Related link: http://www.securityfocus.com/infocus/1808
Intrusion detection, attack detection, probe detection - all nice, but I want to know when the stuff is truly “0wned” - compromised, penetrated, infected, etc. This paper looks at the problem of reliably discovering compromised machines on corporate networks. I also received a peculiar comment about the claim quoted in the first section. The person provided some hints that the claim might indeed be true.