tag:blogger.com,1999:blog-4088979.post1632625925256340864..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: First They Came for Bandwidth...Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4088979.post-66783093001348787642008-03-04T18:22:00.000-05:002008-03-04T18:22:00.000-05:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-18558352729190321742008-02-22T14:38:00.000-05:002008-02-22T14:38:00.000-05:00In the hacking and criminal world, the creativity ...In the hacking and criminal world, the creativity and success of the attackers provides a nice bit of natural selection on the threats that we'll end up caring about. The unimaginative ones fizzle back down where they came from, or stick to their two or three good tricks. Attackers also *have* to be somewhat imaginative if they are to make a career of it.<BR/><BR/>It is far harder to provide such selection for the good guys. Plenty of very unimaginative security folks will stick around for decades being less than effective and most likely very lucky. <BR/><BR/>A generalization, nothing more.Unknownhttps://www.blogger.com/profile/15357840241031190415noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-84603484842655435102008-02-19T14:54:00.000-05:002008-02-19T14:54:00.000-05:00A limitation of this attack is that its exploitati...A limitation of this attack is that its exploitation is conspicuous, e.g., this dude got caught.<BR/><BR/>The hacker could use deception to cover his tracks...<BR/><BR/>The hacker conspires with the author of a financial newsletter. When the hacker discovers the upcoming stock devaluation, he informs the author. In the newsletter, the author recommends buying put options. <BR/><BR/>The hacker buys the options, and if questioned, attributes his purchase to the newsletter. <BR/><BR/>The author attributes his buy recommendation to his own brilliant analysis.Jim Yuillhttps://www.blogger.com/profile/15515623918581564260noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-64046036556646749312008-02-17T11:38:00.000-05:002008-02-17T11:38:00.000-05:00Good point well raised. What are the implications ...Good point well raised. What are the implications of tampering with trade secrets in pharmaceuticals, insider collusion in money laundering and rackateering and modifying classified information in defense sectors?<BR/><BR/>I know you don't put much stock in prevention, but since our technology model allows ranking of users and code in terms of integrity, simply ranking important data higher than users prevent tampering with code (or audit trails).<BR/><BR/>This has implications for secure data hand-offs, data sharing, protection against anti-forensics tools and so on.<BR/><BR/>In this case, prevention might be easier than detection and recovery.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-47194430473527995312008-02-16T04:44:00.000-05:002008-02-16T04:44:00.000-05:00"One of the problems with being a defender is a te..."One of the problems with being a defender is a tendency towards a lack of imagination."<BR/><BR/>lack of imagination is a problem in many ways. it is difficult to get oneself out of the equation and take a wider view on things - mainly due to the sheer daily workload.<BR/>recently i had an interesting experiance... at the "digital life design" conference this year, one joe schoendorf asked the attending crowd (full lecture hall) who of us was under 25: maybe 3-4 hands were raised.<BR/>so sitting in a conference about digital lifestyle i realized this was a good point ;-)<BR/>working at an university, sure thing i used the question myself at the next meeting and (with the results of a conducted survey and some other arguments) everyone agreed to the investment.<BR/>although our team is good and not really disconnected from the users, we sometimes dont realize that, through our daily work, we lack the time and opportunites to familiarze ourselves with all available end-devices, applications and their full capabilities. <BR/>in my case, the simple question about the average age in our department and the comparison with our audience helped regain the perspective and in the end sold it.Anonymousnoreply@blogger.com