Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: All China, All The Time
From: Christian Sciberras <uuf6429 () gmail com>
Date: Fri, 15 Jan 2010 19:55:01 +0100

Physical keys. There's like over 100 different keys in the whole
complex... Sure, helpful to know about the needle in a haystack. The
question is, how much is needed to sift through that haystack.
One day "evil maid" approach is ok, a couple of days "evil
technician", possibly, but I doubt anyone wouldn't notice the
intrusion.


On Fri, Jan 15, 2010 at 7:48 PM, Benji <me () b3nji com> wrote:
I'll put it this way.

Im an attacker in your network, trying to get access to your "most sensitive
information". Ive identified the server that stores this information and Im
looking around for keys/passwords etc etc etc.

Are you saying it wouldnt help me to know that I needed 5 keys, thus
pointing me towards what to look for?


On Fri, Jan 15, 2010 at 6:44 PM, Christian Sciberras <uuf6429 () gmail com>
wrote:

No, that was actually configuration description; best of luck finding
our facility.

On Fri, Jan 15, 2010 at 7:42 PM, Benji <me () b3nji com> wrote:
Actually you were boasting, it was irrelevant to have what you have as a
security precausion. Infact, one could argue that you were making your
setup
insecure by telling people how you're secured from the get go.

On Fri, Jan 15, 2010 at 6:38 PM, Christian Sciberras <uuf6429 () gmail com>
wrote:

My question was mostly rhetoric, I tried to imply the point on why
computers with sensitive information were;
1. not fully up to date (=>from the top of my had, the exploit had
several issues in non-standard browser versions?)
2. running internet explorer (=>more known as a target, nothing against
MSIE)
3. used to surf the web (=>why else would you be using IE [rhetoric])
4. not monitored correctly (=>our most sensitive information is stored
in a server locked up 5 times, the only way to get in is either
getting all the keys or through a remote exploit*)

I think the above points violate a couple of rules in security
auditing.

* I'm not boasting about our configuration; this is very easy to
achieve in a company of 5 and one server rack.


On Fri, Jan 15, 2010 at 7:08 PM, Peter Besenbruch <prb () lava net> wrote:
On Thursday 14 January 2010 21:49:05 Christian Sciberras wrote:
"They used an IE exploit to get in."
The people at *Google* use *IE*?!! Besides, how does an exploit in
IE
affect the server?

It would affect a person with login rights to a server.

This wasn't just an attack on Google, btw, it was an attack on 32
different
companies.
--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault