Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

2004-07-23 Thread Matt Crawford
E-commerce attack imminent; Sudden increase in port scanning for SSL
doesn't look good.
http://www.techworld.com/security/news/index.cfm?NewsID=1975
... aka not necessarily an attack on SSL itself ... but identifying
end-points with open SSL ports as attack targets i.e. end-points with
open SSL ports are likely to be somewhat higher value targets than
machines w/o SSL ports  since the operators possibly feel they have
something to protect.

I can't see any reasonable way to derive your conclusion from the cited 
article.

   The surge began on 15 July, the day before the public disclosure
of a critical flaw in a server module called mod_ssl.
   The last time Netcraft observed similar activity was in April,
shortly before a wave of attacks on SSL servers that included the
compromise of some major e-commerce sites. Attackers used a flaw
in Microsoft's implementation of SSL to install malicious code...
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

2004-07-23 Thread Anne Lynn Wheeler
At 11:09 AM 7/23/2004, Matt Crawford wrote:
I can't see any reasonable way to derive your conclusion from the cited 
article.

   The surge began on 15 July, the day before the public disclosure
of a critical flaw in a server module called mod_ssl.
   The last time Netcraft observed similar activity was in April,
shortly before a wave of attacks on SSL servers that included the
compromise of some major e-commerce sites. Attackers used a flaw
in Microsoft's implementation of SSL to install malicious code...

i just mentioned that it could possible be (another kind of)
attack/threat model (other than the obvious referenced
in the article).
i wasn't aware that this mailing list would preclude mention
of other possible attack/thread models   other than the
obvious ones mentioned.
--
Anne  Lynn Wheelerhttp://www.garlic.com/~lynn/ 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

2004-07-23 Thread Anne Lynn Wheeler
slightly more topic drift w/respect to potential/possible threat models ...
i have put quite a bit of work into security taxonomy as part of the merged 
securitity glossary and taxonomy
http://www.garlic.com/~lynn/index.html#glosnote

i've relatively recently taken a pass at the cve database ...
http://cve.mitre.org/cve/index.html
http://www.osvdb.org/
but what I found was very little structure. i have done word frequency 
analysis on the descriptions ... but even that isn't really conclusive 
(since effectvely random people are generating quite random word 
descriptions). I was hoping to find more structure for expanding taxonomy 
for threat models, vulnerabilities, and exploits.


--
Anne  Lynn Wheelerhttp://www.garlic.com/~lynn/ 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]