Re: PrevX and other projects

[Shane Macaulay <shane () security-objectives com>]

The chart on their main page would be a lot more compelling if they had
conversely applied whatever method they used to collect that information.

""""These statistics are provided to show that all vendors miss threats
and cannot be interpreted to compare the effectiveness of one product to
another."""""

That seems to indicate they would show us their failure rate when
compared to these vendors?  And why in the anti-virii community is it OK
to slam your competitors so hard?  You do not see many Microsoft
advisories about 3'rd party software or FreeBSD advisories about Apple
kernel flaws (oh ya,  @OpenBSD http://www.openbsd.org/errata46.html --
if you use the word attacker, it's not a reliability fix :), I digress. 

I skimmed Dave's report, it has nothing to do with the chart in question
;), and I'm sure this chart is really just FUD dressed up by some
programmer (people programmers) marketing jock's. 

Dave: I think mobile phone wise, I'd imagine most people would default
to an SSL mailer client, however, WOT wyse, I did see a silverlight 
(http://code.google.com/p/flextermshell/) SSH recently.  Also with all
of the prevalence of SSH in mobile phone's (this was the first
killer-app afaik for those old Nokia communicator's) and generally how
widespread ssh is in general,  I think killer-app would be SSH based
file encryption implementations (and associated asccii spec's for mail
files).  Why aren't their any SSHpgp app's?  It would benefit everybody
so much more, dump pgp, use ssh, SSH should expand into files and
establish an anonymous establishment spec to obsolete SSL, it seems much
more likely to catch on than HTTP+OpenGPG.  Current SSH implementations
already have all the bits to-do this and the natural way SSH could
function accelerating/offloaded any secure communications from endpoints
with the channel/multi-plexing functionality. 

Oh I forgot, it's impossible, where would the Internet be without the
Verisign(tm), hegemony and who to pay homage? WOT is doomed for this reason.

SSHTTP is sort of catchy though isn't it? ;)
--
Shane

dave wrote:
> So you can read one Immunity deliverable linked here:
> http://www.prevx.com/ (look for "Independent Review").
>
> Likewise, if you have wondered where all the Immunity Debugger scripts
> ran off to, they were on the old Immunity Forum. We ripped the old forum
> content out of the old database and imported into the new hotness, so
> you can seem them all here:
> https://forum.immunityinc.com/. I don't think Google spiders HTTPS sites
> for some reason which is annoying, but all the content is there if
> you're just learning how to use CANVAS or Immunity Debugger or something.
>
> You know what would be a killer mobile phone app? Something that
> implements a GPG-like web of trust with transparent encryption. Is there
> an app for that?
>
> -dave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave