Honeypots mailing list archives
Re: honeytokens
From: Valdis.Kletnieks () vt edu
Date: Fri, 06 May 2005 17:23:44 -0400
On Fri, 06 May 2005 12:54:17 PDT, Vijayakumar said:
databases.I have decided to do my thesis on honeytokens. 1.What are he key challenges involving honeytokens? 2.Why has it not been implemented on a large basis?
What makes you think they *haven't* been implemented on a large basis? It isn't like the bank or the hospital hangs out a big "WARNING: HONEYTOKENS IN USE" sign. They just *very quietly* insert fictitious information, like a medical record for Tom Cruise or Paris Hilton, and then just wait and see if anybody actually accesses the data. If they find a hit, the security incident is then quietly dealt with in the appropriate manner (you don't want to issue a press release "A Honeytoken caught this hacker", because that would be admitting the hacker got far enough into the database to find the honeytoken...)
Attachment:
_bin
Description:
Current thread:
- honeytokens Vijayakumar (May 06)
- Re: honeytokens Valdis . Kletnieks (May 06)
- Re: honeytokens victor calzado (May 08)
- RE: honeytokens Aditya Deshmukh (May 12)
- <Possible follow-ups>
- RE: honeytokens Stejerean, Cosmin (May 06)