[Dailydave] Location Location Location
Dave Aitel
dave at immunityinc.com
Tue Oct 23 14:36:42 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A common situation in our penetration tests (and yours) is that we get
an IP range and some verbal information about it. For example: "This
is our New Jersey Data Center". Sometimes the IP range you get is off
by a digit, or was mistyped, or is , in fact, a California data
center. For a long time now, CANVAS has had GEOIP support built in,
so that you could avoid attacking countries you didn't want to attack,
but now it's much much cooler...
CANVAS World Map Demo (flash):
http://www.immunityinc.com/documentation/mappingbeta.html
Uplink hacking game screenshot:
http://www.uplink.co.uk/cgi-bin/screenshots.cgi?pic=uplink4.gif
The point is, location matters. Both network location (we're working
on a Visio-like scrap-pad so you can say "firewall is here") and
physical location. For example, perhaps you have a client-side exploit
you've spammed to thousands of people in the company, but you only
want to own people who are not in HQ, because HQ is full of
programmers and other IT specialists. Or perhaps you just want to
visualize what you're doing so you can better understand where the
problems in the network are. Location gets you when people go off of
work, when the holidays are, and what the default language is.
And it's darn pretty. :>
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHHj85B8JNm+PA+iURAgOaAKC59I08mXE8wMfBVWU9Ft4HTENu5gCgi8F/
vxMe7jt7Q6A/Zgh4zIhP8Hk=
=GHAS
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list