Dailydave mailing list archives
Re: How do I defend against 0day?
From: Nathan Landon <nathan.landon () digitaloperatives com>
Date: Mon, 20 Apr 2009 22:02:13 -0400
My argument would be that a security guy or administrator could use it as amplifying information while speaking to executives at their company. Executives (still) don't understand zero-days, or generally anything about how computer security works. CANVAS can help those IT folks amplify the information and demonstrate the importance of taking action (disabling services, changing vendors, buy more security technologies, etc) I personally have built exploits to prove that something is possible. Ultimately to show the potential for catastrophic failure or system/network compromise. These demonstrations always got executives "thinking". Nate Nathan Landon Digital Operatives www.digitaloperatives.com Cell: 808-221-9172 On Mon, Apr 20, 2009 at 7:58 PM, Richard Bejtlich <taosecurity () gmail com>wrote:
On Sun, Apr 19, 2009 at 4:55 PM, Jeffrey Czerniak <jeffcz () gmail com> wrote:(Moved this conversation to dailydave per Dave's suggestion) Pardon my naivete... I am somewhere on the spectrum between "paid security professional" and "Symantec said zero infections, how did they get my bank password?" I'm one of those schmoes who reads security blogs, follows the NSA hardening guidelines, patches regularly, browses with Firefox/NoScript, but still realizes that there are 0day threats out there that could compromise my machine. On Twitter, Adam Shostack argued that in effect, I'm doing the right thing. (http://twitter.com/adamshostack/status/1527933467) Dave responded, no, 0day is rampant and I'm screwed. (http://twitter.com/daveaitel/status/1553055665) When I asked Dave what I should be doing to protect myself, he suggested I buy a copy of CANVAS, an Early Updates subscription, and take a class from Immunity. (http://twitter.com/daveaitel/status/1554813723)I find this fascinating. Can someone who advocates this point of view take the next steps? Assuming you buy CANVAS and subscribe to EU, and know what Immunity knows, and can test using CANVAS, what next? Thank you, Richard _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- How do I defend against 0day? Jeffrey Czerniak (Apr 20)
- Re: How do I defend against 0day? Ron Gula (Apr 20)
- Message not available
- Re: How do I defend against 0day? Jeffrey Czerniak (Apr 20)
- Message not available
- Re: How do I defend against 0day? Jeffrey Czerniak (Apr 20)
- Re: How do I defend against 0day? Lurene Grenier (Apr 21)
- Re: How do I defend against 0day? Halvar Flake (Apr 21)
- Re: How do I defend against 0day? Jeffrey Czerniak (Apr 20)
- Re: How do I defend against 0day? Nate Lawson (Apr 20)
- Re: How do I defend against 0day? Nathan Landon (Apr 20)