Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A change

From: delchi delchi <delchi () gmail com>
Date: Wed, 20 Jan 2010 18:59:21 -0500
Sophistication is in the eye of the beholder. In the case of the media
and malicious activity , the word " sophisticated " is often used to
describe things that the author has no bloody clue about, but must
make it sound either interesting or like they know something about it.
Ether way the overall goal is to sell papers.   " Yeah yeah computers
and hacking and they typed some stuff and missiles launched.
Sophisticated attack. Very technical.  "

To some people watching me track the spread of a worm using wireshark
is on par with loaves and fishes. How many times have you been called
a guru or geek god for doing nothing more amazing than correcting the
flashing 12 on a VCR ( yeah I'm that old ).

Like any other skill, those in possession of the knowledge or ability
look at it as just another day of work, the people who know nothing
stand in awe with their wallets open, and everyone goes home happy.
This can be said for infosec warriors, auto mechanics, lasic surgeons,
and a host of other jobs.

At the end of the day, we analyze it , make countermeasures, check for
retroactive activity, and then have a beer and forget about it. Unless
it's Friday, then it's Jack & coke. Several of them.



On Fri, Jan 15, 2010 at 2:40 PM, Charles Miller
<cmiller () securityevaluators com> wrote:

I think the interesting thing about "sophisticated" attacks, is that
if they are actually sophisticated, the victims never know it
happened.  And if the victim's DO figure out it happened, at least
they shouldn't be able to find your 0-day sitting in their inbox for
analysis.  Total amateur hour (not that it probably wouldn't have
pwned me).

Charlie

On Jan 15, 2010, at 12:39 PM, dave wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think we're seeing a sudden change in how large companies (or simply
companies with a high level of perceived threat[1]) deal with software
security. Perhaps the era of IDS and AV and scanners has come to an
abrupt end? We can only hope.

Everyone says an attack is "sophisticated" whenever any 0day is
involved. But that should be the baseline. Or rather, it IS the
baseline
and everyone seems to just be finding out.

One of the things Immunity has been including in our services but is
now
offering seperately is a client-side 0day penetration test against a
single host using CANVAS technology. You get your penetration verified
during phone consultation. And you receive real-time analyst
interpretation of results, plus delivery of log data at the end. For
more information you can contact mark () immunityinc com.



Thanks,
Dave Aitel
Immunity, Inc.

[1]http://news.cnet.com/8301-27080_3-10434551-245.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAktQtl4ACgkQtehAhL0gherpYgCfcmGb9odb00W5XC9GgXbHHzXf
KjUAn32K/UblyoI4dA9iIC6ktbqNfa+i
=EWHt
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave





-- 
"You gotta pick your battles, and if a man wants to shove porcupine
quills up his urethra, well there's not much point in stopping him."
-- A.P. Delchi
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: