[Snort-users] [Emerging-Sigs] Reliability of signatures

Matt Olney molney at ...1935...
Thu Feb 10 10:58:18 EST 2011


No, Google got hacked because of a spear phish that sent them to a html page
that included an exploit vs. IE(6!?).  That isn't SPAM, nor is it possible
to detect, from a generic perspective, spear phishing emails.  The IDS,
hopefully, would alert on the return from the web server with the malicious
web page.  (Although in this case it was a 0-day).

Email isn't the attack, email is the deliver system or, in the case of
"click this link to get owned" the social engineering side.  The attack is
against a file format vulnerability.

On Thu, Feb 10, 2011 at 10:02 AM, Michael Scheidell <
michael.scheidell at ...8144...> wrote:

>  On 2/10/11 9:55 AM, Matt Olney wrote:
>
>  Also, SPAM isn't an IDS issue, at least from my point of view.  I worry
> about malicious, not asinine.
>
> but then again, google got hacked into due to spam their engineers opened
> ;-)
> and, in fact, most of the external hacks today happen due to insiders
> opening spam.
>
> if you lock down the whole network, put in ids/ips, application firewalls,
> do vul scans, application web scans, sem's, everything..
> you still have the lusers opening up fed ex recipients that are unknown
> viruses.  spammed to them.
> malicious?  you bet!
>
>
>
>
> --
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> ISN: 1259*1300
> > *| *SECNAP Network Security Corporation
>
>    - Certified SNORT Integrator
>    - 2008-9 Hot Company Award Winner, World Executive Alliance
>    - Five-Star Partner Program 2009, VARBusiness
>    - Best in Email Security,2010: Network Products Guide
>    - King of Spam Filters, SC Magazine 2008
>
>
> ------------------------------
>
> This email has been scanned and certified safe by SpammerTrap®.
> For Information please see http://www.secnap.com/products/spammertrap/
> ------------------------------
>
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110210/0ae83860/attachment.html>


More information about the Snort-users mailing list