Dailydave mailing list archives
Re: PrevX and other projects
From: Shane Macaulay <shane () security-objectives com>
Date: Thu, 29 Oct 2009 20:36:45 -0700
The chart on their main page would be a lot more compelling if they had conversely applied whatever method they used to collect that information. """"These statistics are provided to show that all vendors miss threats and cannot be interpreted to compare the effectiveness of one product to another.""""" That seems to indicate they would show us their failure rate when compared to these vendors? And why in the anti-virii community is it OK to slam your competitors so hard? You do not see many Microsoft advisories about 3'rd party software or FreeBSD advisories about Apple kernel flaws (oh ya, @OpenBSD http://www.openbsd.org/errata46.html -- if you use the word attacker, it's not a reliability fix :), I digress. I skimmed Dave's report, it has nothing to do with the chart in question ;), and I'm sure this chart is really just FUD dressed up by some programmer (people programmers) marketing jock's. Dave: I think mobile phone wise, I'd imagine most people would default to an SSL mailer client, however, WOT wyse, I did see a silverlight (http://code.google.com/p/flextermshell/) SSH recently. Also with all of the prevalence of SSH in mobile phone's (this was the first killer-app afaik for those old Nokia communicator's) and generally how widespread ssh is in general, I think killer-app would be SSH based file encryption implementations (and associated asccii spec's for mail files). Why aren't their any SSHpgp app's? It would benefit everybody so much more, dump pgp, use ssh, SSH should expand into files and establish an anonymous establishment spec to obsolete SSL, it seems much more likely to catch on than HTTP+OpenGPG. Current SSH implementations already have all the bits to-do this and the natural way SSH could function accelerating/offloaded any secure communications from endpoints with the channel/multi-plexing functionality. Oh I forgot, it's impossible, where would the Internet be without the Verisign(tm), hegemony and who to pay homage? WOT is doomed for this reason. SSHTTP is sort of catchy though isn't it? ;) -- Shane dave wrote:
So you can read one Immunity deliverable linked here: http://www.prevx.com/ (look for "Independent Review"). Likewise, if you have wondered where all the Immunity Debugger scripts ran off to, they were on the old Immunity Forum. We ripped the old forum content out of the old database and imported into the new hotness, so you can seem them all here: https://forum.immunityinc.com/. I don't think Google spiders HTTPS sites for some reason which is annoying, but all the content is there if you're just learning how to use CANVAS or Immunity Debugger or something. You know what would be a killer mobile phone app? Something that implements a GPG-like web of trust with transparent encryption. Is there an app for that? -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- PrevX and other projects dave (Oct 28)
- Re: PrevX and other projects Shane Macaulay (Oct 30)