Re: [Full-disclosure] All China, All The Time

["Ivan ." <ivanhec@xxxxxxxxx>]

Now, by analyzing the software used in the break-ins against Google
and dozens of other companies, Joe Stewart, a malware specialist with
SecureWorks, a computer security company based in Atlanta, said he
determined the main program used in the attack contained a module
based on an unusual algorithm from a Chinese-authored technical paper
that has been published exclusively on Chinese-language Web sites.

http://news.cnet.com/Evidence-found-of-Chinese-attack-on-Google/2100-7349_3-6250413.html?tag=newsEditorsPicksArea.0

On Wed, Jan 20, 2010 at 6:51 AM, Densmore, Todd <todd.densmore@xxxxxx> wrote:
> Mark, Dan, Smasher, etc. Thanks for the feedback.
>
> I saw the thread this weekend, but I had to wait until I today to respond. My 
> main motivation was to point out that there is no free lunch, and often even 
> security professionals forget to think critically. It was not meant to be a 
> thorough assessment of the actual 0-day. However I appreciate the correction, 
> the details of the exploit, and the observation that its sophistication was 
> probably exaggerated in the media.
>
> I have changed some implicit wording in the article about China and added an 
> addendum to the blog to clarify the exploit and thank sources.
>
> ~todd
>
> Todd Densmore
> HP Software - Application Security Center
> todd.densmore@xxxxxx
> 770.343.7054 Office
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/