|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: On classifying attacks
From: Crispin Cowan (crispin
novell.com)
Date: Thu Aug 04 2005 - 01:29:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Forte Systems - Iosif Peterfi wrote:
> Basicaly, compound attacks need the victim intervention.
No; compound attacks need more than one attack vector. In your example
of attacking a web server, the attacker needs a compound attack
comprised of a remote->local attack and a local->root attack to take
over the machine. It is "compound" in that it is comprised of more than
one attack, but does not necessarily involve the victim's intervention.
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]