±Partners and Sponsors
New Today: 1
New Yesterday: 4
· Webmail Forensics – Digging deeper into Browsers and Mobile Applications
· Operation Endeavour: The Tip of the Iceberg?
· Forensic analysis of the ESE database in Internet Explorer 10
· WhatsApp – discovering timestamps of deleted messages
· Man In The Middle Attack: Forensics
· Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases
· Windows 8 File History Analysis
· Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection
· Bitcoin Forensics Part II: The Secret Web Strikes Back
±Follow Forensic Focus
7Safe UK Security Breach Investigations Report 2010
The UK Security Breach Investigations Report, supported by high profile organisations SOCA (Serious Organised Crime Agency) and the Metropolitan Police’s Police Central e-Crime Unit, is available in digital format free of charge from www.7Safe.com Breach Report
7Safe is a leading Computer Security and Forensics consulting firm offering a diverse portfolio of services in the fields of computer forensics, Incident Response, penetration testing, PCI DSS compliance and audit, eDiscovery / eDisclosure, and IT security training & certification.
To find out more, please visit 7Safe
- Mogyin what makes for fascinating reading.
It does make for some fascinating reading, thanks.
However, and with all due respect for the Authors, I can find in the report conclusions very little beyond the "normal common sense" that any IT managing a site/web resource managing sensible data should already have of should have been thought the very first day of the "basic course" he should have attended (I am talking about the twelve requirements).
I am a bit perplexed by the contents of page 20.
I have the impression that most people will simply look at the very nice chart stating that 36% of attacks came from Vietnam and 29% from U.S.A. and, completely avoiding reading the actual text, from which it is clear the absolute lack of connection between the pie and the actual origin of the attacks, draw "false" conclusions.
Since 62 is already a very small sample to draw statistical data from, and the number of cases where an actual trackback was performed (the exact number of which is not specified, but that is clearly a very small sub-set of the 62 cases total), I don't think that the data so well rendered graphically is anywhere near an actual representation of the provenance of the attacks.
Maybe the disclaimer about the chart only representing (mostly) just last "hop" should be given more evidence, to avoid "speed readers" get the "wrong" idea (that most the "bad" guys are either in the US or in Vietnam instead of the only conclusions one can draw, which is IMHO that - for reasons unknown - servers or PC's in U.S.A. and Vietnam appear like more easily accessible/exploitable).
- Senior Member