August 25th, 2001, 05:10 AM
What would JP do?
Hey I though i should just post this 4 the hell of it, but, JP what would u do if someone accually broke in and defaced your site with a prog YOU listed for download at your security download section. besides just take that prog down maybe.
Anyone else, what do u think u should have happen?
I mean you do list a hack attempts log on your site.
August 25th, 2001, 07:44 AM
I would hope that JP (and any other self-respecting security specialist) would just suck it up and admit they screwed up. Removing the program would be utterly stupid. Thankfully, Antionline had (and I assume still has) their full-disclosure policy. When they were hacked for the first time a while back, JP came right out. Heck, when they hadn't been hacked (but people made it look like they had), JP came right out and explained what was happening.
\"If you torture the data enough, it will confess.\" --Ronald Coase
August 25th, 2001, 04:34 PM
With over 3million hack attempts a year, we're bound to get hacked every now and then. You'll notice that most security sites have very few interactive features, and just basically serve up simple html. The less user interaction, the less chance you have of getting hacked. Complexity is sort of the enemy of most security admins.
I, however, think it's stupid not to have interaction and all of the bells and whistles that other sites have. If we get hacked, oh well. It will be a learning experience. We'll patch the hole, and put the site back up.
Since this site's been around (starting in 1993), we've gotten nearly 9 million intrusion attempts. Only two were successful, and neither of them managed to penetrate our internal lan, or any of our internal servers, just simple webpage defacements.
I can live with that.........