Dailydave mailing list archives
Re: A change
From: Marius <wishinet () googlemail com>
Date: Wed, 20 Jan 2010 16:01:47 +0100
That's something between the Iron Curtain and new Digital Curtains. I agree: people are too fast to blame China, because proxyfing attacks is too easy to be as specific as many media are. However it seems to be rather obvious that a "Cyberware" for real doesn't exist, in the media headlines it dominates. - Like zero-day. I think if you bundle enough security buzz-words, that'll cause enough media coverage to make people believe anything regarding cyberwar, Chinese threats and even zero-day prevention. Maybe blaming China is simply easier? Am 19.01.10 22:43, schrieb Matthew Wollenweber:
I agree, to me these attacks don't appear overly sophisticated. I've heard it argued that a nation state wouldn't use an extremely sophisticated attack for deniability. However, I think that gets into a circular argument of who is smarter. Personally, I think China just has a lot of unlicensed and unpatched machines that are easy to exploit and therefore easy to use for further attacks. Some activists were targeted, but also a lot of high-tech companies. To me that sounds like greed which aligns with most every day attacks. What strikes me is the ready attribution to China. What's the evidence for it? Symantec gave some details here: http://www.symantec.com/security_response/writeup.jsp?docid=2010-011114-1830-99&tabid=2 but there was no confirmation it was the same event until I saw the Avert Labs blog today. So I looked at some network information I got from centralops and robtex the other day. I wrote it up here: http://www.cyberwart.com/blog/2010/01/19/idle-speculation-on-auroras/ but I'm even more confused as to why everyone thinks it's China. On Mon, Jan 18, 2010 at 6:47 AM, Nelson Brito <nbrito () sekure org> wrote:Well... A really sophisticated attack can use "one year old" vulnerability targeting new exploit "triggers" inside vulnerabilities. I have demonstrated this in H2HC - how to play a little bit deeper to really know "almost all" the aspects behind a vulnerability. I can tell you that some of "Protection Solutions" doesn't really protects and just let the "new exploit" pass thru the protection layers. I call this "Z-Day": An "one-year-old" vulnerability's new approach, that could be compared to new "0-day"... Hopefully I will submit this to BH-USA and will demonstrate my approach. /* * $Id: .siganture,v 1.3 2009-12-11 09:22:54-02 nbrito Exp $ * * Author: Nelson Brito <nbrito [at] sekure [dot] org> Copyright(c) 2004-2009 Nelson Brito. All rights reserved worldwide. http://fnstenv.blogspot.com */-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave- bounces () lists immunitysec com] On Behalf Of dave Sent: Friday, January 15, 2010 4:39 PM To: dailydave () lists immunityinc com Subject: [Dailydave] A changeI think we're seeing a sudden change in how large companies (or simply companies with a high level of perceived threat[1]) deal with software security. Perhaps the era of IDS and AV and scanners has come to an abrupt end? We can only hope. Everyone says an attack is "sophisticated" whenever any 0day is involved. But that should be the baseline. Or rather, it IS the baseline and everyone seems to just be finding out. One of the things Immunity has been including in our services but is now offering seperately is a client-side 0day penetration test against a single host using CANVAS technology. You get your penetration verified during phone consultation. And you receive real-time analyst interpretation of results, plus delivery of log data at the end. For more information you can contact mark () immunityinc com. Thanks, Dave Aitel Immunity, Inc. [1]http://news.cnet.com/8301-27080_3-10434551-245.html
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- http://www.crazylazy.info PGP : 0xCCCA5E74 OTR: 4096B23D E3FACDFC 15B65DF5 A74D2B36 EC1D89F4 - XMPP: wishi () jabber ccc de
Hi! I'm your friendly neighborhood signature virus. Copy me to your signature file and help me spread!
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- A change dave (Jan 15)
- Re: A change Charles Miller (Jan 15)
- Re: A change Moxie Marlinspike (Jan 15)
- Re: A change Parity (Jan 19)
- Re: A change Rich Smith (Jan 18)
- Re: A change delchi delchi (Jan 20)
- Re: A change Moxie Marlinspike (Jan 15)
- Re: A change Nelson Brito (Jan 18)
- Re: A change val smith (Jan 19)
- Re: A change Matthew Wollenweber (Jan 20)
- Re: A change Marius (Jan 20)
- Re: A change Jim Manico (Jan 20)
- Re: A change Menerick, John (Jan 24)
- Re: A change Ben Nagy (Jan 26)
- Re: A change Rodrigo Rubira Branco (BSDaemon) (Jan 27)
- Re: A change Nick FitzGerald (Jan 27)
- Re: A change Lurene Grenier (Jan 27)
- Re: A change Dragos Ruiu (Jan 28)
- Re: A change Charles Miller (Jan 15)
- <Possible follow-ups>
- Re: A change Haroon Meer (Jan 19)
- Re: A change alexm (Jan 20)