[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [was] Blended threats
On 7/17/03 1:35 PM, "Nasseam Elkarra" <nelkarra@opensec.org> wrote: > It is more than a buffer overflow as someone mentioned in the call and > can fit into more than one category. However, blended threats usually > have an entry point. In this case, the buffer overflow provided CodeRed > the necessary privileges to perform the latter attacks. In scenarios > like this, we can try to classify the threat in multiple categories or > simply focus on the entry attack. I think this idea of whether we focus on only the entry attack or not is an important issue. For example a SQL Injection attack can be used to launch all sorts of other attacks. In some cases these additional attacks are worth noting. You may be able to modify the schema, execute OS commands, read files, etc. depending on the database in use, how the SQL being injected into is formed, and various configuration settings. In these cases, I would like to know not only about the area that is vulnerable to SQL Injection, but also the configuration settings I need to lock down to prevent the subsequent attacks. Basically, I'd like to be able to report on "defense in depth" issues. In other cases, we are only dealing with subtle differences in the payload of the attack. I may be able to accomplish a variety of things, depending on my intent, but the resolution would be the same in all cases. In this situation, it may not be important to itemize each and every scenario. I feel that if we begin to decide where the line should be drawn, this will help later in the process to keep focus on how far to take particular scenarios. Jeremy Poteet, CISSP Chief Technology Officer Technology Partners, Inc. 1-877-636-1331 x105 (toll free) 636-519-1221 x105 http://www.tech-partners.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]