though i would agree that something should be done to improve the security across the internet, this cowboy attitude could get you into more trouble than its worth. Think about the real issue. Most average home users dont have adequate protection on thier systems. And those hackers inside the "camp" usually can gain carte blanche on a home user's systems in a matter of minutes. So if I'm hacker a, attacking you through computer b, and you attack Computer b? who wins? Look at it from your attackers eyes? HA so you cut off access to one of my many avenues to get to you? ill just use another. Who suffers? in the long run, you just might, what if your counterattack destroys all evidence that might help in finding the actual purpertrator? Who gets the blame? i would have to say, you would, Cyber attacks are growing that is inevitable. The Biggest problem is, The average Joe in the public, has no clue what a cyber attack is. Nor, does the average system connected to the internet provide the user with protection against inside threats. this goes back to the old addage. most attackers are in the office. to give you an idea of the true threat. I'm on a cable network at home. yes i have a firewall. but being the inquisitive person, i decided to do a little test. i placed one of my machines, unprotected. past my home dmz. within 10 minutes i had 150 hits, on ports across the board. everything from telnet to smtp. watching just the logs from this box, i had addresses across the board. oringinating outside and inside the companies valid ip range for which i am subscribed. and this is just 10 minutes of activity with a system Just sitting idol. Who do you place blame on? do you force an ISP to insist thier users run personal firewalls? driving up thier costs and actually quite possibly past the point where services can be affective. to what end? just because you have a firewall installed? without a saavy person behind the keyboard to determine if the port is required for connection, its useless. the Biggest issue should not be "Attack Back" but "defend well" and for gods sake "educate the public" most people are scared to death of getting attacked. but have no clue how to defend themselves. i think more of an issue is, How do you provide the public with the knowledge of how to defend against attacks. how much does a security course cost these days? the cheapest i found is around 2k, excuse me, I cant afford 2k, and im highly interested in learning. you think you could get the average joe to spit out 2k to learn something he dont want to learn. Lets educate the end user. show him what is what. oh and lets not even go with Cookies, I had a Security organization expect me to open an email with html code to send them a cookie? DUH!!!!!


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/98/16084#16084