Forwarded from: Robert G. Ferrell <rgferrellat_private> At 06:00 AM 5/8/03 -0500, you wrote: > ISS's official stance on the defacement is here: > http://www.informationweek.com/story/showArticle.jhtml?articleID=9600021 > > Why would a legitimate website be used as a honeypot? Open letter to ISS: Just admit that you had a Web server compromised. It happens. Trying to make up some bizarre cover story does nothing but open you up to ridicule, and frankly, you've got enough of that already. We all mak mistakes. The people who impress me are the folks who admit theirs and try not to repeat them. Allow me to illustrate. Right: Oops, I misspelled a word up there. Sorry; I'll try not to type so fast in the future. Wrong: I actually misspelled that word on purpose. I'm conducting an experiment where I count the number of responses from people who point out errors in mailing list posts and divide it by the total subscriber base of ISN in order to calculate the Anal Retentive Spellers' Estimate (ARSE). See the difference? Most people will sympathize with the first explanation because, as I said, we all make mistakes. The second one is stupid and lame, and people will respond appropriately. HTH, RGF Robert G. Ferrell rgferrellat_private -=- Forwarded from: John Doe #2 > Forwarded from: The Unknown Security Person... > > [With apologies (again) to Murray Langston... :) - WK] > > ISS's official stance on the defacement is here: > > http://www.informationweek.com/story/showArticle.jhtml?articleID=9600021 > > Why would a legitimate website be used as a honeypot? > > What kind of personal information from students was gathered on this > so-called honeypot? Is it ethical to host a discussion site for > students "about BlackIce and how they can protect themselves from > hacker attacks" on a honeypot? On a honeypot??? Which is meant to > be insecure? Which is meant to be cracked? I like the implied statements that "college students are hackers" (as found at http://xfiw.iss.net/ ) but... they *claim* (keyword) that the host was known to be compromisable, yet (as stated above) this was an active and critical host. If it had been violated and *not* detected and data was manipulated or anything compromised and ISS had not noticed then you would have a security vendor functioning unwittingly as a vector of infection or compromise. On the site, as of this writing, they state: "The server's official and publicly promoted purpose was to make available to university students a free version of BlackICE PC Protection." If this machine were to be compromised silently, how many backdoored versions of BlackICE may have made their ways onto University servers? Sorry, I find this irresponsible to the nth. There's a reason why honeypots are installed on dedicated hosts and not on production devices. Either this is a flat out bad practice or ISS needs to own up to being hacked. I mean, ya don't see people running mail services or http services on their firewalls. There's a reason for that. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri May 09 2003 - 00:41:30 PDT