Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack35:

    Name:inadequate notice exploitation

    Complexity: Notice is trivially demonstrated to be given or not given depending on the method entry. The most effective overall protection from this sort of exploit would be the change of laws regarding certain classes of attacks.
    fc@red.a.net

    Related Database Material

    [TBVInput - Relates to Input]
    [TBVMalicious - Relates to Malicious]
    [TBVUsage - Relates to Usage]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSLogical - Relates to Logical]
    [Threat1 - insiders]
    [Threat3 - reporters]
    [Threat4 - consultants]
    [Threat5 - vendors]
    [Threat6 - customers]
    [Threat7 - Fraudsters]
    [Threat8 - competitors]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat12 - club initiates]
    [Threat13 - cyber-gangs]
    [Threat20 - crackers for hire]
    [Threat35 - information warriors]
    [Defense35 - awareness of implications]
    [Defense123 - compliance with laws and regulations]
    [Defense72 - detailed audit]
    [Defense13 - detection before failure]
    [Defense65 - increased or enhanced perimeters]
    [Defense124 - legal agreements]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense16 - redundancy]
    [Defense83 - secure or trusted channels]
    [Defense48 - security marking and/or labeling]
    [Defense27 - standards]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense24 - training and awareness]
    [Defense95 - traps]