Don't use electrostatic air cleaners. They produce ozone and are a health hazard indoors. In addition to that, they don't work. The American Lung Association specifically recommends *against* using them:
http://www.lungusa.org/pub/cleaners/air_clean_ch ap 4.html#h
Buy an Austin Air cleaner and be happy. They work great and are quiet.
Not to start accusing Jane's, but they clearly plagiarized my post to Slashdot and did not provide credit. Here is a snippet of the Jane's article:
As pointed out by Clifford Stoll in The Cuckoo's Egg, automated 'data mining' techniques can be used to search for useful patterns in vast stores of insecure and seemingly unrelated data. A bank may assume its electronic fund transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data, as the pure information is often much more valuable than simply destroying random records. Reconnaissance attacks such as these are difficult to stop but extremely damaging. In the long-term banking scenario, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why destroy a valuable point of information gathering by doing something short-term like disrupting operations?
Here is a quote from the original thread with my (long) post:
"For instance, a bank may assume their electronic funds transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data (which is what most people think is the end goal but isn't always), rather the pure information which is often much more valuable than simply destroying random records. Reconnaissance attacks like these are difficult to stop but extremely damaging. In the case of the bank, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why completely destroy a valuable point of information gathering by doing something silly like disrupting operations? It's rare that a single offensive has any lasting effect, you must attack from different levels and leverage all available resources for maximum impact. Only dispose of resources that you need to. "
I assume it is a case of inappropriate referencing. However, they didn't even bother to put quotes around the paragraph indicating it as a direct quote. Instead they just did a cut and paste. I don't want to be rude, but this is not very professional. I can only hope it was a mistake on the author's part. I would hope they would at least offer a retraction/correction for this.
I wrote a tool called HostSentry that does something called 'Login Anomaly Detection'. Basically it monitors user logins and logouts and detects suspicious activities such as:
- First time logins - Logins from "foreign" domains - Concurrent logins from different hosts - Dangerous.rhosts entries - Altered and missing.history files. - Suspicious hidden directory names. - Etc.
It is in early development stages now but is very effective at tracking and detecting compromised passwords on accounts. It works on Linux and other Unix variants. You can learn more about this and my other tools at:
I've been involved with computer security for over 10 years and currently am a developer for a commercial vulnerability scanner and intrusion detection system. I also produce a set of free tools that help secure Unix hosts. I say this as a brief introduction to my qualifications, not as an ego booster. Regardless, I have some comments:
Using CT, how easy or otherwise is it to bring down or attack vital systems?
This question is difficult to quantify as every organization has a different definition of what is "vital" and what is not. Since attackers typically do not know this information, they make it their task to break into every system they can on a target network and see what looks interesting. Even worse, focused attackers may actually plan what sub-systems they want to control and may have different objectives that fall outside of what someone may deem "vital."
For instance, a bank may assume their electronic funds transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data (which is what most people think is the end goal but isn't always), rather the pure information which is often much more valuable than simply destroying random records. Reconnaissance attacks like these are difficult to stop but extremely damaging. In the case of the bank, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why completely destroy a valuable point of information gathering by doing something silly like disrupting operations? It's rare that a single offensive has any lasting effect, you must attack from different levels and leverage all available resources for maximum impact. Only dispose of resources that you need to.
What sort of skills would be needed to do so, and are they common/teachable?
The skills are easily teached and commonly available. Anyone can learn to hack systems it is not hard and the people who deface web pages are not "computer geniuses" (as commonly portrayed), they just know where to look for the exploits. As with any information, exploits can be used for good or bad. Personally, I don't distribute attack code and probably never will.
There was a time (back in 1994-95) when I ran an extensive exploit archive on a low-bandwidth connection. The archive contained quite a number of useful tools, attacks, dictionary lists, etc. and was publicly available, but not advertised. It came to be one evening that I discovered a lot of activity on my MODEM (a lot of download activity). I looked at the server logs and caught a system from scientology.org that was mirroring my *entire* archive. For the un-initiated, Scientologists are an extremely destructive group and their intentions are rarely good (see http://www.xenu.net). I immediately unplugged the MODEM and took the archive offline. Since then I have refused to contribute to the problem by distributing attack code. It was an interesting lesson, one that taught me that some information needs to be *earned* and not just *given away*.
If this story doesn't send chills down your spine I don't know what will. There *are* groups of people who are gathering this information for purposes unknown to anyone. They are *surely* not out to deface websites, but you can be certain whatever it is they are up to is not good. People need to take more seriously the consequences of their actions when they release code that makes it easy for anyone to compromise a network.
Commercial-off-the-shelf software: can it really do CT?
I'm a developer on a vulnerability scanner called NetSonar. It is a COTS vulnerability assessment tool from Cisco Systems, Inc (I speak for myself, not my employer). I can say with fair certainty that these tools are not ideal for "cyber-terrorism" because they are designed with a different purpose in mind. For one, they are very "noisy" on a network during a scan because they are literally trying hundreds of different attacks and consuming a huge amount of bandwidth. From our experience, even totally clueless admins will probably notice a problem if any of the commercial scanners are used just because they are so incredibly hard on a network (causing errors, crashes, performance problems, user complaints, etc.). Also COTS tools aren't designed to gain remote access to a host as much as they are to tell you that someone *could* gain access to a host if so inclined. This is a significant difference because most scanners don't provide purely automated access mechanisms. In otherwords you still have to work a little once the scanner has found a hole. In most cases you need to run a third party exploit to gain access. If this is the case, why not just run the attack to begin with and see if it works to get in? Using a scanner is just another step you can eliminate as an attacker. This is what most intruders do: Blindly run an attack and see if it works. Unfortunately network security is so bad that this is more than enough. Now there *are* tools that exist that would be wonderful for offensive operations, we even have some ourselves that our consultants use. These tools are made to be quiet, quick, and targeted. They facilitate remote access, but that is what they are designed to do from the beginning. Tools like this exist in the underground too and will surely find a wider distribution in the next year or two.
Which systems are actually attackable?
Assume anything you have connected to a network is attackable, even if not immediately obvious why a person would want to attack it.
Can a recovery be made from such attacks?
Of course. It depends on what your backup and recovery strategies are. It is very hard to remove an attacker from your network once they gain access though. There are simply too many ways for them to dig in and spread. The best way to recover is to not let the person in to begin with. This is cliche, but true. Most times you'll need specialized personnel to help you recover from a bad infestation, even then there are no guarantees.
Is it likely to improve/get worse?
It's going to get worse. The software industry is introducing new code and new bugs everyday. They even manage in re-introduce old bugs solved years ago. Additionally, the industry still relies on antiquated languages such as C and C++ to do mission critical and general purpose coding. These languages are incredibly dangerous for most programmers and promote bugs and vulnerabilities through a lack of internal protection mechanisms. Bad code can be written in any language, but C and C++ are especially *good* at promoting *bad* code. As the Internet becomes an indispensible part of everyday life new programs (and attacks) will emerge that provide new opportunities for abuse. This is the problem for any technology and is not unique to the Internet.
What sort of preventitive work would you recommend them to carry out?
For one, take security seriously. Few organizations take security seriously until they've been compromised. At this point it is very hard to recover and truthfully you never will know you got rid of the problem. COTS vulnerability scanners, Intrusion Detection, anti-virus products, and maintaining current on patches for operating systems and application software are all critical. These four areas alone can stop most all hackers cold.
Slashdot Mirror
Don't use electrostatic air cleaners. They produce ozone and are a health hazard indoors. In addition to that, they don't work. The American Lung Association specifically recommends *against* using them:
h ap 4.html#h
http://www.lungusa.org/pub/cleaners/air_clean_c
Buy an Austin Air cleaner and be happy. They work great and are quiet.
Not to start accusing Jane's, but they clearly plagiarized my post to Slashdot and did not provide credit. Here is a snippet of the Jane's article:
As pointed out by Clifford Stoll in The Cuckoo's Egg, automated 'data mining' techniques can be used to search for useful patterns in vast stores of insecure and seemingly unrelated data. A bank may assume its electronic fund transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data, as the pure information is often much more valuable than simply destroying random records. Reconnaissance attacks such as these are difficult to stop but extremely damaging. In the long-term banking scenario, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why destroy a valuable point of information gathering by doing something short-term like disrupting operations?
Here is a quote from the original thread with my (long) post:
"For instance, a bank may assume their electronic funds transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data (which is what most people think is the end goal but isn't always), rather the pure information which is often much more valuable than simply destroying random records. Reconnaissance attacks like these are difficult to stop but extremely damaging. In the case of the bank, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why completely destroy a valuable point of information gathering by doing something silly like disrupting operations? It's rare that a single offensive has any lasting effect, you must attack from different levels and leverage all available resources for maximum impact. Only dispose of resources that you need to. "
I assume it is a case of inappropriate referencing. However, they didn't even bother to put quotes around the paragraph indicating it as a direct quote. Instead they just did a cut and paste. I don't want to be rude, but this is not very professional. I can only hope it was a mistake on the author's part. I would hope they would at least offer a retraction/correction for this.
I wrote a tool called HostSentry that does something called 'Login Anomaly Detection'. Basically it monitors user logins and logouts and detects suspicious activities such as:
.rhosts entries .history files.
- First time logins
- Logins from "foreign" domains
- Concurrent logins from different hosts
- Dangerous
- Altered and missing
- Suspicious hidden directory names.
- Etc.
It is in early development stages now but is very effective at tracking and detecting compromised passwords on accounts. It works on Linux and other Unix variants. You can learn more about this and my other tools at:
Abacus Project
HostSentry
-- Craig
Hello,
I've been involved with computer security for over 10 years and currently am a developer for a commercial vulnerability scanner and intrusion detection system. I also produce a set of free tools that help secure Unix hosts. I say this as a brief introduction to my qualifications, not as an ego booster. Regardless, I have some comments:
Using CT, how easy or otherwise is it to bring down or attack vital systems?
This question is difficult to quantify as every organization has a different definition of what is "vital" and what is not. Since attackers typically do not know this information, they make it their task to break into every system they can on a target network and see what looks interesting. Even worse, focused attackers may actually plan what sub-systems they want to control and may have different objectives that fall outside of what someone may deem "vital."
For instance, a bank may assume their electronic funds transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data (which is what most people think is the end goal but isn't always), rather the pure information which is often much more valuable than simply destroying random records. Reconnaissance attacks like these are difficult to stop but extremely damaging. In the case of the bank, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why completely destroy a valuable point of information gathering by doing something silly like disrupting operations? It's rare that a single offensive has any lasting effect, you must attack from different levels and leverage all available resources for maximum impact. Only dispose of resources that you need to.
What sort of skills would be needed to do so, and are they common/teachable?
The skills are easily teached and commonly available. Anyone can learn to hack systems it is not hard and the people who deface web pages are not "computer geniuses" (as commonly portrayed), they just know where to look for the exploits. As with any information, exploits can be used for good or bad. Personally, I don't distribute attack code and probably never will.
There was a time (back in 1994-95) when I ran an extensive exploit archive on a low-bandwidth connection. The archive contained quite a number of useful tools, attacks, dictionary lists, etc. and was publicly available, but not advertised. It came to be one evening that I discovered a lot of activity on my MODEM (a lot of download activity). I looked at the server logs and caught a system from scientology.org that was mirroring my *entire* archive. For the un-initiated, Scientologists are an extremely destructive group and their intentions are rarely good (see http://www.xenu.net). I immediately unplugged the MODEM and took the archive offline. Since then I have refused to contribute to the problem by distributing attack code. It was an interesting lesson, one that taught me that some information needs to be *earned* and not just *given away*.
If this story doesn't send chills down your spine I don't know what will. There *are* groups of people who are gathering this information for purposes unknown to anyone. They are *surely* not out to deface websites, but you can be certain whatever it is they are up to is not good. People need to take more seriously the consequences of their actions when they release code that makes it easy for anyone to compromise a network.
Commercial-off-the-shelf software: can it really do CT?
I'm a developer on a vulnerability scanner called NetSonar. It is a COTS vulnerability assessment tool from Cisco Systems, Inc (I speak for myself, not my employer). I can say with fair certainty that these tools are not ideal for "cyber-terrorism" because they are designed with a different purpose in mind. For one, they are very "noisy" on a network during a scan because they are literally trying hundreds of different attacks and consuming a huge amount of bandwidth. From our experience, even totally clueless admins will probably notice a problem if any of the commercial scanners are used just because they are so incredibly hard on a network (causing errors, crashes, performance problems, user complaints, etc.). Also COTS tools aren't designed to gain remote access to a host as much as they are to tell you that someone *could* gain access to a host if so inclined. This is a significant difference because most scanners don't provide purely automated access mechanisms. In otherwords you still have to work a little once the scanner has found a hole. In most cases you need to run a third party exploit to gain access. If this is the case, why not just run the attack to begin with and see if it works to get in? Using a scanner is just another step you can eliminate as an attacker. This is what most intruders do: Blindly run an attack and see if it works. Unfortunately network security is so bad that this is more than enough. Now there *are* tools that exist that would be wonderful for offensive operations, we even have some ourselves that our consultants use. These tools are made to be quiet, quick, and targeted. They facilitate remote access, but that is what they are designed to do from the beginning. Tools like this exist in the underground too and will surely find a wider distribution in the next year or two.
Which systems are actually attackable?
Assume anything you have connected to a network is attackable, even if not immediately obvious why a person would want to attack it.
Can a recovery be made from such attacks?
Of course. It depends on what your backup and recovery strategies are. It is very hard to remove an attacker from your network once they gain access though. There are simply too many ways for them to dig in and spread. The best way to recover is to not let the person in to begin with. This is cliche, but true. Most times you'll need specialized personnel to help you recover from a bad infestation, even then there are no guarantees.
Is it likely to improve/get worse?
It's going to get worse. The software industry is introducing new code and new bugs everyday. They even manage in re-introduce old bugs solved years ago. Additionally, the industry still relies on antiquated languages such as C and C++ to do mission critical and general purpose coding. These languages are incredibly dangerous for most programmers and promote bugs and vulnerabilities through a lack of internal protection mechanisms. Bad code can be written in any language, but C and C++ are especially *good* at promoting *bad* code. As the Internet becomes an indispensible part of everyday life new programs (and attacks) will emerge that provide new opportunities for abuse. This is the problem for any technology and is not unique to the Internet.
What sort of preventitive work would you recommend them to carry out?
For one, take security seriously. Few organizations take security seriously until they've been compromised. At this point it is very hard to recover and truthfully you never will know you got rid of the problem. COTS vulnerability scanners, Intrusion Detection, anti-virus products, and maintaining current on patches for operating systems and application software are all critical. These four areas alone can stop most all hackers cold.
-- Craig
http://www.psionic.com