Thank you. I was fishing for info and found a gold mine. So to put it very vaugly we could say that greed, anger, or boredom.
So as a moralist/agnostic geek - translated - I truely do understand most all of the sides and agree with everyone to a degree What are the important things to think about to secure any client. 1. Leaving employees. 2. Current employees. 3. Targeted systems (how interesting do I look to a black hat.) 4. Financial gain - how to apply this vaugly to most clients? -- [EMAIL PROTECTED] wrote: > On Tue, 20 Jul 2004 12:36:06 PDT, Andrew Latham said: > > > 1. Boredom - more brains than hobbies > > 2. Needs > > - burstable bandwidth - downloads > > - knowledge > > - bragin rights > > 3. Challenges > > 4. Other > > You're equating "black hat" with one subset thereof, more or less. It's a > lot > more complicated in the real world... > > I'd posit that the goals and motivations of the black hat can be classified > in > three wide ranges, with totally different threat models: > > 1) "type of target" - you don't care who's box it is - you want "any suitable > zombie", "any suitable Windows/IIS server", "any suitable Solaris box". > > 2) "identity of target" - The target has been selected because it's a server > for company X, or you want to deface the webpage for organization Y, or it's > payback time for black-hat Z. > > 3) "monetary/related gain" - you really don't care who the target is, it's > all > about the paycheck - whether it's 500K zombies created by a virus-for-pay, or > a > hacking run against a server that has credit card numbers on it... > > Notice that there can be overlap - a black hat engaging in (2) or (3) may > very > well want to pick up a collection of type (1) stepping-stone machines to > launch > the attack from. > > Also, a target can be in different categories at the same time - it can be > probed by a script kiddie looking for zombies, while at the same time it's > being targeted by a disgruntled ex-employee and a professional criminal. > > Understanding the differences is important - a defense sufficient to stop the > random probing (1) won't slow down either of the other two. However, the > professional criminal is more likely to nail you with a 0-day - but will move > along if they decide the risk/payoff ratio is bad (they see you have enough > network monitors to nail their ass in court, they're outta there ;). The > disgruntled ex-staffer may not have a 0-day - but they may well decide it's a > personal issue and *keep* attacking when a professional would move on... > > > ATTACHMENT part 2 application/pgp-signature ===== *----------------------------------------------------------* Andrew Latham AKA: LATHAMA (lay-th-ham-eh) - LATHAMA.COM [EMAIL PROTECTED] - [EMAIL PROTECTED] If yahoo.com is down we have bigger problems than my email! *----------------------------------------------------------* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
