[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] What the f*** is going on?



> all apologies, that was not my intent in the least-- referencing the public 
> portion of the aurora stuff, which is part of the myth I thought you were 
> referencing.

Sure. The moment the discussion strays toward these topics, I am
obviously not at liberty to discuss them freely.

In general, I simply think that framing the problems that the industry
is facing in terms of dealing with a new, sophisticated adversary is
kind of meaningless and destructive, even if the risk is fundamentally
true. The idea that AV + IDS + a prepackaged PCI / SOX / BS7799 audit
was a legitimate response to the threats faced 5-10 years ago is about
as misguided as the notion that $2M botnet monitoring or an IV drip of
0-day vulns will do the trick this time around.

(Even if you need offensive capabilities - and most parties don't -
nurturing a free market of 0-days sold to the highest bidder for
exorbitant fees does not seem like a particularly good long-term
plan.)

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/