Comments on: Trust Storm http://thurston.halfcat.org/blog/2009/01/12/trust-storm/ We are the people your IT department warned you about Sat, 13 Mar 2010 13:15:37 +0000 http://wordpress.org/?v=2.0.5 by: Chandler Howell http://thurston.halfcat.org/blog/2009/01/12/trust-storm/#comment-289368 Tue, 13 Jan 2009 16:17:14 +0000 http://thurston.halfcat.org/blog/2009/01/12/trust-storm/#comment-289368 The asymmetric rules of engagement really hurt the Good Guys here--they can't exploit the vulnerability to clean up the machines, though the Bad Guys certainly would, so the Bad Guys get a "Free Pass" to fix the vulnerability, either now or next time. There's also a "Security by Obscurity" lesson here--I suspect that the malware writers expected that the lack of authentication would not be discovered behind the other layers of protection for their tool--until it was. The asymmetric rules of engagement really hurt the Good Guys here–they can’t exploit the vulnerability to clean up the machines, though the Bad Guys certainly would, so the Bad Guys get a “Free Pass” to fix the vulnerability, either now or next time.

There’s also a “Security by Obscurity” lesson here–I suspect that the malware writers expected that the lack of authentication would not be discovered behind the other layers of protection for their tool–until it was.

]]> by: bob http://thurston.halfcat.org/blog/2009/01/12/trust-storm/#comment-289359 Tue, 13 Jan 2009 14:49:22 +0000 http://thurston.halfcat.org/blog/2009/01/12/trust-storm/#comment-289359 Of course now the storm folks will add authentication to their network... But before that happens could the good gys act as an anti-body and cure the disease? Of course now the storm folks will add authentication to their network… But before that happens could the good gys act as an anti-body and cure the disease?

]]>