Re: How do I defend against 0day?

[Richard Bejtlich <taosecurity () gmail com>]

On Sun, Apr 19, 2009 at 4:55 PM, Jeffrey Czerniak <jeffcz () gmail com> wrote:
> (Moved this conversation to dailydave per Dave's suggestion)
>
> Pardon my naivete... I am somewhere on the spectrum between "paid
> security professional" and "Symantec said zero infections, how did
> they get my bank password?"    I'm one of those schmoes who reads
> security blogs, follows the NSA hardening guidelines, patches
> regularly, browses with Firefox/NoScript, but still realizes that
> there are 0day threats out there that could compromise my machine.
>
> On Twitter, Adam Shostack argued that in effect, I'm doing the right
> thing.  (http://twitter.com/adamshostack/status/1527933467)
>
> Dave responded, no, 0day is rampant and I'm screwed.
> (http://twitter.com/daveaitel/status/1553055665)
>
> When I asked Dave what I should be doing to protect myself, he
> suggested I buy a copy of CANVAS, an Early Updates subscription, and
> take a class from Immunity.
> (http://twitter.com/daveaitel/status/1554813723)

I find this fascinating.  Can someone who advocates this point of view
take the next steps?  Assuming you buy CANVAS and subscribe to EU, and
know what Immunity knows, and can test using CANVAS, what next?

Thank you,

Richard
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave