Dailydave mailing list archives

Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki

From: Dominique Brezinski <dominique.brezinski () gmail com>
Date: Wed, 23 Mar 2011 13:31:49 -0700

On Wed, Mar 23, 2011 at 10:17 AM, Michal Zalewski <lcamtuf () coredump cx> wrote:

The real tragedy of infosec is that we simply don't have the tools to
secure large and complex organizations particularly well - not against
governments, but against bored kids with an agenda. Security vendors
are partly to blame for perpetuating a myth that a secure organization
can be built on top of the commercial AV or IDS tools that said
vendors happen offer. It does not come as a surprise that this model
does not work well, and "the world of cyber" has very little to do
with it.


<tangent>
+1 to that. Let's see, commercial security products are largely
parsers of untrusted data. In fact they often know how to parse many
things the targets behind them, or that they run on, don't. They also
tend to run with privilege or at critical points in the
infrastructure. What does that spell? ATTACK SURFACE. Yah!

How come only 1% of security people get that?
</tangent>
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Ron Gula (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Val Smith (Mar 25)
  - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Yiorgos Adamopoulos (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dave Aitel (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki jf (Mar 25)
  - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dave Aitel (Mar 25)
  - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki dave (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dominique Brezinski (Mar 25)
    - Message not available
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dominique Brezinski (Mar 27)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 27)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Jim O'Gorman (Mar 27)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki beenph (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Yiorgos Adamopoulos (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Nate Lawson (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Kevin Noble (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Marsh Ray (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Nate Lawson (Mar 25)
    - Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Miles Fidelman (Mar 27)

(Thread continues...)