Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Vulnerabilites in new laws on computer hacking

from [Craig Wright] Network Security [Permanent Link]
Subject: RE: Vulnerabilites in new laws on computer hacking
Date: Sat, 25 Feb 2006 14:16:48 +1100 

In response to "But if there really *was* a hole that allowed an actual 
break-in they
would have to do that anyway, because they wouldn't know if anyone had
broken in before and just wiped his tracks, would they?"
 
There is a world of difference to knowing that you have a vulnerability and 
knowing you have been attacked and worse compromised.
 
Each time that a vulnerability is patched you do not rebuild the host. You can 
not think deteministically that a vulnerability equals a rebuild. At the same 
time when a systems is compromised you need to start again.
 
There are always tracks. The best attacker who can cover their tracks using all 
the best known techniques still leaves tracks - the difference is how 
effectively they may be tracked back after the event. A drive with files wiped 
crypographically and with no slack space is still covered with tracks - more so 
than the simple hacker who does not clear a log file.
 
None of the above will be generally completed, as I have stated in prior posts 
- the skills are not widely available. Again I will also state that this is a 
probabilistic risk function we are talking about. Having a vulnerability 
equates to a low risk that you have actually been compomised. Being compromised 
is determinsitic.
 
Regards
Craig
 
 

Liability limited by a scheme approved under Professional Standards Legislation 
in respect of matters arising within those States and Territories of Australia 
where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If 
you are not the intended recipient, you must not use or disclose the 
information. If you have received this email in error, please inform us 
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the 
email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may 
not rely on this message as advice unless it has been electronically signed by 
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a 
Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments 
due to viruses, interference, interception, corruption or unauthorised access.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DarkStarlings.com XSS Vulnerability, webmaster
Next by Date:  Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Thomas M. Payerle
Previous by Thread:  RE: Vulnerabilites in new laws on computer hacking, dave
Next by Thread:  CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC, Leandro Meiners
Indexes:  [Date] [Thread] [Top] [All Lists]