by Anton Chuvakin
Related link: http://www.securityfocus.com/infocus/1808
Intrusion detection, attack detection, probe detection - all nice, but I want to know when the stuff is truly "0wned" - compromised, penetrated, infected, etc. This paper looks at the problem of reliably discovering compromised machines on corporate networks. I also received a peculiar comment about the claim quoted in the first section. The person provided some hints that the claim might indeed be true.
The claim: "most of the Fortune 2000 companies have already been penetrated by hackers (and have been in that state for years!). Hackers move in and out at will through the backdoors and other covert channels without the security personnel knowing or even suspecting it."