Board index Unix Security

Pratical unix and internet security: reference to statement

Pratical unix and internet security: reference to statement

Post by News Use » Sat, 14 Apr 2001 06:01:08



http://www.gocsi.com/testify.htm

I think that this is misleading, but it is easier to get in from the inside.
It is also easier for someone to stand behind you and see what you are
typing on the inside, hence more easily prosecuted and hence reported.

No one wants to admit a 12 year old script kiddy hacked their site and
stole 300,000 credit card numbers and who probably won't ever be
prosecuted due to lack of evidence.


Quote:> In Spafford and Garfinkles Pratical Unix and Internet Security, they
> mention that around 80% of all security incidents are done by current
> or former employees (page 811, chap 27). Anyone know where this number
> comes from, or has more info on the statistics?

> Thanks in advance,

> -- Ole.

http://www.sunperf.com
 
 
 
Top

Pratical unix and internet security: reference to statement

Post by Barry Margoli » Sat, 14 Apr 2001 06:27:53




>http://www.gocsi.com/testify.htm

>I think that this is misleading, but it is easier to get in from the inside.
>It is also easier for someone to stand behind you and see what you are
>typing on the inside, hence more easily prosecuted and hence reported.

>No one wants to admit a 12 year old script kiddy hacked their site and
>stole 300,000 credit card numbers and who probably won't ever be
>prosecuted due to lack of evidence.

One should probably also take into account context and time.  Regarding
context, perhaps many respondents only think in terms of computer crime
(e.g. stealing money, industrial espionage) rather than joy-riding; script
kiddies probably break into lots of systems, but heavy damage is more
likely done by other types of crackers.  And as for time, when did the
"conventional wisdom" come up with the 80% figure?  The number of script
kiddies has been growing rapidly, so maybe they weren't as big a threat
when that number was estimated.



>> In Spafford and Garfinkles Pratical Unix and Internet Security, they
>> mention that around 80% of all security incidents are done by current
>> or former employees (page 811, chap 27). Anyone know where this number
>> comes from, or has more info on the statistics?

>> Thanks in advance,

>> -- Ole.

>http://www.sunperf.com

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 
Top

1. Pratical unix and internet security: reference to statement



Those statistics are usually taken from CSI/FBI surveys, such as the
one at http://www.gocsi.com/prelea_000321.htm

MartyM
www.upstatecomputer.com

2. javadoc package script

3. INTERNET/UNIX REFERENCE GUIDE

4. RH 6.2 apps running on 7.1 multi-CPU hosts: binary compatible?

5. : How to simulate a keystroke??

6. Really serious security hole in Microport Unix (Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386)

7. i586 software faster than i386? Should I compile?

8. US-MO&IL-Internet/Intranet/Network Security Manager-Unix/Firewall/permanent

9. Unix and Internet Security VARS....Needed ASAP!!!

10. free unix/internet security checker?

11. Internet Security on UNIX Networks

12. .. Job Opening << SWE Unix/Internet/WWW Security >> agent sfsys


All times are UTC
Board index