Anonymized post not from me.

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anonymized post follows:



Dave - Not normally an anonymous coward, but in this case, would
appreciate it if you could please strip the originator meta data
and forward to the list. Thank you!

- --

Halvar et al,

The original Washington Post article is at:

http://www.washingtonpost.com/wp-
dyn/content/article/2008/05/02/AR2008050201646.html

My 5c on this is that given how poor inter-agency communication is
on the most basic IO/IW topics, I highly doubt anything that gets
turned into policy concerning use of offensive IO resources, for
defensive means is going to have any teeth to it what-so-ever.

Consider the likelihood of an offensive organization (say JTF/GNO)
releasing the sploit they just dropped 50g's on, to some much
larger defensive organization (in a less well controlled
environment) so that they can can dream up a workaround / patch,
that is going to have little (if any) impact on the defensive
posture of the respective organization anyway. Assuming that some
well funded foreign signals int group did possess the very same
0day that the US GOV just spent time working on defenses for,
they're going to have 10 more up their proverbial sleeves anyway.

The NSC needs to stop being a so idealistic with the cyber topic
and start familiarizing itself with the realities of how things get
done outside of the whitehouse.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIHyQgtehAhL0gheoRAljcAJ9t8+NBU8EilOnN9WMGS0PgH+Sp7gCePQo5
SUx03YbbP/B1xFonKMbZcvQ=
=+Dlg
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave