Penetration Testing mailing list archives
Re: [PEN-TEST] Network Attack Trend Analysis
From: Ryan Permeh <Ryan () EEYE COM>
Date: Wed, 6 Sep 2000 11:58:49 -0700
comments within the email as follows: Signed, Ryan eEye Digital Security Team http://www.eEye.com ----- Original Message ----- From: "H Carvey" <keydet89 () YAHOO COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Wednesday, September 06, 2000 10:37 AM Subject: Re: Network Attack Trend Analysis <SNIP>
Not only are the graphs meaningless, but the very data that the graphs are based on is suspect. How is the data collected?
The graphs have meaning, but, like any statistics course you have taken, theese graphs only have meaning in context. i doubt that attrition has any pretense of being an absolute indication on computer crime. as for the attrition mirror increasing computer crime, this is also bunk and based on the false logic that a public forum increases such activity. place blame where blame belongs, on the perpetrators of the crime. in this same vein, it would be like stating that a newspaper is the cause of a murder. the logic is flawed, as is the argument. as for the other side, random defacement notices, this is also incorrect. the world is less black and white than that. attrition gathers it's statistics based on both methods. http://www.attrition.org/mirror/attrition/stats.html#NOTES adds a bit of context and explanation to the graphs.
To be fair, though...I have to say the same thing about the CSI/FBI survey...the statistics that are generated as a result of the survey are largely misunderstood (and very often misquoted), but the very method used to collect the data is suspect, as well.
Again, statistics are meaningless without context. Raw survey data is not often a valid metod of gaining true statisitical information. People misunderstand(as you have said), and people straight out lie. I agree that this method is no more accurate than the Attrition method.
As yet the only information I have seen that even remotely approaches validity is the information Cisco put out a while ago. That data was based on sanitized data derived from performing vulnerability assessments of customer networks.
This also has to be suspect without context. firstly, Cisco may have commercial reasoning to publiush any results of this test. that adds a possible skew to any gathered data. Secondly, it is "sanitized" data, which in and of itself is not bad(as long as sanitized data is allowed within the context of the statistics). Thirdly, is the data gathering methods. Without a detailed, repeaded process used to gather data, the "assesments" are meaningless. all in all, the attrition mirror stats are just that. statisitics based on the defacements within the attrition mirror. They do have a very large percentage of known defacements, and offer this view as *FREE* analysis of their information. if the results do not suit your needs, i'm certain that you, or anyone else, could create similar or even wildly different graphs based on the availible information.
Current thread:
- [PEN-TEST] Network Attack Trend Analysis Christopher M. Bergeron (Sep 05)
- Re: [PEN-TEST] Network Attack Trend Analysis Meredith Shaebanyan (Sep 05)
- Re: [PEN-TEST] Network Attack Trend Analysis Erik Tayler (Sep 05)
- Re: [PEN-TEST] Network Attack Trend Analysis security curmudgeon (Sep 06)
- Re: [PEN-TEST] Network Attack Trend Analysis Erik Tayler (Sep 06)
- Re: [PEN-TEST] Network Attack Trend Analysis security curmudgeon (Sep 06)
- Re: [PEN-TEST] Network Attack Trend Analysis Jensenne Roculan (Sep 05)
- <Possible follow-ups>
- Re: [PEN-TEST] Network Attack Trend Analysis Yonatan Bokovza (Sep 06)
- Re: [PEN-TEST] Network Attack Trend Analysis H Carvey (Sep 06)
- Re: [PEN-TEST] Network Attack Trend Analysis Max Vision (Sep 06)
- Re: [PEN-TEST] Network Attack Trend Analysis Ryan Permeh (Sep 06)
- Re: [PEN-TEST] Network Attack Trend Analysis Matt Dickerson (Sep 07)
- Re: [PEN-TEST] Network Attack Trend Analysis Neff, Paul (Sep 06)
- Re: [PEN-TEST] Network Attack Trend Analysis H Carvey (Sep 08)