Re: [ISN] Cracks in the Firewall

From: InfoSec News (isnat_private)
Date: Wed Apr 17 2002 - 00:20:13 PDT

  • Next message: InfoSec News: "[ISN] Israel under hack attack"

    Forwarded from: H C <keydet89at_private>
    Cc: jerichoat_private, joe.duffyat_private
    > Well, I think this pretty much establishes that Joe Duffy was not on
    > the net before 1995 or so.
    How so?  The original design of ARPANet was all about sharing and
    allowing access to those who participated in the project.  Mr. Duffy's
    statement would be in accordance with that historical, though perhaps
    anecdotal information.
    > That screams "upper management" and "i have a problem comprehending
    > a mouse with three buttons" to me.
    That's a pretty rough statement.  Have you met Mr. Duffy?  I'm
    assuming that since you didn't mention having done so, that you
    Steph Marr used to be the National Director for the InfoSec Practice
    at Predictive Systems...he was based out of Santa Cruz.  Definitely
    upper management, but I'm reasonably sure he knows how to use a
    three-button mouse.
    > First, what is "pre-Internet" computing?
    Given the media and how they've mangled pretty much anything related
    to computing in general, I'd venture to guess that it refers to
    pre-GUI web surfing...pre-Berners Lee.
    > Since the Internet was basically founded/born/created in 1969, that
    > would put his statement somewhere between "absurd" and "fucking
    > stupid".
    I'd agree...but we don't know if your assumption regarding the
    timeline is correct.
    > I hate to be the one who beats Duffy with a clue-by-four
    Did Mr. Duffy write the article in question?  Why not go after the
    author of the article?
    > Wonder if Duffy has installed a copy of NT or Linux lately and
    > noticed that the security posture screams "bend me over"? I'd guess
    > not.
    I'm with you...I don't think Mr. Duffy's installed anything lately.  
    However, given his position and title, I'd have serious concerns if he
    had.  He's at the level now where he considers the advice and input of
    folks who work for him.
    > > Other insights can be gleaned from ISS's inaugural quarterly
    > > report.
    > I'd love to see the details that went into this study and figures.
    Well, the article says "ISS's inaugural quarterly report".  If you
    want to see the details, go see them.
    > There seems to be a lot of leeway here as to what one considers
    > "attack", how you qualify seperate attacks, etc.
    Having worked with their products, and having chased one
    from tech support could tell me what are the details of the signature
    that triggers the "Napster_Long_Command" alert...and dealt with false
    positives (Internet Scanner 6.01 and prior would report AutoAdminLogon
    alerts if the Registry value was set to 0, signifying that the
    functionality did *not* exist) I'd agree that there is a considerable
    amount of leeway.  However the only real way to judge the report would
    be, as you say, to get the details.  After all, even Jay Heiser
    pointed out in his InfoSecurityMag column that the often-quoted
    CSI/FBI report "lacks...rigor".
    > All in all, I don't think these statements can easily be made short
    > of a lot more research.
    Agreed.  Given the issues that many of us have seen w/ the ISS
    products, can one arbitrarily accept their 'findings'?  After all, if
    RealSecure misidentifies alerts (are the signatures open to public
    examination??) and issues, what does that say about the report?  
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Apr 17 2002 - 03:49:03 PDT