Professional Soldiers ® - View Single Post - Military Looking Abroad for Source of Cyber Attack on Pentagon

nmap · 11-25-2008, 16:20

I notice that some of my acquaintances use wireless equipment, but fail to enable encryption, thus putting all of their traffic in the clear. Depending on permissions on their machine, files could be removed or added by others. In addition, the low-end firewalls included in home routers have a default password; sometimes, people don't change it. So even someone in general compliance with the regulations mentioned could have a system that wasn't secure.

But there is a deeper problem. Viruses are programs, so new ones can be written - which means that virus detection software cannot find any signature for the virus. That means that only the behavior of such software might trigger an alert - but since the software is widely available, a clever programmer might create an exploit, test it against off-the-shelf virus software, and then introduce it into a target network. There are freely available virus creation workbenches. An unsophisticated user can point, click, and create a custom virus - then share it. Of course, actions that interfere with systems are illegal - but creation of the virus is not.

I hasten to add that I am not giving away any secrets here. All of this is in the public domain on the web, easily accessed by everyone.

11-25-2008, 16:20	#11
nmap Area Commander Join Date: Jun 2007 Location: San Antonio, Texas Posts: 2,760	I notice that some of my acquaintances use wireless equipment, but fail to enable encryption, thus putting all of their traffic in the clear. Depending on permissions on their machine, files could be removed or added by others. In addition, the low-end firewalls included in home routers have a default password; sometimes, people don't change it. So even someone in general compliance with the regulations mentioned could have a system that wasn't secure. But there is a deeper problem. Viruses are programs, so new ones can be written - which means that virus detection software cannot find any signature for the virus. That means that only the behavior of such software might trigger an alert - but since the software is widely available, a clever programmer might create an exploit, test it against off-the-shelf virus software, and then introduce it into a target network. There are freely available virus creation workbenches. An unsophisticated user can point, click, and create a custom virus - then share it. Of course, actions that interfere with systems are illegal - but creation of the virus is not. I hasten to add that I am not giving away any secrets here. All of this is in the public domain on the web, easily accessed by everyone. __________________ Carpe diem quam minimum credula postero Acronym Key: MOO: My Opinion Only YMMV: Your Mileage May Vary ETF: Exchange Traded Fund Oil Chart 30 year Treasury Bond
nmap is offline