[AusNOG] Interesting and perhaps quite scary security presentation from HD Moore of Metasploit fame

Aqius aqius at lavabit.com
Tue Feb 5 00:10:18 EST 2013


Totally agree - Security begins with the weakest link and ends with the
strongest one, and then gets thrown out the window by auditors! I mean
users, I mean life!! ;)

 

/rant BEFORE it all goes to hell (ie now), please, please DO comprehensive
logging - there's **nothing worse than ol 'let's just re-install from
scratch and make sure it's patched this time' trick.

 

Sure it's a great way of pretending to yourself and/or a team etc that
somehow now things are 'safe' again, but the feeling really has nothing to
do with reality (Anyway that is not convinced of this, please feel free to
email me).

 

Others on the list may have alternative suggestions, but as a free solution,
I'm a fan of SNARE (http://www.intersectalliance.com/projects/,
https://en.wikipedia.org/wiki/Snare_%28software%29) and it works for Windows
too (with a little massaging). /rant

 

I'm sure everyone knows this, but I'm biologically compelled

 

**Ok except the security auditors because they reeeeaaly DO need their
Dropbox to discuss your legal requirements for security!!! ;)

 

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Shane Bryan
Sent: Monday, 4 February 2013 22:56
To: ausnog at ausnog.net
Subject: Re: [AusNOG] Interesting and perhaps quite scary security
presentation from HD Moore of Metasploit fame

 

Yep or Department A finds out some sensitive documents are in the public
domain and questions how, yet insisted that some of their staff all use a
dropbox account to share some files with an external contact, such as
auditors. But then, of course, neglected to change the password after some
recent redundancies.

Security begins behind the firewall.

 

  _____  

From: ausnog-bounces at lists.ausnog.net [ausnog-bounces at lists.ausnog.net] on
behalf of Aqius [aqius at lavabit.com]
Sent: Monday, 4 February 2013 6:26 PM
To: 'Mark Newton'; 'Mark Smith'
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] Interesting and perhaps quite scary security
presentation from HD Moore of Metasploit fame

And why anyone on this list that allows a device to stay on default
passwords should be shot, beaten, and then shot more before they are allowed
to come back to the list ;)

 

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mark Newton
Sent: Monday, 4 February 2013 18:15
To: Mark Smith
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] Interesting and perhaps quite scary security
presentation from HD Moore of Metasploit fame

 

 


On 04/02/2013, at 17:17, Mark Smith <markzzzsmith at yahoo.com.au> wrote:

To me both the volume of ineffectiveness, and the apparent lack of taking
advantage of it is a surprise.

 

Three useful axioms:

 

1. Most of the infosec industry is selling snake-oil, and is actually quite
crap.  No matter how much they hyperventilate about their ability to
mitigate threats, you can spend as much money with them as you want, and
it'll make almost no difference to Anonymous' ability to pull a Sony on you.

 

2. In the rare cases where the infosec industry isn't crap and actually
tries to bring these probes to a human's attention, the human will
inevitably ignore the traces in the IDS logs as "background radiation" until
after they're 0wn3d.

 

3. Your network is nowhere near as special and interesting as you think, and
there probably aren't hoards of Chinese or Russian hackers trying to make
off with your precious unique intellectual property.  With rare exceptions,
if you get 0wn3d it's due to random chance rather than concerted effort, and
the random chance probably isn't significantly diminished if you spend more
money on whizzy black boxes (see "1" above)

 

For almost everyone, the only real, practical protection they have is, "It's
a big Internet and I'm a tiny, tiny fish."

 

And for almost everyone, that protection is good enough to quantify the
losses from successful attacks at some place similar to the losses due to
equipment failures.

 

And that, in a nutshell, is why we can still buy equipment today with
default admin passwords :)

 

   - mark

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130205/4e606113/attachment.html>


More information about the AusNOG mailing list