[Dataloss] An amazing use of DLDOS

Adam Shostack adam at homeport.org
Thu Sep 7 18:40:47 EDT 2006


On Wed, Sep 06, 2006 at 01:50:52PM -0500, Chris Walsh wrote:
| On Wed, Sep 06, 2006 at 10:24:03AM -0700, George Toft wrote:
| > What would also make the database really useful for research is if we 
| > could categorize the primary (and secondary) causes of the loss.  For 
| > example:
| > pri_cause - laptop theft
| > sec_cause - policy violation
| 
| 
| Forget about sec_cause :^)
| 
| For pri_cause, you often find that it was a compromised web site.  So, that
| could mean an application flaw (SQL injection), a misconfigured web server,
| poor or no authentication, a braindead firewall, etc.  The same logic 
| applies to other compromises.  You get the general "cause", but not what
| really happened.  It is frustrating, but sort of interesting.

I've been thinking for a bit that it would be great if reporters had a
document that helped guide them to ask interesting, probing questions
about these failures.  We might provide similar guideance to the
agencies who accept these reports on what questions they should offer
up on their sites.

Adam


More information about the Dataloss mailing list