Dailydave mailing list archives
Re: A change
From: Rich Smith <rich () immunityinc com>
Date: Fri, 15 Jan 2010 19:16:35 -0500
Sophistication is an entirely relative measure and dependent on context of the observer. Given the types of attacks that have been typically owning every large company worldwide this one can be considered 'sophisticated'. Given the manner of execution of this coupled with complexity of situations that people, like those populating this list, have been talking about for years it seems somewhat behind the curve. I agree entirely with Moxie's point about the quality of the Google PR (investing in good, not just good looking, PR clearly pays!), additionally it has also been a fun exercise in observing the security industry trot out rehashes of old vulnerability info, and the 'realignment' of products (sorry 'solutions') to fit just this exact scenario. Finally when such a public incident occurs it is always interesting to see software vendors jump on the free lunch ticket of 'state sponsored 0-day usage' to patch bugs that they hadn't got round to fixing yet but were nothing to do with the incident in question. The users will never know the difference, it was just 'those damn commies' again. All in all a very entertaining week and one which kicked off 2010 with a bang. Rich Charles Miller wrote:
I think the interesting thing about "sophisticated" attacks, is that if they are actually sophisticated, the victims never know it happened. And if the victim's DO figure out it happened, at least they shouldn't be able to find your 0-day sitting in their inbox for analysis. Total amateur hour (not that it probably wouldn't have pwned me). Charlie On Jan 15, 2010, at 12:39 PM, dave wrote: I think we're seeing a sudden change in how large companies (or simply companies with a high level of perceived threat[1]) deal with software security. Perhaps the era of IDS and AV and scanners has come to an abrupt end? We can only hope. Everyone says an attack is "sophisticated" whenever any 0day is involved. But that should be the baseline. Or rather, it IS the baseline and everyone seems to just be finding out. One of the things Immunity has been including in our services but is now offering seperately is a client-side 0day penetration test against a single host using CANVAS technology. You get your penetration verified during phone consultation. And you receive real-time analyst interpretation of results, plus delivery of log data at the end. For more information you can contact mark () immunityinc com. Thanks, Dave Aitel Immunity, Inc. [1]http://news.cnet.com/8301-27080_3-10434551-245.html
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- A change dave (Jan 15)
- Re: A change Charles Miller (Jan 15)
- Re: A change Moxie Marlinspike (Jan 15)
- Re: A change Parity (Jan 19)
- Re: A change Rich Smith (Jan 18)
- Re: A change delchi delchi (Jan 20)
- Re: A change Moxie Marlinspike (Jan 15)
- Re: A change Nelson Brito (Jan 18)
- Re: A change val smith (Jan 19)
- Re: A change Matthew Wollenweber (Jan 20)
- Re: A change Marius (Jan 20)
- Re: A change Jim Manico (Jan 20)
- Re: A change Menerick, John (Jan 24)
- Re: A change Ben Nagy (Jan 26)
- Re: A change Rodrigo Rubira Branco (BSDaemon) (Jan 27)
- Re: A change Nick FitzGerald (Jan 27)
- Re: A change Charles Miller (Jan 15)