Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: On classifying attacks

from [David M Chess] Network Security [Permanent Link]
Subject: Re: On classifying attacks
Date: Wed, 29 Mar 2006 08:19:04 -0500 
The difference with other client attacks triggered from remote location 
is the attacker. If he/she connects to you and tries to exploit, the 
service is running and then runs into say, an exception. With a browser 
you go to a remote site, download code, run it locally and get 

exploited.


I am not sure what these should be called, but an SQL injection is not a 



remote vulnerability as we term it, despite some similarities.

Many of us still argue on what a worm vs. Trojan vs. virus, etc. are. 
Let's not get to the stage where we have that with vulnerabilities.


But many of us *love* to argue about taxonomies and word meanings (it's 
cheaper than booze anyway).  *8)

To my mind, if the attacker needs to be logged into an account on the 
machine being attacked then the vulnerability is local; if the attacker 
just has to be able to push bits to a port then it's remote.  If the 
attacker has to trick a legitimate user into doing something (including 
going to a particular remote site) then it's a Trojan horse.  Not hard and 
fast boundaries (what if the attacker has to first push some bits to a 
port and then fool a user into clicking on a link in some email and then 
log into a local account?), but to first order...

Calling an SQL injection a "Trojan horse vulnerability" sounds a little 
odd, I admit.  But until something better comes along?

DC
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability, Juha-Matti Laurio
Next by Date:  Smurfable Linux Kernel, Tomasz Chomiuk
Previous by Thread:  Re: On classifying attacks, Gadi Evron
Next by Thread:  Re: On classifying attacks, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]