RE: On classifying attacks

To: Forte Systems - Iosif Peterfi <toto@xxxxxxxxxxx>
Subject: RE: On classifying attacks
From: Tim Nelson <tim.nelson@xxxxxxxxxxxx>
Date: Tue, 2 Aug 2005 12:46:16 +1000 (EST)
Cc: 'Crispin Cowan' <crispin@xxxxxxxxxx>, 'Technica Forensis' <forensis.technica@xxxxxxxxx>, "'Black, Michael'" <black@xxxxxxxxxxxxx>, 'James Longstreet' <jlongs2@xxxxxxx>, 'Derek Martin' <code@xxxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20050729070642.19016.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050729070642.19016.qmail@xxxxxxxxxxxxxxxxxxxxxxx>

On Fri, 29 Jul 2005, Forte Systems - Iosif Peterfi wrote:

Ok, so let's split them like this:

1. Simple
 1.1 Remote
 1.2 Local
2. Compound
 2.1 Social engineered
 2.2 Technical
 2.3 Local


        I prefer something just as simple, but maybe more flexible:
1.      Interaction level
        i)      Automatic (no victim action required)
        ii)     Semi-Automatic (victim performs some normally safe action,
                ie. opening e-mail, or a cron job runs)
        iii)    Manual (victim is socially engineered into performing
                su -c 'rm -rf /' or some such stupid thing)
2.      Target
        i)      Access
        ii)     Elevation (Privilege elevation)

For all attacks, select one item from section 1, and one fromsection 2.

Traditional remote attacks are Automatic Access attacks.Traditional local attacks are Automatic Elevation attacks. E-mail trojansare Semi-Automatic or Manual Access attacks.


Daniel Weber wrote:

I've seen a lot of classification schemes proposed on Bugtraq in the
intervening years, some of them quite good.  (Search the archives for
"taxonomy" or "classification".)  But unless they are -very- simple to
use, they won't be taken up by the community.  If you can come up with
a single word that imputes the concept of "malicious data that I can
easily get onto the victim's machine and in front of the victim's
eyes but requires him to run it," that would be a great step forward.

Hmm. Methinks I need to use more hyphens; Semi-Automatic-Accessattack :).


        HTH,

--
Kind Regards,
 
Tim Nelson
Server Administrator
 
P: 03 9934 0888
F: 03 9934 0899
E: tim.nelson@xxxxxxxxxxxx
W: www.webalive.biz
 
WebAlive Technologies
Level 1, Innovation Building
Digital Harbour
1010 La Trobe Street
Docklands Melbourne VIC 3008

This email (including all attachments) is intended solely for the named 
addressee. It is confidential and may contain legally privileged information. If
you receive it in error, please let us know by reply email, delete it from your 
system and destroy any copies. This email is also subject to copyright. No
part of it should be reproduced, adapted or transmitted without the written 
consent of the copyright owner.

Emails may be interfered with, may contain computer viruses or other defects 
and may not be successfully replicated on other systems. We give no
warranties in relation to these matters. If you have any doubts about the 
authenticity of an email purportedly sent by us, please contact us immediately.

Follow-Ups:
- RE: On classifying attacks
  - From: Forte Systems - Iosif Peterfi

References:
- RE: On classifying attacks
  - From: Forte Systems - Iosif Peterfi

Prev by Date: Re: Trillian Ver 3.1 saves password's in plain Text
Next by Date: Microsoft ActiveSync information leak and spoofing
Previous by thread: RE: On classifying attacks
Next by thread: RE: On classifying attacks
Index(es):
- Date
- Thread