Linked by David Adams on Tue 28th Jun 2011 15:35 UTC, submitted by HAL2001
Privacy, Security, Encryption In an unexpected move for a security company, SecurEnvoy today said that cyber break-ins and advanced malware incidents, such as the recent DDoS attack by LulzSec, should actually be welcomed and their initiators applauded. The company's CTO Andy Kemshall said: "I firmly believe that the media attention LulzSec’s DDoS attack has recently received is deserving. It’s thanks to these guys, who’re exposing the blase attitudes of government and businesses without any personal financial gain, that will make a difference in the long term to the security being put in place to protect our own personal data!"
Permalink for comment 478955
To read all comments associated with this story, please click here.
RE[2]: Comment by MORB
by sagum on Tue 28th Jun 2011 19:51 UTC in reply to "RE: Comment by MORB"
sagum
Member since:
2006-01-23

...in context of the piece quoted, the vendor specifically mentions that DDoS encourage better data security, which is idiotic.


There's no connection between bandwidth limitations and data security. If you can't keep up with the attacker/botnet, then your dead. It doesn't indicate anything about bad security practices.


Except these recent DDoS attacks haven't been just about raw fragmented packets hitting the server with more bandwidth then the server can handle.

If you look at the LOIC that the anonymous group use, they target a website to request pages that take up vast amounts of resources, be it memory, server side scripting or database load.

An example would be searching in the help section of a website and searching for a common word, or even letter such as 'a' and the search results taking several seconds per request due to high CPU time or Database load on the servers. In this instance, just a few people (sometimes even 1 person) can take down a website simply because of bad code.

Reply Parent Score: 2