Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

2004-07-23 Thread Matt Crawford
E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good. http://www.techworld.com/security/news/index.cfm?NewsID=1975 ... aka not necessarily an attack on SSL itself ... but identifying end-points with open SSL ports as attack targets i.e. end-points with open SSL

Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

2004-07-23 Thread Anne Lynn Wheeler
At 11:09 AM 7/23/2004, Matt Crawford wrote: I can't see any reasonable way to derive your conclusion from the cited article. The surge began on 15 July, the day before the public disclosure of a critical flaw in a server module called mod_ssl. The last time Netcraft observed similar

Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

2004-07-23 Thread Anne Lynn Wheeler
slightly more topic drift w/respect to potential/possible threat models ... i have put quite a bit of work into security taxonomy as part of the merged securitity glossary and taxonomy http://www.garlic.com/~lynn/index.html#glosnote i've relatively recently taken a pass at the cve database ...