NYCPHP Meetup

[Chris Bielanski]

Believe it. A lot of the security people I know got their start playing with
toys from the old l0pht team (now part of @Stake security), and the tools of
even two and three sophisticated and freely available (gotta love P2P
filesharing). 

For example, Back Orifice was such a nightmare because it was *everywhere*
and it did a really good job of sneaking past NT security. Combine that with
the omnipresent l0pht-crack and you had a one-two punch that could keep Ops
busy for a week trying to find and plug the holes because M$ didn't have
patches - or worse *couldn't* fix it at the OS level because things like BO
used ports that Windows generally couldn't live without.

I never let the thought enter my mind that "the apps aren't out there"
because they are, and they're both sophisticated and supported. Many people
sit up late every night thinking and plotting and planning and coding, just
to make life difficult for other people's PCs.


Thanks,
Chris Bielanski
Web Programmer, 
International Trademark Association,
1133 Avenue of the Americas, 33rd Floor
New York, NY 10036
+1 (212) 642-1745, f: +1 (212) 768-7796
mailto:cbielanski at inta.org, www.inta.org  
INTA -- 125 Years of Excellence



> -----Original Message-----
> From: Paul Reinheimer [mailto:preinheimer at gmail.com]
> Sent: Wednesday, July 14, 2004 3:55 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] Basic security question
> 
> 
> I never intended this to be the end all approach to my security (as
> some seem to be under that impression), but instead combine it with
> carefull coding, keeping packages up to date, apropriate firewall
> rules, etc.
> 
> I hadn't really considered the trade offs to be that severe, but it
> certainly seems to be something I should look at more closely.
> 
> I wasn't aware that tools capable of really determining what
> applications was really running were that wide spread, I saw that one
> had been updated recently on slashdot, but hadn't considered them that
> common in script kiddie world.
> 
> 
> paul
> 
> 
> 
> 
> On Wed, 14 Jul 2004 15:50:44 -0400, Mitch Pirtle
> <mitchy at spacemonkeylabs.com> wrote:
> > Chris Bielanski wrote:
> > 
> > >I had a much longer response in preparation, but Andrew 
> just nailed it.
> > >Obscurity is not security. And yes, it only stops the 
> timid assailant.
> > >
> > 
> > Not anymore, the script kiddies' scripts are smart enough 
> to not rely on
> > the HTTP headers for server/OS identification, and many use 
> NMAP for its
> > fingerprinting prowess.  Perhaps the only thing you would 
> fool is the
> > next NIMDA variant, at best...
> > 
> > Whatever time you spend modifying your banners and HTTP headers is
> > wasted, IMHO.
> > 
> > -- Mitch
> > 
> > 
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>