Return-Path: <sentto-279987-5023-1027395916-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 22 Jul 2002 20:49:07 -0700 (PDT) Received: (qmail 30342 invoked by uid 510); 23 Jul 2002 03:44:25 -0000 Received: from n34.grp.scd.yahoo.com (66.218.66.102) by all.net with SMTP; 23 Jul 2002 03:44:25 -0000 X-eGroups-Return: sentto-279987-5023-1027395916-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.199] by n34.grp.scd.yahoo.com with NNFMP; 23 Jul 2002 03:45:16 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 23 Jul 2002 03:45:16 -0000 Received: (qmail 94839 invoked from network); 23 Jul 2002 03:45:16 -0000 Received: from unknown (66.218.66.218) by m6.grp.scd.yahoo.com with QMQP; 23 Jul 2002 03:45:16 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 23 Jul 2002 03:45:15 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6N3l6W05637 for iwar@onelist.com; Mon, 22 Jul 2002 20:47:06 -0700 Message-Id: <200207230347.g6N3l6W05637@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 22 Jul 2002 20:47:06 -0700 (PDT) Subject: [iwar] [fc:Are.Hacking.Defenses.Winning.the.War?] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=3.2 required=5.0 tests=RISK_FREE,FREE_MONEY,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: *** Are Hacking Defenses Winning the War? <a href="http://www.newsfactor.com/perl/story/18663.html">http://www.newsfactor.com/perl/story/18663.html> Newsfactor Network By Tim McDonald NewsFactor Network July 18, 2002 DoS attacks remain the most common threat. But, according to security experts, DoS attacks do not necessarily present the same kind of threat to national infrastructure that they once did. Learn how the right management practices can speed the enablement of e-business enterprises, while providing continuous availability, flexibility and scalability. Get a copy of the IBM white paper, "Infrastructure Resource Management: A Holistic Approach" today at www.ibm.com. The problem with hack attacks these days is that they are no longer easily recognizable. Like snipers, they hide in the shadows. They can also disguise themselves as something else. "We can no longer say, OK, there's a neat box called viruses and there's a neat box called hackers and there's a neat box called spam," Sam Curry, security architect of antivirus company McAfee (Nasdaq: MCAF) told NewsFactor. "All the tools are available to anybody out there who wants to potentially hurt people, companies or the Internet at large." Of course, security companies have vested interests in publicizing computer crimes, hoaxes and scams, but there are a number of independent confirmations that computer crime continues to grow. 'Incidents' Soaring The federally funded Computer Emergency Response Team (CERT) reports that "incidents" -- which includes anything from a single host computer being hacked to hundreds of thousands of affected sites -- are on the upswing. Reported incidents have increased from six in 1988 to more than 52,600 in 2001, and we are on pace to break that again this year. Already in 2002, more than 26,800 incidents have been reported. Vulnerabilities reported last year numbered 2,437, twice that of the previous year. And in the first quarter of this year, 1,065 vulnerabilities were reported. Security alerts are also up, from 26 in 2000 to 41 last year, with nine in the first quarter of 2002. Methodologies Improving DoS attacks remain the most common threat. These involve brute force and require more than a simple firewall to mitigate them. Experts point out that network processors using separate hardware devices are needed to blunt high-speed DoS attacks. Still, DoS attacks don't necessarily present the same kind of threat to national infrastructure that they once did. "They continue, but the methodologies for mitigating them have improved," Stephen Nesbitt, a NASA computer crime investigator, told NewsFactor. "DoS [attacks] require a variety of systems to target a domain," Nesbitt said. "Usually, systems are compromised for the purpose of creating a network. The larger the network, the larger the bandwidth, the more danger they can do downstream. And you can compound that by adding other kinds of attacks." Web Services Vulnerable Consumer security companies maintain the threat is growing. "NASA is thinking of national critical systems and their exposure," McAfee's Curry said. And as they grow in popularity, Web services are particularly vulnerable. "If you're a business, you cannot afford to have transactions slowed," said Curry. "If you're a home user, you can't afford to have bandwidth unavailable." "Web services can't be riding really close to the line," Curry said. "They have to be very careful they're not near their maximum capacity most of the time, because if they get [a DoS attack] their service will go down, their servers will be damaged and their revenue will get hit." Hybrids on Rise The Nimda virus, which hit last September 18th, drove Internet traffic levels up worldwide -- in some places to the point where Internet service providers and broadband providers could not secure service. "As people turn more and more to the Internet to do more things, their computers are doing more than just e-mail and Internet," Curry said. "They're doing file-sharing, chats, interacting in more ways and they're doing it faster. I would say the more you interact and the faster you do it, the more likely you are to get infected or attacked." Curry said hackers are using more tools to daze and confuse victims. "We're seeing more hybrid threats, combinations of virus tools and hacker tools that can potentially take over systems," he said. "They're part virus/worm, part remote control Trojan. We're starting to see that spam is more than just a nuisance now -- it's also a major security threat." Spammers are Cheap Perpetrators of fraud send fake virus alerts, posing as antivirus companies. When users click to get protection, they find themselves giving their credit card numbers to buy nonexistent virus protection. "The expense of doing spam is so low, criminals anywhere in relative anonymity can use that as a tool to take advantage of people, steal their identification, harass them and potentially steal from them," said Curry. And Kevin Houle, one of the authors of a CERT white paper on the subject of DoS attacks, told NewsFactor, "The problem of denial-of-service is fundamentally ingrained in the way that the Internet is built." "The Internet is comprised of limited, consumable resources. Thus, it's possible [for hackers] to consume those resources. That's not likely to change any time in the near future." According to the experts, then, the safest course of action is to assume that DoS and similar attacks are here to stay, to take the appropriate defensive measures -- however ineffective they may prove to be. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Free $5 Love Reading Risk Free! http://us.click.yahoo.com/NsdPZD/PfREAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT