Going Public with Brute Force (was: CISCO PIX)
Fri, 19 Jun 1998 14:23:44 -0500
Regarding brute force cracking attacks against commercial victims:
>> >It is likely that you wouldn't hear about it if it happened.
>> Disagree. If such attacks cause financially significant damage in a number
>> of enterprises, then the results *will* become public.
>No, they won't necessarily become public.
Actually, we've started talking about two different things here: I'm fully
aware that specific attacks against specific victims might never become
However, there's a different and much more important piece of information:
a determination that brute force decryption attacks are regularly being
performed against commercial targets, and that such attacks are really
causing damage to these targets. This is the aggregation of half-told
stories about particular incidents in which "the names have been changed to
protect the innocent." This is what I believe will become public knowledge
and, indeed, can't be prevented from becoming public knowledge.