Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Looking for help against Chinese Hacking Team
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Tue, 16 Dec 2008 10:36:12 -0500

Great,
So then it looks like we're in agreement on what "harveyfrank" should do. Do you by chance have any affiliation with ArcSight?


On Dec 16, 2008, at 9:09 AM, ArcSighter Elite wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adriel T. Desautels wrote:
Great,
   If he's looking to stop attacks then he needs to remove the vector
through which he is being attacked. IPS devices do not remove the
vector, they make an attempt to prevent the vector from being accessed.
While I support the use of properly configured and maintained IPS
technologies, I'd never recommend using them as a method for remediation
because they are only a method for mitigation.  Sure mitigation is
great, but its not a fix.

   With respect to your comment about creating properly designed
parameterized stored procedures, it is not "almost impossible" if you
architect things properly. You might be able to change a variable from
a 1 to a 2 which is technically SQL Injection, but its not usually an
SQL Injection Attack that is of any use.  The idea here is to prevent
SQL Injection Attacks not to prevent people from changing variables that
should be harmless right?




On Dec 16, 2008, at 8:32 AM, ArcSighter Elite wrote:

RaptorX wrote:
what Adriel meant was PROPERLY DESIGNED Parameterized Stored
Procedures, and
I totally agree with him.

Providing a short time solution is a good idea but you have to finish
the
job properly which in the case of a pen-tester would be report and
provide
with a viable (permanent) solution.

I also agree partially with Sam, specially windows systems, after
hacked it
is a MUCH BETTER idea to rebuild it improving the security of course.


Well, PROPERLY DESIGNED of course if almost impossible, but you think
this is the case? I repeat myself: he's wishing to stop the attacks, and of course I think/hope he'll take the appropriate measures then. IMHO he wouldn't be able to fix anything if he is constantly under attack. And
sure, linux is the best solution, even a win port of apache will do
better than IIS, again IMHO. Again, SQL injection could result in a host
compromise, so re-deploying would be the optimal form: ex. instead of
finding rookits, install clean.

Adriel T. Desautels
ad_lists () netragard com


Sorry, we got a little communication problem here. I mean PROPERLY
DESIGNED queries is almost impossible to SQL-inject, my bad if you
misunderstood me. I'm sure you can't trusts IDS: I already said it in a
funny way: "they will only stop script-kiddies"; but he must truly
"mitigate" the attack as you said, before taking another long-term
measures. The IDS will also mitigate other attack vectors that may
expose vulnerabilities in his web-app, that may be vulnerable to other
web-based attacks, I already said, XSS, Sessions, Includes, Injections
(LDAP/SQL, etc), and the like.




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJR7aXH+KgkfcIQ8cRAnqJAKDoLK6SBIGeDWKggSoxZ60EYLhm3gCgpPC3
dIOfXBjwnP3u1MYDsEhgoDI=
=rk++
-----END PGP SIGNATURE-----

Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault