RE: [ISN] Cyber hype

From: InfoSec News (isnat_private)
Date: Tue Dec 10 2002 - 01:01:49 PST

  • Next message: InfoSec News: "[ISN] NCIX WEB SITE UPDATE ADVISORY #24-2002"

    Forwarded from: Pete Lindstrom <petelindat_private>
    It certainly bears repeating that insiders are a large risk, if only
    because no matter how often we say it, it gets ignored. But I am not
    sure it is appropriate or even reasonable anymore to equate 'insider
    people' and 'inside the firewall' as the same thing. Certainly, these
    days it is common to have insiders accessing systems from outside the
    firewall and to have outsiders already inside the firewall. (I
    sometimes wonder if the whole insider/outsider debate was really just
    a lot of grousing about the commercial success of the firewall - what
    exactly is an 'insider' in today's world of outsourcing, contractors,
    temps, former employees, and business partners, anyway?)
    Regardless, I am not sure how your comments fit in with the context of
    the article, which is about cyberterrorism. Debunking cyberterrorism
    is getting more popular these days, with perhaps the best debunk
    article being Rob Lemos' CNET article at and the best commentary
    Thomas Greene's on The Register These types of
    articles are useful for the security community to ensure it isn't
    'eating its own dogfood' and indicative of how we will all be
    scrutinized more carefully about our opinions and attitudes when it
    comes to applying security within an organization. I think we all may
    need to be less hyperbolic and apply more intellectual rigor than we
    ever have in the past. (Now, I digress ;-)).
    Not every attack is a 'cyberterrorist' attack. There are plenty of
    other motives to go around - like plain old money in the case of the
    identity theft ring (and the movie 'Die Hard' for that matter ;-)).
    But I would suggest that in the case of 'cyberterrorism,' attacks are
    at least equally likely to come from an external location, and if you
    count unsuccessful attacks (don't know why we wouldn't), much more
    Pete Lindstrom
    Research Director
    Spire Security, LLC
    P.O. Box 152
    Malvern, PA 19355
    phone: 610-644-9064
    fax: 610-644-8212
    "clarity makes the security world stronger"
    -----Original Message-----
    From: owner-isnat_private [mailto:owner-isnat_private] On Behalf
    Of InfoSec News
    Sent: Monday, December 09, 2002 3:52 AM
    To: isnat_private
    Subject: Re: [ISN] Cyber hype
    Forwarded from: JohnE37179at_private
    Mike Butcher's article in The Guardian fires wide of the mark. If there
    is a cyber attack it will most likely come from inside firewall rather
    than outside the firewall. As the identity theft story from last week
    demonstrated, unauthorized access to secure systems are not necessarily
    hacker attacks using technology, but facilitated by compromised or
    corrupt insiders. Kevin Mittnick, the King of Social Engineering was
    able to gain access by guile as often as by hacking or cracking.
    It is the insider and his or her confederates compromising the system
    from inside the firewall we need to worry about, not the attack from
    outside the firewall.
    John Ellingson
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 10 2002 - 03:29:44 PST