Re: defeating firewalls made easy

"itoii 3uvu" <itoii3uvu@hotmail.com> wrote in
news:lhkme.2756$rb6.757@lakeread07:
> http://www.debka.com/article.php?aid=1031
>
> the criminals once again demonstrate the historic illusion of computer
> security . . .
>
>

There are many ways to get corporate data. The number one way is still
through dishonest employees, and I don't think that this will ever lose its
Number 1 position. A DVD or CD filled with data fits nicely in a coat
pocket or purse.

The number 2 way seems to be cracking the system. Corporate security looks
important at board meetings and analysts conferences, but most firms (and
governments) spend too little money and time protecting their systems from
intrusion. This is evidenced by the large number of "surprising breakins"
which happen daily. These aren't firewall problems. They are problems with
bad code, such as most of the PHP web site code running around.

Lower down on the list is purchased software with "back doors". Look at
what your company bought recently. A big portion of the software sold today
has "service ports" which the vendor uses for contract maintenance and
emergency repair. Do you know exactly how those ports are used when vendor
assistance is required? Do you know for sure that one of the vendor's
programmers didn't stick a trojan in the software? Even worse, is the $25
per hour technician fixing the problem helping him/herself to some data as
well? If no one expects vendor related data theft, no one looks very hard
for it.

I'm sure that other people can cite instances where back doors were
installed in corporate servers by contractors/vendors. I can only recall
one case with an accounting program "addon", and it was only caught because
the admin decided to run a network analyzer on systems housing accounting,
development and payroll data. She found where the purloined data was going.
The would-be thief got a whole three years probation and was admonished to
"stay away from computers" during the period.
Received on Thu Sep 29 19:53:15 2005