recording how many people were using IE and were vulnerable to an attack. The point in that post was that people that read the ISC diaries are mostly security minded... at least that is what you would think.

    I found the diary today very amusing and thought I should share.

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  2. #2
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Amusing and very sad. I downloaded the link...USING WGET on the command line and then analyzed the code. I saw these stats too...and was very depressed.

    Just proves that folks other than security types are visiting the ISC site and not realizing what they are doing. sigh

  3. #3
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    I love too that she tells you not to click it and people still did! I can't believe it!

    ...
    ..
    .

    So I clicked on it about 50 times to see what would happen... the response wasn't fast enough - so I clicked about 50 more times and then put my soda in that drink holder that comes with the computer, while stepping on that foot pedal to make the computer go faster!

    If you're in the clicking mood...

    http://download.lardlad.com/sounds/s.../kingsize5.mp3

    Woo-hoo!
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  4. #4
    Member
    Join Date
    Jun 2004
    Posts
    37
    I know Lorna, and I know she wouldn't do anything malicious on purpose. However, I do think it to be interesting that SANS would purposely do that. Kinda shady...

  5. #5
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Originally posted here by kcore
    ... However, I do think it to be interesting that SANS would purposely do that. Kinda shady...
    I'm not sure I would call it shady. I think they did a very good thing. It opened the eyes of the users of that website. Many users of that site likely think they know everything about IT Security. This went to prove that the people thought of as professional or experts, may not always be.

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  6. #6
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Originally posted here by kcore
    However, I do think it to be interesting that SANS would purposely do that. Kinda shady...
    ...shady for only for people who clicked the link.

    I agree with deeboe that it was a good little social engineering 'test'...and we Internet citizens failed (not me personally...I used WGET ). Just shows how little progress has been made to educate people about Internet security. sigh.

    I wonder how many security folk vs non-sec folk clicked that link...hrm.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •