Dailydave mailing list archives
Re: CISSP quote of the week
From: Robert <immunity () dyadsecurity com>
Date: Tue, 11 Apr 2006 07:31:15 -0500 (EST)
On Mon, 10 Apr 2006 19:01:12 +0100 "Dave Korn" <dave.korn () artimi com> wrote:
Now, if you were talking about the majority of sigma(attack frequency * attack seriousness), i.e. if you're talking about a weighted majority, I could get that. So, maybe you mean the majority of *successful* attacks in the wild, or the majority of *newly-emerging* attacks in the wild, or *non-trivial* attacks, or .... ? Or am I just not seeing the angle you're coming from?
Can't speak for Dave, but I believe he was saying it's really hard to quantify something that can't be measured. If you don't know what the attack looks like, you can't measure how often that attack happens. The vocal folks in the US security industy seem to talk mostly about well known vulnerabilities that are used in large scale automated attacks. This is why anti-virus/ids/ips/fw products sell well. We have very few people talking about solutions for targeted attacks. I've had a conversation on another forum: http://spiresecurity.typepad.com/spire_security_viewpoint/2006/03/somebody_forgot.html http://spiresecurity.typepad.com/spire_security_viewpoint/2006/03/why_bugfinding_.html http://spiresecurity.typepad.com/spire_security_viewpoint/2006/03/more_on_bugfind.html Oh, also of note... the "guy" ("guy" term found in story at http://blog.washingtonpost.com/securityfix/2006/04/multios_virus_emerges.html) is Anthony de Almeida Lopes of Dyad Security . You can read more about what he's really talking about here: http://www.recon.cx/en/s/alopez.html Robert -- Robert E. Lee CIO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033
Current thread:
- CISSP quote of the week Dave Aitel (Apr 10)
- Re: CISSP quote of the week Paul Wouters (Apr 10)
- Re: CISSP quote of the week listlurker (Apr 11)
- RE: CISSP quote of the week Dave Korn (Apr 11)
- Re: CISSP quote of the week Pusscat (Apr 11)
- <Possible follow-ups>
- RE: CISSP quote of the week Des (Apr 11)
- Re: CISSP quote of the week Robert (Apr 11)
- Re: CISSP quote of the week Paul Wouters (Apr 10)