Strategy

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you're reading an information warfare book or paper you'll invariably
see a lot of:
1. Inane references to Sun Tzu (or, in some even more horrible cases,
any two of Sun Tzu, Clausewitz, and John Boyd)
2. Declarations that information warfare is an "asymmetric attack"

It's not asymmetric in the slightest. If you take any significant period
of time then the organization with more money has a huge advantage in
this game. That doesn't mean that good strategy doesn't hurt, and I
wanted to showcase some examples:

Halvar gave a talk on his malware classification algorithms and at the
beginning of the talk he said "This prevents the malware authors from
using off-the-shelf compilers. Current AV technologies don't do this
since bypassing them requires this five line Python script which I
believe the malware authors have automated."

Forcing your opponent to use expensive tools is good strategy. Likewise,
choosing to invest in an expensive infrastructure can be good strategy.
I believe BinNavi and Immunity Debugger fit this category.

In terms of infrastructure, the US .com and .mil communities decided to
save money and purchase a mono-culture of Microsoft technologies. Bad
strategies like this result in flailing and moaning as you get defeated
over and over by someone with better strategy, not because the
battlefield is inherently asymmetric.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHR/7otehAhL0gheoRAkI2AJ92y1bSv1xnoS3sInPJCvQzV6O/YgCfbI/G
P7xpPdZkw4cYW919WBV4GuI=
=JAP5
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave