A security Leakage?? - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: A security Leakage??

  1. #11
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    I agree with you nihil....But let me remind you again...the server ( which seems to have removed,) was a site of the largest Mobile service Provider in INDIA. And anyone who will even think of getting root on that system will not attack with robots...yes, he might design one asfter he come to know all about how to get there. But the attacks on those type of system,s have to be MANUALLY. ANd I think there are still manual aqttacks existing ..... or am I worng?? So it is always bad to show your server details in any manner. And that too when it will be opened by a lot of people some of which might be CRACKERs???

    Peace.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  2. #12
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by nihil
    Hmmmm,

    It is really a question of degrees, is it not?.................... after all, you can safely assume that 80% or more of computers on the net are running some flavour of Windows, and that this will be 98SE or later.



    Windows 2000 Pro SP4, fully patched as of August 2006

    Does that help you?................not really

    What would potentially be of use would be what services and applications I am running?

    However, I still maintain that the majority of attacks these days are of a robotic nature, at least at their inception. Consequently, information on my OS is irrelevant, as it is never gathered. The bot only wants to know if the exploit works......................it really does not care why
    The operating system and applications/services go hand in hand in my books... If everyone was as robotic as you state then Pen Testers would be out of a job... Why have someone pen test by hand when no one else is doing that... Highly unlikely... the skiddies out there are running automated scripts and yes they account for a decent number of attacks but there's more serious stuff out there... and those are the things that people should be worried about protecting themselves from.... and I'm not necessarily talking about people at home.. I'm talking about businesses... Is it good that I know that 8 months ago CIBC was using Windows NT on all of their ATMs? I wouldn't think so...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #13
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hey, jockey~ please think about this:

    The bigger they are, the more open they are?................ After all, your guys aren't going to be running Windows 95 are they?

    If you checked out the "job opportunities" part of their website, you would find what they are using? or they would be boasting about it in their general information section?

    The operating system and applications/services go hand in hand in my books... If everyone was as robotic as you state then Pen Testers would be out of a job
    Yes, this is about to happen....................... if you don't believe me, have a word with TH-13 who has commented to that effect already?

    It is bot vs bot my friend
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #14
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by nihil
    Hey, jockey~ please think about this:

    The bigger they are, the more open they are?................ After all, your guys aren't going to be running Windows 95 are they?

    If you checked out the "job opportunities" part of their website, you would find what they are using? or they would be boasting about it in their general information section?



    Yes, this is about to happen....................... if you don't believe me, have a word with TH-13 who has commented to that effect already?

    It is bot vs bot my friend
    Pen testers will never be out of work... it's not bot vs bot... I can never solely be bot vs bot... Let's take the PCI certification

    There are two requirements

    1) Automated Scanning
    2) Pen Test...

    Why would you need to be scanned with a product by Tenable, Qualys, nCircle, Rapid7, etc and also get a Pen Test if pen testing was becoming obsolete?

    If it was a world of bot vs bot we wouldn't have AV Vendors with security researches and signature writers, we wouldn't have reverse engineers, we wouldn't haev pen testers, we wouldn't have a number of people we currently have.. but if you feel it's entirely robotic with no need for people.. Feel free to tell that to H.D. Moore, Dave Aitel, Pedram Amini, eEye, iDefense and everyone else...

    Yes there will be more automation in the future on the "white hat" side of the fence... but it will never be to the extent that you describe.. If it was entirely bot based that companies would also get rid of Quality Analysts and all Quality Control positions.. because they wouldn't need them... and that will also never happen..

    There's a reason why bots and skiddies aren't nearly as dangerous in the security community as "black hats"... because their automated attacks are easily detectable... that's why it will never progress to pure bot vs bot.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #15
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Why would you need to be scanned with a product by Tenable, Qualys, nCircle, Rapid7, etc and also get a Pen Test if pen testing was becoming obsolete?
    Hah! define need

    Obviously somebody has to design and write the "bots" just as people have to determine vulnerabilities and exploits.............. and people have to write the applications and operating systems that permit them.

    Most organisations are in the happy position that they do not merit individual and specific attack. For them the botniks are the real and present danger. Let's face it, criminals are percentage players who are doing it for the money rather than the glory or reputation?

    We are in an interesting position in IT history, in that we are using operating systems and applications that are based on designs from a previous era. If I were a young person today, and planning a career in IT, I would not expect that situation to remain for the next 40 years.

    Hey, back in the old days we used to have chimney sweeps................. where would you find one of those today?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #16
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by nihil
    Hah! define need

    Obviously somebody has to design and write the "bots" just as people have to determine vulnerabilities and exploits.............. and people have to write the applications and operating systems that permit them.

    Most organisations are in the happy position that they do not merit individual and specific attack. For them the botniks are the real and present danger. Let's face it, criminals are percentage players who are doing it for the money rather than the glory or reputation?

    We are in an interesting position in IT history, in that we are using operating systems and applications that are based on designs from a previous era. If I were a young person today, and planning a career in IT, I would not expect that situation to remain for the next 40 years.

    Hey, back in the old days we used to have chimney sweeps................. where would you find one of those today?

    You can't use a time frame of 40 years in IT but at the same time you can... IT isn't like other fields,,, the speed of progression is much faster but there are also fallback points..

    As far as define need... it is REQUIRED in order to process credit card payments... that's what need is...

    I'm actually talking to TH13 while I write this... we've decided that you need to sit down and rethink things a little... Determine the difference between Vulnerability Assessment and Penetration Testing.. figure out what they both are.. how they work and then come back and have this chat.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #17
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Pen testers won't be out of work.l.. unfortunately. Although most are hacks. (meaning they don't know jack).

    But thanks to regulatory and more regulatory action in government, they are still safe. IDS? That could be another story.... I have been highly debating it's significance in the modern (meaning current) network. With intelligent firewalls, high speed packet shaping/recording, access filtering, Spam gateways, and a host of the modern crop of Internet Servers, it just seems well silly to have a dedicated IDS system.

    Pen testing though - gotta have it for any number of certification processes in business. At least in North America.

    //EDIT oh and when the hammer falls... you better have a nice shiny (current) pen test of your configuration or the ass is on a platter. Who wants their ass on a platter served with chips?
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides