Re: MS06-019 - How long before this develops into a self propagating email worm

[schanulleke.29172787 () bloglines com]

n3td3v,

You wrote:

> > threat meters:
> Seriously, threat meters are
a waste of time and should be scraped by all.

I am not a big fan of them
either unless they are implemented well, meaning there are concrete reasons
to go from one state to the other and each state has specific actions attached
to them.

All the net and IRL threat meters seem to lack these requirements.


> Lets call it "paranoia meter" because its heresay, there is no
> particuler
threat. Just because a vulnerability is wild and not
> patched, does not
pose a threat. In terrorism a threat is specific
> information that an attack
is being planned. 

I have to disagree with you definition of a threat here.
Threat is the likely hood of something happening if it is planned or not.


When I go into certain neighbourhoods of certain places with a lot of gold
jewelary showing the threat of being mugged it higher then when I don't show
the gold.

The consequeces of an event happening are also part of the threat.
I have a high chance of taking coffe in the next 30 minutes, but the (negative)
consequeces of that so low I do not considered it a threat.

Likewise the
public knowledge of a vulnerability increases the likelyhood if it being exploited.
If the vulnerability has serious consequences (like the current exchange culnerability)
the threat is again greater. 



> Although, the internet
> threat meters
are lamer than the main land threat meter (and even the
> mainland threat
meter is lame), because its completely based on
> heresay, theres an unptached
vulnerability, "this could happen, but we
> don't have any intelligence whatsoever
that something is being
> programmed, but we thought we'd raise the internet
threat level, you
> know because theres nothing else happening".

Yes,
this is hearsay, like most other intelligence. If it was not hearsay it would
again increase the likeliness and the threat.

> Although, thats how it
used to be. The "bad guys" have realised now
> how much money these cyber
agencies are making out of exploit virii,
> that they've decided not to launch
an attack, based on their threat
> meters. The only time a real threat will
come is when cyber agencies
> are off-watch. Why would an attack be launched
if governments and
> businesses are expecting something to happen? The element
of suprise
> is as important as the terrorism which gives them the name terrorist.


Thanks for that insight. I feel we might have to make the split between
real hackers and the other 95%.

> Welcome to the future. Times are changing.
You can create a paranoia
> amougst the community, but the new kids on the
block aren't playing a
> destructive game of tig between malicious users
and security vendors.
> The ball is in the malicious users court. Each time
you raise your
> threat level and nothing happens is eating away at the credibility
of
> security vendors, although the bad guys always will have a cool nack

> of creeping up on everyone when they least expect it.

True, yet the
security vendors cannot afford to not make people aware of the current conditions.


> Although, has it ever been the case "thanks to your threat meter I
wasn't hacked", or with mainland terrorism "thanks to the terror
> meter,
i spotted a terrorist and called the cops and managed to divert
> a 9/11
style attack"

Unless there are specific actions associated with a threat
level it will nota ccomplisch anything.

Schanulleke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/