Banc of America Article

• Previous message (by thread): Banc of America Article
• Next message (by thread): Banc of America Article
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Does anyone else, based upon the assumptions above, believe this
statement
> > to be patently incorrect (specifically, the part about 'personal
> > information had not been at risk.') ?
>
> Which not technically correct, they are not technically incorrect
> either.

Hm.  One possible attack on BoA's data would be to log incoming udp port
1434 requests to your network, and cross reference the source addresses with
BoA's netblocks.  Now you have a list of verified vulnerable BoA MSSQL
servers.

While it's possible that _none_ of the vulnerable servers have _any_
'personal information', I'd venture to guess otherwise.

While I'm on the topic of attacking servers that attacked you first, can I
get some opinions on the ethics of this?  I think a targeted attack like the
one I described above would surely be crossing the proverbial line, but what
about an automated nmap scan of attacking hosts, where the data would be
used for aggragate statistics?  Thoughts?

Ryan

• Previous message (by thread): Banc of America Article
• Next message (by thread): Banc of America Article
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]