Funny, every time I go to a security conference where smart security folks converge, I normally hear those stories that "people just don't talk about in public": all the ominous exploits, uber-evil malware, mysterious invisible hackers, etc. Happens every time... And, just as normally, the stories sit just on the verge of believability, teetering above the abyss of sounding like Asimov at his best :-)
So, I came back from the Honeynet Project Annual Meeting (I am member of the Project now), and it just confirmed the trend. And, no, I am not sharing :-)
As far as honeypots are concerned, most are getting owned nowadays through either password guessing or web application vulns (yes, Virginia, even those with glaring root holes...) - e.g. see this report from a fellow Honeynet researcher.
tags: security, honeynet, honeypots, attacks