Dailydave mailing list archives
Re: A change
From: Parity <pty.err () gmail com>
Date: Mon, 18 Jan 2010 20:01:24 -0800
From http://soup.rachner.us/post/42213514/Getting-Screwed, my
real-life alter-ego's prediction of roughly what Hillary Clinton is going to say to China on Thursday: All of this investment is supposed to give you guys some skin in the game. If you prefer the previous arrangement, in which the "developed" world lures your best and brightest away with its many comfortable inducements, we can arrange that. pty On Fri, Jan 15, 2010 at 1:25 PM, Moxie Marlinspike <moxie () thoughtcrime org> wrote:
Agreed. The spin on this has been great. From what I can tell: 1) Google's China office has been thoroughly compromised by insiders, such that they really have no choice but to shut it down. Their PR department is absolutely and terrifyingly amazing, though. So instead of just closing it in defeat, they take "a stance for freedom," forcing the government to shut them down instead. Fucking brilliant! 2) Based on the rumors and quotes in the media/blog world, the attack vectors were what everyone has been talking about for years, and were somewhat sloppily orchestrated at that. Folks in the security industry realized that this is a chance to take their hype to all-new fertile grounds of hype-fare, though, and so suddenly "spearfishing" is "totally unprecedented" and "sophisticated to a level never before seen." The result is that: 1) Google is a hero. There is no pause to question the pernicious nature of the data they're collecting in the first place, and the revelation that they had automated "lawful" intercept systems in place (which were possibly compromised themselves) is glossed over. 2) The security industry can continue coming to the rescue with "new solutions." There is no pause to question whether the "secure systems" the industry offers are even possible, given the ease of this breach and the ever-growing value of what's at stake. I've been very impressed with how neatly this has come together so far. - moxie -- http://www.thoughtcrime.org Charles Miller wrote:I think the interesting thing about "sophisticated" attacks, is that if they are actually sophisticated, the victims never know it happened. And if the victim's DO figure out it happened, at least they shouldn't be able to find your 0-day sitting in their inbox for analysis. Total amateur hour (not that it probably wouldn't have pwned me). Charlie On Jan 15, 2010, at 12:39 PM, dave wrote: I think we're seeing a sudden change in how large companies (or simply companies with a high level of perceived threat[1]) deal with software security. Perhaps the era of IDS and AV and scanners has come to an abrupt end? We can only hope. Everyone says an attack is "sophisticated" whenever any 0day is involved. But that should be the baseline. Or rather, it IS the baseline and everyone seems to just be finding out. One of the things Immunity has been including in our services but is now offering seperately is a client-side 0day penetration test against a single host using CANVAS technology. You get your penetration verified during phone consultation. And you receive real-time analyst interpretation of results, plus delivery of log data at the end. For more information you can contact mark () immunityinc com. Thanks, Dave Aitel Immunity, Inc. [1]http://news.cnet.com/8301-27080_3-10434551-245.html_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- A change dave (Jan 15)
- Re: A change Charles Miller (Jan 15)
- Re: A change Moxie Marlinspike (Jan 15)
- Re: A change Parity (Jan 19)
- Re: A change Rich Smith (Jan 18)
- Re: A change delchi delchi (Jan 20)
- Re: A change Moxie Marlinspike (Jan 15)
- Re: A change Nelson Brito (Jan 18)
- Re: A change val smith (Jan 19)
- Re: A change Matthew Wollenweber (Jan 20)
- Re: A change Marius (Jan 20)
- Re: A change Jim Manico (Jan 20)
- Re: A change Menerick, John (Jan 24)
- Re: A change Ben Nagy (Jan 26)
- Re: A change Rodrigo Rubira Branco (BSDaemon) (Jan 27)
- Re: A change Charles Miller (Jan 15)