Browse archive

Latest news

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Facebook, Microsoft and Apple disclose little on U.S. government data requests

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Cisco teams with IBM, Lancope, LogRhythm, Splunk and Symantec

Secure automated archiving from Imation

Red Hat unveils OpenStack certification and solution marketplace

Asia-wide targeted campaign drops backdoor, RAT

ISC-CERT warns about medical devices with hard-coded passwords

Hacking charge stations for electric cars

Paranoia Vs. Transparency And Their Effects On Internet Security

by Mixter - Mixter Security

Of course, the toleration of any client activities on a host is always a matter of trust, a concept that I don't even want to start discussing. But fact is, in the case of malicious intruders and "aggressive" scans, nobody has a choice of accepting them or not, since they usually come from another compromised machine, and even if not, there are hundreds of other potential attackers waiting out there for every one that you manage to track down. With links to the Internet you are part of a globally accessible network, which means the best thing to do is turning off the services you don't want to have accessed, or set up access controls and firewalls, which is encouraged, but rarely done consequently in practice.

A situation where I see a direct justification of scanning is, for example, when doing a financial transaction over an e-commerce site. Personally, checking out the general security of a site, as a consumer before submitting billing info gives me more security than any certification can. I even see this as advantage for the company offering the service. If they have poor security, people would stay away from them, or possibly notify them, reducing their costs by preventing incidents (and the accompanying lawsuits of customers who have fallen victim to an attack). If they have good security, people would know it and prefer their services.

Another example is the spam problem. When receiving unsolicited mass mails in annoying proportions, I think it is justified to examine the third party smtp server, from which the mails were relayed to hundreds of addresses without authorization. Often, you can determine a lot of problems with such systems, they are mostly excellent examples of sites totally unaware of security. In that case, it's time to explain the admin a bit about network security and third party responsibilities. I think if more people would do such things, even be encouraged to do it, cybercrime laws and government regulations of IT businesses' security would eventually become superfluous.

The criminalization of scanning and the general access of network services that some people don't like to have accessed - already, the current laws can label almost any activity on a network as intrusion, because they can be interpreted arbitrarily - will ultimately lead to a situation where companies and individuals performing scans and network surveys for security relevant data are going to have big problems, while system crackers using illegally acquired resources can effectively still probe and attack any site.