eweek's 14 Aug issue had a description of a bank's hired
blackhat audit. Interesting highlights (p 55):
1. the bank's ISP, upon discovering that the bank had caused
a security alert, thereafter changed its policy to ban security
probes without telling the ISP. (Which kinda defeats the purpose..)
2. The bank's web server had services open that it shouldn't have, most
interesting is symantec's pcAnywhere, which is merely listed with
ftp, ping, etc. in the article. If Back Orifice had been found,
you know it would have been played up as scary, even though its equivalent
to Symantec's remote-control wares.
dh
