Going Public with Brute Force (was: CISCO PIX)

Rick Smith rick_smith@securecomputing.com
Fri, 19 Jun 1998 14:23:44 -0500


Regarding brute force cracking attacks against commercial victims:

>> >It is likely that you wouldn't hear about it if it happened.
>> 
>> Disagree. If such attacks cause financially significant damage in a number
>> of enterprises, then the results *will* become public.
>
>No, they won't necessarily become public. 

Actually, we've started talking about two different things here: I'm fully
aware that specific attacks against specific victims might never become
public knowledge.

However, there's a different and much more important piece of information:
a determination that brute force decryption attacks are regularly being
performed against commercial targets, and that such attacks are really
causing damage to these targets. This is the aggregation of half-told
stories about particular incidents in which "the names have been changed to
protect the innocent." This is what I believe will become public knowledge
and, indeed, can't be prevented from becoming public knowledge.

Rick.
smith@securecomputing.com