"Severely lacking".

[Dave Aitel via Dailydave <dailydave () lists aitelfoundation org>]

Recently I read this post from Maddie Stone of Google's Project Zero:
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
. In particular, it has a bolded line of "*As a community, our ability to
detect 0-days being used in the wild is severely lacking to the point that
we can’t draw significant conclusions due to the lack of (and biases in)
the data we have collected.*" which is the most honest thing I've read from
the defensive community in a long while. Like I feel like it's a good idea
to have as a reflexive habit the concept of "What am I looking directly at
that I'm not seeing."

As a kid I was obsessed with various elements of biology, despite not
having the grades to show for it. But as an adult I wish I could go back in
time and just blow my own mind with a few short things I've learned. Most
of them are obvious in retrospect, such as the following:


   - Birds are dinosaurs
   - Genes sometimes travel in-between species, carried by bacteria that
   infect both of them
   - 40% of all animals are parasites
   - Metabolism (and cells) evolved before DNA
   - Energy Epochs
   <http://suvratk.blogspot.com/2017/07/olivia-judson-on-energy-expansions-of.html>
are
   useful predictive tools


I mean, for most people on this list the same thing is true for hacking.
For me these things might include:


   - State tables are more important than memory handling
   - Timing attacks are impossible to explain to people, so they never get
   fixed
   - Attack tools tend towards generics
   - It doesn't matter if they catch you, if they won't ever do the
   meta-analysis to put the larger picture together



-dave

_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org