Reply From: Kris Benson <doctorkbat_private> At 06:10 PM 01/06/98 -0600, you wrote: >> True all the way, but it would be possible to give them something ELSE >> than what they intended to download. It would be more of a trap, but > >This is a reasonably good idea, but how do you get the bad guys to >download your trojan? Many perpetrators of breakins don't download >anything at all. Well, if you put it somewhere like: /private/Windows99/Updater/update.exe you would probably get a great deal of the ankle-biters and script-kiddies to download it. (I'm sure we all remember the Windows97 updater -- 1.38mb of nothing, but it did update your startup screen) Now, I'm not sure what the statistics are, but I would imagine this would deter a significant portion of the cracking community -- at least after a few years. With any luck the script-kiddies that were destined to become super-crackers would be the ones caught by this... >The internal email address should probably not be able to send or receive >mail from the rest of the world, otherwise it becomes not an internal >email address but an external address that not very many people know >about. Just another example of why security by obscurity doesn't work. -kb -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:59 PDT