Link to zf05
This article isn't complete without a link to the pwning document! http://seclists.org/dailydave/2009/q3/0047.html
On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick. The file posted on security mailing lists claimed to have …
"I was actually surprised that the other people would keep their email and work data on an internet-facing host."
Yes, and idiots putting vital systems on internet-facing hosts (or networks) are the reason that the Merkins are so concerned about their power network being hacked. Honestly, if it's not for public use, don't put it on (or immediately behind) a public network!
effective policing and punishment for computer criminals.
Careful coding and configuration on their own just cannot be effective enough on multipurpose computer systems, they are just too many lines of code, to many interfaces, and too many continuing changes, for coding and configuration to ever be 100% effective.
Computer criminals need to be tracked down and put in jail.
I was just looking over Kevin Mitnick's bio in Wikipedia. He who lives by the sword, dies by the sword it seems.
Like the security on your house, there may well be ways in, and possibly ways which you'd not considered. Regardless of that, though, you'd still lock your doors and shut your windows before you left the house, right? If we accept that criminals will always be with us, regardless of how many laws we get our governments to write, then we also need to take at least basic steps towards keeping our possessions secure.
As regards where you keep data, hackers aren't the only risk to your server. Lightning strike, fire, flood, or simple anno domini on your hard disk are a lot more likely to lose your data. So although the hacker may be the one who wiped the data in this instance, any permanent loss of data is due to a failure on *your* part.
And sure, if someone's deliberately bollixed your system, then being able to arrest them would be nice. However it's not always possible. That's not "possible" as in "practical use of time", but "possible" as in "physically able to do it". In some cases (regimes in China, Burma, Egypt or Saudi Arabia which will happily violate anyone's human rights) being unable to trace someone online is a good thing. In other cases (idiot script kiddies) it's not.
Paris, because she's got multiple online backups of her home movies and pics
Wow man, my coffee.
Seriously, OF COURSE stuff out there is Internet-facing these days. It's just too useful to use the open network, like using Social Security Numbers for unique id purposes.
To make stuff safe, we have VPNs, firewalls and "separate backends". Also, people who are knowledgeable in writing good code.
the growing world of world wide web is also giving fodder to malicious activities and posing security threats for the main reason that its very easy to keep identity under wraps in this virtual world something needs to be done on this issue to keep a better control
Samantha
www.Aafter.com
(AC "Samantha” @ 5:26)
Anyway, Mitnick never impressed me but he's spot on about not putting important stuff online if it doesn't need to be immediately publicly accessible. There's a reason that I use encryption for stuff I really care about and keep anything that's not trivial on offline storage. *eye roll*