Comments on: Another Doomsday Scenario

By: Chris Q

Chris Q — Thu, 03 Nov 2005 03:42:09 +0000

All it takes to turn a black hat into a white hat is a big company offering them lots of money. If there are no volunteers looking for holes, corporations will have to buy the services of someone who can keep their site up and running.

By: Pete

Pete — Wed, 02 Nov 2005 18:58:33 +0000

@Chris – I do think the Rescorla paper is interesting, though there was an attempt to refute it by Andy Ozment.

@Anton -

re: your assumption that vuln researchers “squash” the bugs of black hats – isn’t that a big assumption? The only related research on software rediscovery that I’ve seen suggests that may 6-8% are rediscovered. Wouldn’t you need to take away all an attacker’s “guns” or “bullets” in order to protect against being shot? (I only need one).

re: being 0wned – I think you indicate that people would be 0wned over and over. Do you really think they would just all accept their fate forever?

By: Anton Chuvakin

Anton Chuvakin — Wed, 02 Nov 2005 16:39:31 +0000

Fine, I’ll bite! This is fun discussion.

>1. What characteristics about our current
>situation preclude this exact thing from
>happening today?

On the positive side and assuming that vuln research ‘squashes bugs’ that are possessed by blackhats (at least part of the time), there is a chance of fixing the problems before they are exploited

On the negative side, current situation has too much ‘fighting noise’

>2. How come people won’t be able to figure out
>that they are 0wned?

Well, if a novel approach was used to attack you (new vuln or even a new class of vulns), you are left with a heap of evidence and a need for a bunch of skilled forensic investigators. You might be able to figure out that ‘yes, indeed you got owned’ and possibly ‘what they took’ but might be left in the dark about ‘how they did it’. At least, the latter is not a certainty.

By: Chris Walsh

Chris Walsh — Wed, 02 Nov 2005 15:53:16 +0000

Funny you should ask:

http://www.interesting-people.org/archives/interesting-people/200406/msg00035.html

By: Anton Chuvakin

Anton Chuvakin — Wed, 02 Nov 2005 14:23:25 +0000

Hmm, I never meant to project an impression that it is a ‘doomsday scenario’ – see my comment in the end about the overall risk…

By: Thomas H. Ptacek

Thomas H. Ptacek — Wed, 02 Nov 2005 12:25:17 +0000

They’ll be about as effective at knowing they’re owned as they are today, which would be the problem. Don’t even need lots of experience to know the answer to that question: it’s why everyone’s so concerned about Windows rootkits, not to mention the reason rootkits were invented (around 1992) in the first place.