Re: informIT: Modern Malware

[Rafal Los <rafal () ishackingyou com>]

Gary, Haroon, et al,

  The comment "welcome to the real world" from a friend a while back comes to mind. I think the reality of what we, as 
security types, "do" versus the perception that we "sell" to those who don't understand in order to get funding clashes 
heavily. Sadly we give up a piece of our souls to get funded...so while I want to poke myself in the eye every time 
someone says "APT"...I realize it's the CxO buzzword for the next few years that will help me get real work done. 

Let's accept that, and move on. 

Rafał Łoś

InfoSec Specialist & Blogger
Voice|Text:  (765) 247-2325
Twitter:         @RafalLos
Blog:
 - http://preachsecurity.blogspot.com

________________________

On 2011-03-26 21:13:31 GMT Gary McGraw <gem () cigital com> wrote:

> Agreed.  
>
> Now all you need to do is convince the people who need to solve the
> problem that you have a pointer for them to use without a label??  The
> market (probably because of the marketing types) is discussing and wanting
> solutions for "the APT problem." To see how embedded this language is in
> the current discourse, look no further than the RSA SecureID problem
> "explanation" that is being proffered in lieu of a real technical
> explanation of what happened.
>
> Welcome to commercial security.
>
> gem
>
> On 3/26/11 9:52 AM, "Haroon Meer" <haroon () thinkst com> wrote:
>
> > Heya Gary (all)
> >
> > On Sat, Mar 26, 2011 at 3:32 PM, Gary McGraw <gem () cigital com> wrote:
> > > I agree that the APT term is overused by the marketing types.  In this
> > > case you can translate it as malware that infects a server or an ad
> > > network and is "served up" to unwitting victims in a drive by download.>
> >
> > Malware distributors look for good distribution channels, and the
> > ad-server provides one.
> > While it is a Threat, it's no more Advanced than we have seen before.
> > It isn't more "Persistant" than Stoned [1] was on a disk.
> >
> > > What would you call it haroon?
> >
> > In truth, i would avoid giving it a new name.
> > Drive by download: Yes. APT: No
> >
> > /mh
> >
> > [1] http://en.wikipedia.org/wiki/Stoned_(computer_virus)
> >
> > -- 
> > Haroon Meer | Thinkst Applied Research
> > http://thinkst.com/pgp/haroon.txt
> > Tel: +27 83 786 6637
>
>
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L () securecoding org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> _______________________________________________


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________