Honeypots mailing list archives

Re: honeytokens

From: Valdis.Kletnieks () vt edu
Date: Fri, 06 May 2005 17:23:44 -0400

On Fri, 06 May 2005 12:54:17 PDT, Vijayakumar said:

databases.I have decided to do my thesis on
honeytokens.

1.What are he key challenges involving honeytokens?

2.Why has it not been implemented on a large basis?


What makes you think they *haven't* been implemented on a large basis?

It isn't like the bank or the hospital hangs out a big "WARNING: HONEYTOKENS
IN USE" sign.  They just *very quietly* insert fictitious information, like
a medical record for Tom Cruise or Paris Hilton, and then just wait and see
if anybody actually accesses the data.  If they find a hit, the security incident
is then quietly dealt with in the appropriate manner (you don't want to issue
a press release "A Honeytoken caught this hacker", because that would be admitting
the hacker got far enough into the database to find the honeytoken...)

Attachment: _bin
Description:

Current thread:

honeytokens Vijayakumar (May 06)
- Re: honeytokens Valdis . Kletnieks (May 06)
- Re: honeytokens victor calzado (May 08)
- RE: honeytokens Aditya Deshmukh (May 12)
- <Possible follow-ups>
- RE: honeytokens Stejerean, Cosmin (May 06)