[Dshield] yyyyyyyyy me?

Nels Lindquist nlindq at maei.ca
Tue Mar 19 18:31:26 GMT 2002


On 19 Mar 2002 at 7:14, Mrcorp wrote:

> .  MD5 password are relatively secure (I say "relatively" as
> > with enough time and CPU power most any password can be brute-forced.)
> 

> I guess I would ask yourselves, do you have anything worht wasting a
> hackers time and resources over?  I mean, most peoples home computers
> are not a target of a well funded hacking organization that looks for
> john dow in ohio (no offense to those in ohio).  And so what if they
> get in your machine?  What would you loose?  Is it backed up in case of
> hardware failure? 
> 
> I see this conversation going in the same old direction that most
> secureiity sites get into. Thinking that the most elite secret hacking
> society is out there and hacking every tom dick and harry.  Its just
> not the case. 

Script kiddies aren't looking for information.  They want your 
bandwidth and your computer resources.  They couldn't care less about 
you as an individual, or your company as an entity.  Systematic scans 
of the entire IP address-space are going on constantly, probing for 
specific vulnerabilities.  Residential and SOHO broadband providers 
are particularly nice targets, due to the continual influx of new 
subscribers and the relative insecurity of most home computers and 
networks.

If you're interested in some background information, there are some 
good papers at the Project Honeynet website:

http://project.honeynet.org/papers/

They have a series of very informative "Know Your Enemy" articles 
discussing the methods and motives of the blackhat community.

Understanding the threats you face is vital when managing security.

Nels Lindquist <*>
----
Quidquid latine dictum sit altum viditur.

Whatever is said in Latin, sounds profound.




More information about the list mailing list