Dailydave mailing list archives
Re: Going against the Gradient
From: Jared DeMott <demottja () msu edu>
Date: Tue, 22 Jan 2008 15:45:13 -0500
Dave Aitel wrote:
I posted a quick paper which I wrote for a private newsletter that went out in December. Quicky link is here: http://www.immunityinc.com/downloads/GoingAgainstTheGradient.pdf http://www.immunityinc.com/downloads/GoingAgainstTheGradient.odt -dave
Dave my man. I agree that security is an arm's race for signature based products. Though should we throw out the baby with the dirty water? Is no firewall, VLANs, route filtering, IDS, AV, central management/logging, etc better than a lame one? And besides perhaps some witty vendor will come up with a new solution. :) Also remember that Information Assurance is not strictly a technical issue tied to vendor solutions. There's the other happy crap like security policies, fences, card swipes, PKI, anti-social engineering training, disaster planning/recovery, risk management, etc, etc.. Hey, and since you brought up Vista you've got to admit that they're making exploitation more challenging ... though the reverse affect of that is that all 0days are now underground and not getting published since they're worth way too much. So while Vista may be more secure in terms of number of 0days out there ... the severity of secret ones (which as you mention bypass AV/IDS/etc) has risen. And it's not like we can all just stop using browsers and email clients.... :) Security's not such a lost cause - it's just as challenging as ever! Blessings, Jared _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Going against the Gradient Dave Aitel (Jan 22)
- Re: Going against the Gradient Jared DeMott (Jan 22)
- Re: Going against the Gradient J.M. Seitz (Jan 22)
- Re: Going against the Gradient Joanna Rutkowska (Jan 22)
- Re: Going against the Gradient I)ruid (Jan 23)
- Message not available
- Re: Going against the Gradient Jared DeMott (Jan 28)
- Re: Going against the Gradient Arun Koshy (Jan 28)
- Re: Going against the Gradient Jared DeMott (Jan 22)
- <Possible follow-ups>
- Re: Going against the Gradient Richard Bejtlich (Jan 24)