http://blogs.technet.com/steriley/archive/2009/01/20/attacks-against-integrity.aspxI’ve been mentioning this frequently during my talks in the last 12 months: that accidental or malicious data modification is yet something else we need to defend against. Richard Bejtlich wrote last year about attack progressions , and this year summarizeden-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/steriley/archive/2009/01/20/attacks-against-integrity.aspx#3192941Wed, 28 Jan 2009 09:09:44 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3192941Morgan Storey<p>It was only a matter of time, the bad guys read the same books as us, they had to eventually see the CIA model and go uh-hah we haven't hit I yet.</p> <p>I wonder how cloud services are going to deal with this. I saw an article in my RSS last night about a proposed EDOS, or Economic DOS, that basically overloads a companies cloud hosted stuff so that their bill goes through the roof and the company folds. What is to stop a baddie messing with data on its transition to/from/in the cloud to destroy the integrity, just add a 0 here, move a decimal place there and utter-chaos insues.</p> <p>PS: for some reason the subscribe to comments via RSS rarely works for me, is there anyway we can be notified of responses via email?</p> http://blogs.technet.com/steriley/archive/2009/01/20/attacks-against-integrity.aspx#3192950Wed, 28 Jan 2009 09:12:11 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3192950MorganStorey<p>Further to the PS I tried creating an account sometime ago but it never seemed to work...</p> http://blogs.technet.com/steriley/archive/2009/01/20/attacks-against-integrity.aspx#3202367Sun, 15 Feb 2009 08:26:36 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3202367Alun Jones<p>It should be CIAA - Confidentiality, Integrity, Availability and Audit.</p> <p>When the first three fail (and they always will, eventually), the fourth should be there in order to allow you to figure out who took you over, how they did it, and whether you can stop them.</p>