[WEB SECURITY] Securing apache installation with PHP

Ofer Shezaf Ofer.Shezaf at breach.com
Sun May 29 08:07:31 EDT 2005



...
>  	In the end, service obfuscation achieves nothing.  One of three
> things will still happen: the anklebiting scriptmonkeys will just bang
> away at it; automated intrusion agents (worms) won't give a good rip
and
> will still bang at it; and the truly skilled attacker will see right
> through it.  Thus, the net value of said service obfuscation is nil.
> 

Speaking of attacks performed by skilled attackers, the following story
was released just today in Israel:

http://www.haaretzdaily.com/hasen/spages/581718.html

In short - some of the largest companies in Israel rent the services of
private investigators to plant Trojan horses on competitors' computers.
Among the companies two of Israel's leading cellular operators, the
Israeli direct TV operator. VPs in these companies where arrested.

A separate article in Hebrew claims that the Trojans where planted using
CDs that where given to competitors employees and using targeted
e-mails.

While not directly application security related, what further evidence
do you need that targeted attacks and not worms are not real problem of
the digital area?

~ Ofer

Ofer Shezaf
CTO, Breach Security
Phone (US): +1 (760) 268.1924 ext. 702
Phone (Israel): +972 (9) 956.0036 ext.212
Cell: +972 (54) 443.1119
ofers at breach.com
http://www.breach.com


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list