[nylug-talk] 2 forwarded messages from the cryptography mailing list about statistics of 0wned machines on Net

Jay Sulzberger jays at panix.com
Mon May 21 11:49:53 EDT 2007 


---------- Forwarded message ----------
  Date: Mon, 21 May 2007 07:22:30 -0700
  From: Paul Hoffman <paul.hoffman at vpnc.org>
  To: John Levine <johnl at iecc.com>, cryptography at metzdowd.com
  Cc: perry at piermont.com
  Subject: Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)

  At 6:34 PM +0000 5/20/07, John Levine wrote:
  >  >I've heard nothing formal, but my strong understanding is a lot of US
  >> government machines, at least if we're talking workstations on
  >> non-classified nets, are in fact "0wn3d" at this point.
  >
  > Well, here's an anecdote: at last year's CEAS conference, Rob Thomas
  > of Team Cymru gave the keynote on the underground economy, with a most
  > horrifying set of both live demos and selected snapshots of the online
  > bazaars where online warez are traded, everything from zombie farms to
  > spamware to stolen credit cards.  One of the more amusing was a guy
  > who offered a zombie in some part of the government that you'd hope
  > would be moderately secure, NASA or someplace like that, at a higher
  > than normal price.  The immediate response was ridicule, bots on
  > government nets are a dime a dozen, and aren't worth any more than any
  > other bot.

  Oh, goodie. I get to the same source to show the opposite. At Rob's talk at the
  AOTA summit, he talked about someone offering some botted machines in a
  particular US government subnet at a normal prices and someone quickly over-bid
  by a suspiciously high amount. The assumption is that it was for the possible
  data on those machines.

  --Paul Hoffman, Director
  --VPN Consortium

  ---------------------------------------------------------------------
  The Cryptography Mailing List
  Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com




---------- Forwarded message ----------
  Date: Mon, 21 May 2007 10:55:11 -0400
  From: dan at geer.org
  To: perry at piermont.com, ptrei at rsasecurity.com
  Cc: cryptography at metzdowd.com
  Subject: Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)



  A while ago, I did a rough calculation that made
  me state that 15-30% of all machines are no longer
  under the sole control of their owner.  In the
  intervening months, I got some hate mail on this,
  but in those same intervening months Vint Cerf
  said 40%, Microsoft said 2/3rds, and IDC said 3/4ths.

  Whatever it is, it is >> 0.

  And, of course, definitions matter.  I don't think
  that 0wned is a binary variable any more; there are
  degrees of 0wned-ness with a wide range between the
  optimist ("I replaced` the only program that was
  trojaned") to the pessimist ("Any compromise of any
  sub-component makes the entire edifice untrustable").

  --dan

  ---------------------------------------------------------------------
  The Cryptography Mailing List
  Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the nylug-talk mailing list