Dailydave mailing list archives
Anonymized post not from me.
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 05 May 2008 11:13:36 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anonymized post follows: Dave - Not normally an anonymous coward, but in this case, would appreciate it if you could please strip the originator meta data and forward to the list. Thank you! - -- Halvar et al, The original Washington Post article is at: http://www.washingtonpost.com/wp- dyn/content/article/2008/05/02/AR2008050201646.html My 5c on this is that given how poor inter-agency communication is on the most basic IO/IW topics, I highly doubt anything that gets turned into policy concerning use of offensive IO resources, for defensive means is going to have any teeth to it what-so-ever. Consider the likelihood of an offensive organization (say JTF/GNO) releasing the sploit they just dropped 50g's on, to some much larger defensive organization (in a less well controlled environment) so that they can can dream up a workaround / patch, that is going to have little (if any) impact on the defensive posture of the respective organization anyway. Assuming that some well funded foreign signals int group did possess the very same 0day that the US GOV just spent time working on defenses for, they're going to have 10 more up their proverbial sleeves anyway. The NSC needs to stop being a so idealistic with the cyber topic and start familiarizing itself with the realities of how things get done outside of the whitehouse. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIHyQgtehAhL0gheoRAljcAJ9t8+NBU8EilOnN9WMGS0PgH+Sp7gCePQo5 SUx03YbbP/B1xFonKMbZcvQ= =+Dlg -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Anonymized post not from me. Dave Aitel (May 05)