Rabu, 11 Oktober 2006

More Reasons to Discuss Threats

06.03  , ,  No comments

The word "threat" is popular. What used to be Bleeding Edge Snort is now Bleeding Edge Threats. It's a great site but I think it should have avoided using the term "threat." I think "Bleeding Edge Security" would have been better, but apparently that's not cool enough?

I noticed the OWASP is trying to define various security terms as well. (Because OWASP means Open Web Application Security Project, I didn't say "OWASP project." Those who say "ATM machine," "NIC card," and "CAC card," please take note.) OWASP has Wiki pages for attack, vulnerability, countermeasure, and, yes, threat.

For an example of a project that is largely not falling for the threat hype, check out the Vulnerability Type Distributions in CVE published last week. It provides research results on publicly reported vulnerabilities.

It might be helpful to look at already published work when thinking about what these terms mean. Good sources include the following.


The CWE Classification Tree contains a section labelled "Motivation/Intent," with an "Intentional" subsection containing items like "Trojan Horse," "Trapdoor," "Logic/Time Bomb," and "Spyware." Note these are not intended to be considered weaknesses, in the sense of a calling a "Trojan Horse" a "weakness." Rather, it seems the CWE considers the inclusion of such code to be a weakness in and of itself. This might be similar to an "Easter Egg."

While you're busy thinking of these security issues, you might want to download the latest release of Helix. I used it to try a recent version of Brian Carrier's Sleuthkit. I launched the Helix Live CD .iso within VMware, then used NFS on another system to export a dd image from Real Digital Forensics for browsing within Autopsy. I am sad to see the Sguil client is not in Helix anymore, though.

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)