Consider then the concept of a 'Honey Token' http://securityfocus.com/infocus/1713
Yet, the article states that these are more of a 'insider threat' monitoring tool. Few if any honeytokens would probably ever be exposed to the internet at large.
Why not?
Example:
tokens for account info in an extranet application, easily catches sql injection, brute force attacks, intellectual property theft...
Just some possibilities for this:
portals customer accts inactive web pages fake confidential documents ...
J
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
