Mushy Mushy wrote:
whyterabbyt wrote:Surely the question should be "which companies couldn't know, so I can avoid them"
Because if a company like that doesnt have their systems set up to log everything significant that happens to them, and mechanisms in place to check those logs for anomalies, they're doing it -all- wrong.
Ok sure, I hear you.
A well protected company would be set up to check for bulk downloads, unauthorised accesses etc. I get that.
My point though, is if Mr Hacker is so good as to get into these systems in the first place surely he/she is also able to mask their intrusion.
Yes/no/maybe/stop being so daft
Sure, an intruder could
be in a position, for example, to manipulate the logs, and hide their tracks, and have the skills to do so. It doesnt mean that'll be the case, though. For example log files dont necessarily get stored on the same system as they're generated on, and its entirely possible that no user can actually write them. There are also all sorts of ways manipulation of the log files can be detected; in some systems, any changes to the log files can be logged too and deleting an entry in a log file would be an automatic flag for an intrusion detection system.
Getting access to files isnt the same as getting access to the low-level operations of the filesystem. Getting access the easiest way 'merely' requires compromising an existing user account that already has access. That can be done in a variety of ways, but relying on human stupidity (dumb password choice, or social engineering) is easiest. Those sort of ways in dont necessarily give one a means of changing the system. The very sophisticated ways in might, and they might be less detectable.