Dailydave mailing list archives
Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki
From: Dominique Brezinski <dominique.brezinski () gmail com>
Date: Fri, 25 Mar 2011 11:46:09 -0700
ROFL Seems obvious doesn't it? However, if it was actually obvious to a majority of security people there would not be a commercial security defense product market. RSA had 50K attendees, so clearly there is still a commercial market :/ So yes this is stating the obvious to this list, but it is not stating the obvious to the majority. I guess my real intent was to rebute Michal's statement that the blame should fall, partially at least, on the vendors. Vendors build what they can sell. Yes they try to keep selling what they offer even in face of evidence that it does not provide much value. But they will fail if they don't ultimately have product that people buy. Clearly there are not enough engineers making the good case that these products are not worth buying. Michal and I both work in interesting environments that clearly highlight the contrast between problems and solutions. I ultimately agree with Michal, I just think the practitioners are to blame, not the vendors. On Fri, Mar 25, 2011 at 9:34 AM, andrew Wilson <a.wilson82 () gmail com> wrote:
Are you suggesting that you can't solve crappy software with more crappy software in front of it? Weird... On Wed, Mar 23, 2011 at 1:31 PM, Dominique Brezinski <dominique.brezinski () gmail com> wrote:On Wed, Mar 23, 2011 at 10:17 AM, Michal Zalewski <lcamtuf () coredump cx> wrote:The real tragedy of infosec is that we simply don't have the tools to secure large and complex organizations particularly well - not against governments, but against bored kids with an agenda. Security vendors are partly to blame for perpetuating a myth that a secure organization can be built on top of the commercial AV or IDS tools that said vendors happen offer. It does not come as a surprise that this model does not work well, and "the world of cyber" has very little to do with it.<tangent> +1 to that. Let's see, commercial security products are largely parsers of untrusted data. In fact they often know how to parse many things the targets behind them, or that they run on, don't. They also tend to run with privilege or at critical points in the infrastructure. What does that spell? ATTACK SURFACE. Yah! How come only 1% of security people get that? </tangent> _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave-- Who then shall I fear?
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Ron Gula (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Val Smith (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Yiorgos Adamopoulos (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dave Aitel (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki dave (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dominique Brezinski (Mar 25)
- Message not available
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dominique Brezinski (Mar 27)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 27)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Val Smith (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Jim O'Gorman (Mar 27)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki beenph (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Yiorgos Adamopoulos (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Nate Lawson (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Kevin Noble (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Marsh Ray (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Nate Lawson (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Miles Fidelman (Mar 27)
- Message not available
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Nate Lawson (Mar 27)