Pratical unix and internet security: reference to statement

Pratical unix and internet security: reference to statement

Post by News Use » Sat, 14 Apr 2001 06:01:08



http://www.gocsi.com/testify.htm

I think that this is misleading, but it is easier to get in from the inside.
It is also easier for someone to stand behind you and see what you are
typing on the inside, hence more easily prosecuted and hence reported.

No one wants to admit a 12 year old script kiddy hacked their site and
stole 300,000 credit card numbers and who probably won't ever be
prosecuted due to lack of evidence.


Quote:> In Spafford and Garfinkles Pratical Unix and Internet Security, they
> mention that around 80% of all security incidents are done by current
> or former employees (page 811, chap 27). Anyone know where this number
> comes from, or has more info on the statistics?

> Thanks in advance,

> -- Ole.

http://www.sunperf.com
 
 
 

Pratical unix and internet security: reference to statement

Post by Barry Margoli » Sat, 14 Apr 2001 06:27:53




>http://www.gocsi.com/testify.htm

>I think that this is misleading, but it is easier to get in from the inside.
>It is also easier for someone to stand behind you and see what you are
>typing on the inside, hence more easily prosecuted and hence reported.

>No one wants to admit a 12 year old script kiddy hacked their site and
>stole 300,000 credit card numbers and who probably won't ever be
>prosecuted due to lack of evidence.

One should probably also take into account context and time.  Regarding
context, perhaps many respondents only think in terms of computer crime
(e.g. stealing money, industrial espionage) rather than joy-riding; script
kiddies probably break into lots of systems, but heavy damage is more
likely done by other types of crackers.  And as for time, when did the
"conventional wisdom" come up with the 80% figure?  The number of script
kiddies has been growing rapidly, so maybe they weren't as big a threat
when that number was estimated.



>> In Spafford and Garfinkles Pratical Unix and Internet Security, they
>> mention that around 80% of all security incidents are done by current
>> or former employees (page 811, chap 27). Anyone know where this number
>> comes from, or has more info on the statistics?

>> Thanks in advance,

>> -- Ole.

>http://www.sunperf.com

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.