Re: Materials regarding Cyber-war

[coderman <coderman () gmail com>]

On Wed, Mar 23, 2011 at 12:22 PM, imipak <imipak () gmail com> wrote:
> ...
> *cough*
>
> http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/

re: """The IP address of the initial attack was recorded and has been
determined to be assigned to an ISP in Iran. A web survey revealed one
of the certificates deployed on another IP address assigned to an
Iranian ISP. The server in question stopped responding to requests
shortly after the certificate was revoked....
While the involvement of two IP addresses assigned to Iranian ISPs is
suggestive of an origin, this may be the result of an attacker
attempting to lay a false trail."""

iran is pretty incompetent in most information technology respects.
odds strongly favor pwn hops through their unmonitored, unmaintained,
unhardened, sloppy conglomerations of servers and switches...*


and,
i suppose we can add RSA to the thread:
  http://www.schneier.com/blog/archives/2011/03/rsa_security_in.html

although any time someone blames ADVANCED persistent threat i like to
recall fondly the Aleatory threat,
  https://media.blackhat.com/bh-us-10/presentations/Waisman/BlackHat-USA-2010-Waisman-APT-slides.pdf
if you've been lazy on infosec, opsec for a while without calamity by
sheer luck, this is definitely the year your luck will run out. lazy
== pwned


* like all generalizations this is false.
   , in whole yet frequently true in parts. ;)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/