Mobile network giant Telefonica has launched new business unit Eleven Paths, which promises unprovoked attacks on customers every day, in the interests of greater security. Eleven Paths will be semi-autonomous within Telefonica, and will provide ongoing penetration testing to subscribing customers (think businesses, not mobile …
hasn't this already been done?
if you believe everything in the media, I thought this had already been done, to both biz and joe public..
maybe they just forgot to tell them they'd been hacked and learnt (too late) whenl AV/security fix released
eleven paths - isn't that in chinese folklore somewhere?
Re: Eleven Paths
Apparently there's an Indian / Kashmiri proverb "Eleven persons take eleven paths." (I haven't checked a local map to see if this is plausible) -One- result for "Eleven Paths of Human Experience" in "The Tibetan Yada-yada of Serenity". And some mentions in bad amateur fiction (I haven't read it, I assume it's bad) and in "teaching Freud" (they can't teach him much!) And discussions of paths that there happen to be eleven of. And lots of coverage of Telefonica. But maybe Google has a bias towards news - or they got penetrated and hacked...
The big question is..
.. who exactly will they tell when they find a vulnerability?
Re: The big question is..
You, via your own corporate email account.
This is a necessary service
It is a reasonable assumption that untested security will be faulty.
Securing network facing systems against attack from the network is an ongoing effort. Testing must therefore also be ongoing. A system that is attacked unsuccessfully cannot be proven secure (deductively). However a system that is attacked successfully is thereby demonstrably insecure.
I doubt very much that systems sitting on top of Microsoft Windows or Linux can be proven secure by analysis. They are too complex. Since they are always changing, they have too many unknown states that they can get into. An inductive 'proof' that the system is secure by tested resistance to attack is the only way to get reasonable assurance that the system is even nominally secure.
It is likely that in practice, systems will be breached much more often than their owners might expect. My instinct is that untested systems can be assumed insecure against a professional attack. Better if attacks are done by a white hat working for you rather than a black hat working against you.
I am not (by choice) expert in cracking systems. I can't say to what extent an adaptive hardware firewall is secure. However I expect it would prove much more resistant to attack in practice than a system without one. The corollary is also true, I think. A system lacking an adaptive hardware firewall is likely much *less* resistant to attack.
Perhaps people who spend more of their time managing client networks can comment: How important is it to place an adaptive hardware firewall between Internal and External networks?
Isn't this illegal in some countries?
such as Germany?
Re: Isn't this illegal in some countries?
OK, so I'm no expert on the intricacies of German law, but, how could it be possible for it to be illegal to pay another company to perform security testing on your own network?
"Informatica 64 created the (free) FOCA toolkit, an open source tool used to analyse documents hosted on a web site in order to chart the network architecture hidden behind the corporate firewall."
"Informatica 64 also sells "MetaShield", an application for stripping such data before the files leave the safety of the office, for companies concerned about the existence of FOCA."
In other words, we've created this open source toolkit that helps attackers penetrate your network, and surprise surprise, we've created a service that will help you mitigate the effects of our open source attack tool.
Re: Cynical B*****ds
I was just going to post about what a great business model they have.
So what makes them better than the "you have a virus pay is $39.99 to remove it" crowd?
As a Telefonica customer I already am penetrated every day...the *second* I joined up they sold my email address to every bastard out there.
This randomly attacking your system can get out of hand - like Cato vs Clouseau
I'm so glad I am not with Telefonica!
Re: random attacks
You did read the article din't you?
Go back and try again, then you may grasp the concept of signing up for this and asking them to do it.
Nobody EXPECTS the Spanish Inquisition!
Mine's the Cardinal's outfit.
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Apple tried to get a ban on Galaxy, judge said: NO, NO, NO