|
Dailydave
mailing list archives
Re: CISSP quote of the week
From: Robert <immunity () dyadsecurity com>
Date: Tue, 11 Apr 2006 07:31:15 -0500 (EST)
On Mon, 10 Apr 2006 19:01:12 +0100
"Dave Korn" <dave.korn () artimi com> wrote:
Now, if you were talking about the majority of sigma(attack frequency *
attack seriousness), i.e. if you're talking about a weighted majority, I could
get that. So, maybe you mean the majority of *successful* attacks in the
wild, or the majority of *newly-emerging* attacks in the wild, or
*non-trivial* attacks, or .... ? Or am I just not seeing the angle you're
coming from?
Can't speak for Dave, but I believe he was saying it's really hard to quantify something that can't be measured. If
you don't know what the attack looks like, you can't measure how often that attack happens. The vocal folks in the US
security industy seem to talk mostly about well known vulnerabilities that are used in large scale automated attacks.
This is why anti-virus/ids/ips/fw products sell well. We have very few people talking about solutions for targeted
attacks.
I've had a conversation on another forum:
http://spiresecurity.typepad.com/spire_security_viewpoint/2006/03/somebody_forgot.html
http://spiresecurity.typepad.com/spire_security_viewpoint/2006/03/why_bugfinding_.html
http://spiresecurity.typepad.com/spire_security_viewpoint/2006/03/more_on_bugfind.html
Oh, also of note... the "guy" ("guy" term found in story at
http://blog.washingtonpost.com/securityfix/2006/04/multios_virus_emerges.html) is Anthony de Almeida Lopes of Dyad
Security . You can read more about what he's really talking about here: http://www.recon.cx/en/s/alopez.html
Robert
--
Robert E. Lee
CIO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
 By Date 
By Thread
Current thread:
- Re: CISSP quote of the week, (continued)
|
Intro
