Dailydave mailing list archives

Faster, smashter.

From: Dave Aitel <dave () immunityinc com>
Date: Mon, 08 Dec 2008 08:05:05 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I'm in Denver, which is lovely - all mountains and soft-speaking
midwesterners who snowboard an amount that can only be called
obsequious. But Saturday, before I went, I sat on the beach and read
this article by our very own John Markoff just below the fold in the
New York Times.

http://www.nytimes.com/2008/12/06/technology/internet/06security.html?_r=1

"""
...

And there is more of it. Microsoft has monitored a 43 percent jump in
malware removed from Windows computers just in the last half year.
...

The United States government has begun to recognize the extent of the
problem. In January, President Bush signed National Security
Presidential Directive 54, establishing a national cybersecurity
initiative. The plan, which may cost more than $30 billion over seven
years, is directed at securing the federal government’s own computers
as well as the systems that run the nation’s critical infrastructure,
like oil and gas networks and electric power and water systems.
...
“This is always an arm race, as long as it gets into your machine
faster than the update to detect it, the bad guys win,” said Mr. Schneier.
""'

Faster, smashter. When I see 30 billion dollars, I can tell you what
you're going to get, as a taxpayer, for your money: Patch management,
IDS, Anti-Virus,  scanners of all shapes and sizes. Audits. Big rooms
full of large screens correlating information that has absolutely no
relevance to security. You can't correlate what you can't see. You
can't patch what you don't know about.

Mr. Markoff is trying to tell us that the defenders are losing the
battle. But if they are, it's because they *chose* to.  Hackers use
0day and always have. The defenders are off making millions selling
things that don't work against 0day.

I guess what I'm trying to say here is that at this point the
attackers are just "reasonably competent". When it comes to offensive
information security, we ain't seen nothing yet.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJPRuBtehAhL0gheoRAmvjAJ9sCzpHZjSsNbmWTVAZYrJmTuED+wCeNmNv
Pvr/b158e3Yj8meZQcmM9K0=
=D+Gf
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Faster, smashter. Dave Aitel (Dec 08)
- Re: Faster, smashter. Fisher, Dennis (Dec 08)
  - Re: Faster, smashter. Dragos Ruiu (Dec 08)
    - Re: Faster, smashter. Halvar Flake (Dec 09)
    - Re: Faster, smashter. Dave Aitel (Dec 09)
    - Re: Faster, smashter. Rafal @ IsHackingYou.com (Dec 09)
    - Re: Faster, smashter. dan (Dec 09)
    - Re: Faster, smashter. Marc Maiffret (Dec 10)
    - Re: Faster, smashter. Halvar Flake (Dec 09)
    - Re: Faster, smashter. security curmudgeon (Dec 09)
    - Re: Faster, smashter. Jon Passki (Dec 09)

(Thread continues...)