Forwarded from: security curmudgeon <jericho@private> http://australianit.news.com.au/articles/0,7204,9800011%5E15321%5E%5Enbv%5E,00.html [I'm now taking bets on the first waves or lawsuits that will follow due to the strike back hitting a server that doesn't belong to the attacker (physically/financially)] Correspondents in Paris JUNE 10, 2004 THE first commercial software to strike back at computer vandals and spammers has run into crossfire from experts, who fear it could unleash "a cyber bloodbath" that could engulf the internet, New Scientist says. The product, launched in March by Texas security company Symbiot, gives companies an escalating list of options to defend themselves against hackers and other sources of unwanted traffic. The menu starts with defensive choices: blocking traffic from a certain site, limiting the amount of bandwidth that certain senders can take up, and diverting troublesome data into a 'honeypot'. From then on, the options are more aggressive. Someone who tries to hack into the company's computer can be 'tagged'. He is allowed to steal information that appears valuable but in fact infiltrates his own computer, stamping all further data packets from that source with a tag which identifies it to other Symbiot subscribers as a 'known attacker'. As a final resort, the company can send code to the attacking computer to end the assault. Symbiot refuses to say what the counter-offensive entails, although a spokesman admits it "could be seen by some as malicious code", New Scientist says. That means the software enables its customers to invade other computers, and for critics, this could open the gates to an escalating conflict where innocents could end up victims, the British weekly says. The bystanders could include ordinary people whose computers are hijacked, without their knowledge, to send out spam or email viruses, or whose internet address is 'spoofed' - used by the hacker to mask his own whereabouts. Spoofing means "it is even possible to envisage an elaborate plot in which an unscrupulous small operator lures two larger rivals into a shooting match by convincing each one that it is under attack by the other", the report says. "This type of thinking comes from a small number of security professionals, ones I'd consider hotheads, who want to get back at people," Eugene Schultz, an expert at Lawrence Berkeley National Labs, said. "It's a vigilante mentality, and it just seems so irresponsible." Symbiot, which gives access to the counterstrike software for $US10,000 ($14,526) a month, is treading carefully. Before releasing its product, called iSIMS, it issued a white paper on "rules of engagement", stressing that users should only counterstrike when all else fails. The report appears in next Saturday's issue of New Scientist. Counterstrike software is being pursued by other computer security firms, sensing the widespread frustration at the failure of law enforcement at dealing with hacking and spamming. At present, companies and individuals have only defensive options in the commercial arena, such as software for firewalls, spam filters and detectors that block suspected viruses. But these are invariably breached after a while and have to be continuously updated. Agence France-Presse _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)
This archive was generated by hypermail 2b30 : Thu Jun 10 2004 - 03:37:46 PDT