Secure Coding mailing list archives

Re: informIT: Modern Malware

From: John Wilander <john.wilander () owasp org>
Date: Sat, 26 Mar 2011 19:38:15 +0100

A positive side effect of many vendors being US-based is that the US market takes most of the buzzword marketing hit. :)

On a more serious note, I think there really are APTs out there, state-driven and all. The problem is when 
organizations use the term to get away with sub-standard security or to motivate why they can't tell you any details of 
a recent hack.

We need to define what is required for a threat/an attack to be APT. State-driven and funded? 0-day(s) used? 
Tailor-made exploit for the target? That way we can at least interpret what RSA and others are saying. Right now I can 
only interpret their statements as "We got owned but we'll loose too much business if we tell you what happened. Just 
trust us instead." And I really hope that's not the truth.

Continued Business by Obscurity

   Regards, John


Sent from my iPad

On 26 mar 2011, at 18:12, Gunnar Peterson <gunnar () arctecgroup net> wrote:

Advanced = goes through firewall
Persistent = tried more than once
Threat = people trying to get into valuable stuff

Nothing new to sc-l readers, but a Reasonably good marketing term esp by infosec standards (yay we get to scare 
business people with something other than an auditor's clipboard!); really its all just the collective sound of 
infrastructure security people coming to grips with the fact that their firewall isn't a wall at all, but rather a 
series of holes.

-gunnar



_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

informIT: Modern Malware Gary McGraw (Mar 22)
- Re: informIT: Modern Malware Andy Steingruebl (Mar 23)
  - Re: informIT: Modern Malware Gary McGraw (Mar 23)
    - Re: informIT: Modern Malware Andy Steingruebl (Mar 23)
    - Re: informIT: Modern Malware Haroon Meer (Mar 26)
    - Re: informIT: Modern Malware Gary McGraw (Mar 26)
    - Re: informIT: Modern Malware Haroon Meer (Mar 26)
    - Re: informIT: Modern Malware Gary McGraw (Mar 26)
    - Re: informIT: Modern Malware Gunnar Peterson (Mar 26)
    - Re: informIT: Modern Malware John Wilander (Mar 26)
    - Re: informIT: Modern Malware Kevin W. Wall (Mar 26)
    - Re: informIT: Modern Malware Gary McGraw (Mar 27)
  - Re: informIT: Modern Malware Martin Gilje Jaatun (Mar 23)
- Re: informIT: Modern Malware iarce (Mar 26)
  - Re: informIT: Modern Malware Arian J. Evans (Mar 26)
    - Re: informIT: Modern Malware AK (Mar 26)
- <Possible follow-ups>
- Re: informIT: Modern Malware Rafal Los (Mar 27)