Reply From: Kris Benson <doctorkb@netbistro.com>
At 06:10 PM 01/06/98 -0600, you wrote:
>> True all the way, but it would be possible to give them something ELSE
>> than what they intended to download. It would be more of a trap, but
>
>This is a reasonably good idea, but how do you get the bad guys to
>download your trojan? Many perpetrators of breakins don't download
>anything at all.
Well, if you put it somewhere like:
/private/Windows99/Updater/update.exe
you would probably get a great deal of the ankle-biters and script-kiddies
to download it. (I'm sure we all remember the Windows97 updater -- 1.38mb
of nothing, but it did update your startup screen)
Now, I'm not sure what the statistics are, but I would imagine this would
deter a significant portion of the cracking community -- at least after a
few years. With any luck the script-kiddies that were destined to become
super-crackers would be the ones caught by this...
>The internal email address should probably not be able to send or receive
>mail from the rest of the world, otherwise it becomes not an internal
>email address but an external address that not very many people know
>about.
Just another example of why security by obscurity doesn't work.
-kb
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jun 1 23:19:38 1998