Forwarded from: Robert G. Ferrell <rferrellat_private> At 01:10 AM 1/18/02 -0600, you wrote: > Website defacements are no more than graffiti in digital form. > Should their entire lives be ruined because they did this? how > about if they were doing it with a can of spray paint on the side > of your office building? and exactly what are the monetary > damages? The reason this analogy is not entirely accurate is that most graffiti is applied in public areas; i.e., on spaces that can be legally accessed by members of the public. A Web page is more akin to a window display than an exterior wall. The attackers must break into the building first, then leave their graffiti in an area to which they had no legal access. It is the action of compromising the system which does the real damage, not the actual Web defacement. If all that was required to address a defacement was to replace the defaced page(s), the damage would be trivial. However, once a box is compromised, any admin with even a vestige of a clue will be forced to consider the entire system tainted, with all the work that implies. Of course, the mechanism of compromise is relevant here, as well. If the exploit merely replaces the index page via an HTTP-based buffer overflow or something of that nature, the potential for system-wide damage is obviously considerably reduced over, say, a full rootkit install. Unfortunately, the mechanism of compromise is often not clear until some digging into logs and examination of other system components has been achieved, and by then the cost of recovery is already non-trivial. My real point is simply that, while I agree that digital graffiti itself is little more than an annoyance, the costs of recovering from attacks of this nature are sometimes disproportionately large. It's important to keep in mind the psychological impact of intrusions on the peace of mind of both the victim companies and their customers. These costs are difficult to quantify, but no less real for it. Cheers, RGF Robert G. Ferrell rferrellat_private http://rferrell.home.texas.net/rgflit.html - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 01:19:07 PST