Telefonica's new offering: We will penetrate you by surprise, every day Mobile network giant Telefonica has launched new business unit Eleven Paths, which promises unprovoked attacks on customers every day, in the interests of greater security. Eleven Paths will be semi-autonomous within Telefonica, and will provide ongoing penetration testing to subscribing customers (think businesses, not mobile …
if you believe everything in the media, I thought this had already been done, to both biz and joe public..
maybe they just forgot to tell them they'd been hacked and learnt (too late) whenl AV/security fix released
eleven paths - isn't that in chinese folklore somewhere?
Apparently there's an Indian / Kashmiri proverb "Eleven persons take eleven paths." (I haven't checked a local map to see if this is plausible’) -One- result for "Eleven Paths of Human Experience" in "The Tibetan Yada-yada of Serenity". And some mentions in bad amateur fiction (I haven't read it, I assume it's bad) and in "teaching Freud" (they can't teach him much!) And discussions of paths that there happen to be eleven of. And lots of coverage of Telefonica. But maybe Google has a bias towards news - or they got penetrated and hacked...
It is a reasonable assumption that untested security will be faulty.
Securing network facing systems against attack from the network is an ongoing effort. Testing must therefore also be ongoing. A system that is attacked unsuccessfully cannot be proven secure (deductively). However a system that is attacked successfully is thereby demonstrably insecure.
I doubt very much that systems sitting on top of Microsoft Windows or Linux can be proven secure by analysis. They are too complex. Since they are always changing, they have too many unknown states that they can get into. An inductive 'proof' that the system is secure by tested resistance to attack is the only way to get reasonable assurance that the system is even nominally secure.
It is likely that in practice, systems will be breached much more often than their owners might expect. My instinct is that untested systems can be assumed insecure against a professional attack. Better if attacks are done by a white hat working for you rather than a black hat working against you.
I am not (by choice) expert in cracking systems. I can't say to what extent an adaptive hardware firewall is secure. However I expect it would prove much more resistant to attack in practice than a system without one. The corollary is also true, I think. A system lacking an adaptive hardware firewall is likely much *less* resistant to attack.
Perhaps people who spend more of their time managing client networks can comment: How important is it to place an adaptive hardware firewall between Internal and External networks?
"Informatica 64 created the (free) FOCA toolkit, an open source tool used to analyse documents hosted on a web site in order to chart the network architecture hidden behind the corporate firewall."
and...
"Informatica 64 also sells "MetaShield", an application for stripping such data before the files leave the safety of the office, for companies concerned about the existence of FOCA."
In other words, we've created this open source toolkit that helps attackers penetrate your network, and surprise surprise, we've created a service that will help you mitigate the effects of our open source attack tool.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
