MMM too bad it turns out to be a ‘paper’ excercise. A scenario book can only be tested for it effectiveness against a controlled real world test.
It’s much like a fire drill, the evac process is dull and tiresome. Learn your people how to extinguish a real fire (it’s fun burning 250 ml of gasoline) with a CO2 extinguisher and the drill will be remembered.

Well, at the very least, the computer security game means well paid work and you get to do videogames that are way more fun than most offerings these days. I probably won’t get a chance to do that either though – so I’m offering my services in advance of any further disappointments to the botnet people. Keeps you in a job, don’t it.

Just to go off on a minor tangent here – I can see that there’s going to be apps for dealing with attacks in realtime, that are going to function very much like classic (ie – arcade) videogames – a bit like House of the Dead. If it’s not immediately apparent what is meant there – applications that identify things like infected packets, flag them, and allow for commands to be entered on how to deal with them, in a graphical representive environment.
I’m not really meaning this’ll happen just for a laugh, although that itself is amusing, it’s more that when you’re dealing with realtime scenarios it’d be easier to be able to interact with the data if it’s shown graphically – quicker than using many command lines and having to lock / unlock windows, and typing.

Mmm, isn’t there a stupid law in cyberspace that’s like the stupid laws in meatspace, whereby you aren’t allowed to attack, or spy on, someone else that is attacking you, without it being considered that you’re the aggressor rather than it being seen for what it is – removing a threat and / or identifying it.

there used to be, at least for the U.S. anyway. it had to deal with reasonable expectation of privacy. in the case of government systems, they have banners that pop up saying you will be monitored. however, if someone were to break into that system, and get direct shell access…they may not see that banner. thus, they can argue that b/c there was no banner, they had a reasonable expectation of privacy and could not be spied on. however, i do believe that one of the few good things regarding teh patriot act, was a portion called something like the hacker tresspasser act thingy (very technical). this allows an agency to watch and monitor those connections. i could be wrong on this. but thsi is what i’ve heard (or at least how i’ve interpreted it) from a lawyer whose expertise is in government cyber crimes.//

‘contrary to the spirit of the exercise’ seems to be entrenched in that mindset – as if in reality any attacker is going to back-off, or be fighting you on some noble terms of yesteryear.

That said, as with meatspace again, can we expect to see a malicious breacher that has a counter-attack dealt them, then try to sue whoever they were trying to attack for damages?!

Remember I’m UK based, I know that it’s actually legal to protect yourself in some other countries. And people wonder why the UKs so full of delinquent a-holes.

The public sector people in charge were said to have scolded these companies for their initiative, claiming that it was “contrary to the spirit of the exercise”….