RE: Vulnerabilites in new laws on computer hacking

To: "Ansgar -59cobalt- Wiechers" <bugtraq@xxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Vulnerabilites in new laws on computer hacking
From: "Craig Wright" <cwright@xxxxxxxxxxxxx>
Date: Sat, 25 Feb 2006 14:16:48 +1100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcY5f2fWhhVvYLmyTGqibFQifeSbZgAOVfLD
Thread-topic: Vulnerabilites in new laws on computer hacking

In response to "But if there really *was* a hole that allowed an actual 
break-in they
would have to do that anyway, because they wouldn't know if anyone had
broken in before and just wiped his tracks, would they?"
 
There is a world of difference to knowing that you have a vulnerability and 
knowing you have been attacked and worse compromised.
 
Each time that a vulnerability is patched you do not rebuild the host. You can 
not think deteministically that a vulnerability equals a rebuild. At the same 
time when a systems is compromised you need to start again.
 
There are always tracks. The best attacker who can cover their tracks using all 
the best known techniques still leaves tracks - the difference is how 
effectively they may be tracked back after the event. A drive with files wiped 
crypographically and with no slack space is still covered with tracks - more so 
than the simple hacker who does not clear a log file.
 
None of the above will be generally completed, as I have stated in prior posts 
- the skills are not widely available. Again I will also state that this is a 
probabilistic risk function we are talking about. Having a vulnerability 
equates to a low risk that you have actually been compomised. Being compromised 
is determinsitic.
 
Regards
Craig
 
 

Liability limited by a scheme approved under Professional Standards Legislation 
in respect of matters arising within those States and Territories of Australia 
where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If 
you are not the intended recipient, you must not use or disclose the 
information. If you have received this email in error, please inform us 
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the 
email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may 
not rely on this message as advice unless it has been electronically signed by 
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a 
Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments 
due to viruses, interference, interception, corruption or unauthorised access.

Prev by Date: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
Next by Date: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
Previous by thread: RE: Vulnerabilites in new laws on computer hacking
Next by thread: CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC
Index(es):
- Date
- Thread