Who buys stolen business data? Brett Kingstone, founder of Super Vision International ... knows the answer all too well. In 2000, an intruder breached Super Vision's public-facing website and probed deep enough to snatch secrets behind the company's patented fiber-optic technology ... [which] made its way into the hands of a Chinese entrepreneur ... [who] built a new Chinese factory from scratch and began mass marketing low-priced counterfeit lighting fixtures ... "They had an entire clone of our manufacturing facility"
ouch... it matches up w/ reports we've heard over the years, from titan rain to reports of mass EU data theft coming out of china. and it matches up w/ incidents i've seen personally.
anyway, the relation to the last post is just that identifying *what you have* that is valuable, and *where it all resides*, is a pre-req to getting down to securing those assets.
=-=-=-=-=-=-=-=-=-
also, i've done some waf work lately, and came away feeling (like many others) that they don't do much to prevent application layer attacks.
i came across a sans diary entry (linkage lost) that gave me pause tho. in my experience fighting wafs, there was a lot of trial and error finding ways around them, and those bypasses varied depending on which waf i was fighting.
until attackers make smarter bots that attempt a variety of app level attack vectors, waf's might offer worthwhile protections against asprox-like 'dumb' bot attacks.
attackers sitting at a keyboard tho? not holding my breath there ;)
No comments:
Post a Comment