Dailydave mailing list archives
Re: Faster, smashter.
From: rauc <michael () mastergeek com>
Date: Tue, 09 Dec 2008 09:44:40 +1300
"Mr. Markoff is trying to tell us that the defenders are losing the battle. But if they are, it's because they *chose* to. Hackers use 0day and always have. The defenders are off making millions selling things that don't work against 0day." Whilst attackers do certainly use 0day, they also use the easiest mechanism they can to gain access or steal information. For example, why waste your valuable 0day when your target has an un-patched system, or their Citrix server has an admin password that is easily guessed? 0days are extremely important, but not at the expense of covering the known vulnerabilities. A sound patching practice may not help with the 0days, but it will certainly help with the easier stuff that has already been put into a tool for any monkey to use. 0days are a huge unknown in the enterprise. Even many of the largest of companies do not have the intellectual resources to address them, nor is it likely that they will ever get approval to increase headcount for something that is so intangible to management. (Governments being excepted. If they can afford huge bail-outs, they can afford this.) This being the case, a a non-government enterprise should consider the following to help protect from a 0day: 1) Ensure people in the security team are passionate about security, and do research in their own time, and stay active in the community. If they do not have a passion for it, they will never really help the company. I don't need a <insert certification here> who will come to work at 9am and leave at 5pm, and not try to learn more on his own time. 2) Build your applications, networks, and systems with the realisation that they will be compromised. Try to contain the breach that could happen. 3) Partner with organisations that are doing the research. Only hire the best for a penetration test or code review. 4) Buy 0days 5) Baseline system and network behaviour. Analyse any abnormal behaviour. (Easier said than done. You may never see anything.) 6) Profit _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Faster, smashter., (continued)
- Re: Faster, smashter. Fisher, Dennis (Dec 08)
- Re: Faster, smashter. Dragos Ruiu (Dec 08)
- Re: Faster, smashter. Halvar Flake (Dec 09)
- Re: Faster, smashter. Dave Aitel (Dec 09)
- Re: Faster, smashter. Rafal @ IsHackingYou.com (Dec 09)
- Re: Faster, smashter. dan (Dec 09)
- Re: Faster, smashter. Marc Maiffret (Dec 10)
- Re: Faster, smashter. Dragos Ruiu (Dec 08)
- Re: Faster, smashter. Halvar Flake (Dec 09)
- Re: Faster, smashter. security curmudgeon (Dec 09)
- Re: Faster, smashter. Jon Passki (Dec 09)
- Re: Faster, smashter. Fisher, Dennis (Dec 08)