[Dailydave] Myth: The US is more vulnerable to information warfare because it is more reliant on information technology

sai sonicsai at gmail.com
Wed Aug 22 02:05:09 EDT 2007 

On 8/22/07, Dave Aitel <dave.aitel at gmail.com> wrote:
>
> 1. Hacking has an economy of scale. 10 hackers working together are
> more productive than 10*1 hacker. Less advanced countries have easier
> technology to hack - NT 4.0 has unpatchable remote roots on it.
> Management software is more easily used on modern stuff than old
> crusty stuff. Technology rots, in other words. And rotted stuff is
> easy to break. We all know very well how to write Windows 2000 heap
> overflows. Nico is just getting Vista heap support into Immunity
> Debugger now.
>

Less advanced countries dont  worry about licences  :-)
Generally  you will not find ANY advertising for PCs with Windows.
They all allegedly come installed with (free)DOS or Linux. In fact
they usually  will have Vista installed.  Getting Vista installed on
an older PC costs $5 at your corner computer shop.

> 3. Complexity breeds resilience.

Well, yes, sometimes. It depends... Well connected networks are
usually  more secure, but generally complexity in components and
systems produces vulnerabilities.

>People say that hacking the United
> States and causing damage is easier because more of what the US does
> is connected, in many cases, to the Internet. However, it's also more
> resilient - a SCADA system in a country that is less dependent on
> network technology is harder to reach initially, but you're more
> likely to find a single point of failure once you do reach it.

Less developed places : the SCADA system was probably built and
designed by foreigners, meaning the blueprints may be fairly easy to
get, maybe even for free.


> 5. Having a "target rich environment" overwhelms an attacker's
> analytical capability. Even understanding one branch of the US
> military's IT infrastructure is too large a project for even the most
> well funded non-US attacker.

If you mean that having a very large number of potential targets, of
which only a small number have vulnerabilities then yes I would agree
with that.

sai

More information about the Dailydave mailing list