Slashdot had a link to this article in Business Week. It seems someone at Symantec came up with the idea of turning their users' systems into "honey pots." That is, the users' Symantec software would report intrusion attempts as means of allowing Symantec to identify new threats and who is behind the threat. Symantec would also post information about the top 10 hackers and, along with several other companies, provide a reward for information leading to the arrest of hackers.
There are a number of problems with this approach:
1) There is a "chicken and egg question" problem since it is doubtful that the Symantec software would be able to do anything about previously unknown attacks while known attacks are, well, already known.
2) Attackers with even a moderate level of sophistication do not use their own computers to launch attacks. They proxy through possibly several systems to cover their tracks. Any source identification of the attack will only show that some poor slob whose computer is already owned launched the attack.
3) The quoted "attack" in the article is most probably a result of a weak password or some sort of social engineering like shoulder surfing that allowed the user's Facebook password to be stolen. Symantec's approach won't do anything about people doing unsafe things.
4) As the article points out, hackers may not take such attempts to track them down lying down. There are a number of ways they could make life difficult for users who participate in Symantec's honey pot.
Cheers,
Dave
Friday, September 4, 2009
Thursday, June 12, 2008
Subscribe to:
Posts (Atom)