Last Word on China's Hack Attack

SA Security Bloggers

SensePost

Haroon Meer
link

Matt Erasmus
link

Andrew Mohawk

Junaid Loonat
link

Barry Irwin
link

Tom Wells

Allen Baranov
link

Jock Forrester
link

IT Security Pubcast
link

Telspace

ISGAfrica

Ralfe Poisson

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.

Random Entry: SRC Webpage
< Storing Passwords Explained | IDS vs IPS >

Friday, September 14. 2007

Last Word on China's Hack Attack

I like it when people agree with me, especially when it is Prof. Eugene Spafford.

In my entry titled 'The Titans still Reign' I said:

The 'horn blowing' around these attacks is completely opposite to what we have seen with other compromises where it took a (American only) law to get any sort of disclosure out of companies. Could it be that some sort of pariah state is looking to garner sympathy for an attack (the truth of the compromise is not relevant in this theory).

Today, Prof Spafford said something similar:

It remains to be seen why so many stories are popping up now. It’s possible that there has been a recent surge in activity, or perhaps some recent change has made it more visible to various parties involved. However, that kind of behavior is normally kept under wraps. That several stories are leaking out, with similar elements, suggests that there may be some kind of political positioning also going on — the stories are being released to create leverage in some other situation.

Additionally, he agrees that we can't be sure this is the Chinese government's doing:

[W]e can be reasonably sure that not all the events being discovered are actually government sanctioned; that not all the actors are being accurately identified; and probably only a fraction of the incidents are actually being discovered.

What we can reasonably conclude from this, is that people should just read my blog instead of waiting 10 days for someone famous to say the same thing ;) Also, Bejtlich has some nice posts (1, 2, 3, 4, 5, 6, 7) on the matter.

Posted by Dominic White in Security at 18:29 | Comment (1) | Trackbacks (0)

Last modified on 2007-09-14 18:46

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

haha, i see several scans & hacking attempts from china in my logs every day ... obviously the chinese gov is trying to hack me to :-) Anyway, your blog is continually excellent ... keep up the good work btw i've actually met Spaf ... nice guy m

#1 Michael Hofmeyr on 2007-09-28 17:34 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry