Dailydave mailing list archives
Who's game is it again?
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 15 Jun 2012 10:38:43 -0400
So the AV community (in my opinion <http://partners.immunityinc.com/movies/RSA2012.mov>) often suffers from the hilarity of underestimating their opponent. But occasionally events overtake them and they are forced to readdress their thoughts - for example, in Mikko's paper here <http://www.wired.com/threatlevel/2012/06/internet-security-fail/> where he says " Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn't. We were out of our league, in our own game." TheVerizon DBIR <http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf> - as much as I think you can go back and forth on the quality of the metrics here, (especially because everything talks about "records" which are meaningless), it's still a data point, and probably the best public one available - provides what should have been an obvious statement to Mikko and other people building defensive technology or methodologies: 92% of breaches were discovered by a third party (and it's no coincidence that the one company with a computer is the one doing the telling). 85% of breaches (that were eventually discovered at all) took weeks or more to even find out about. Mudge's talk <http://www.youtube.com/watch?v=rDP6A5NMeA4&feature=player_detailpage#t=1654s> is pretty funny in this regard too. . . and not that new. People keep acting surprised that someone can test software against AV and it's a bit weird. As Verizon says: "Perhaps we should create new breach discovery classifications of "YouTube," "Pastebin," and "Twitter" for the 2013 DbIR? " I'm pretty sure if you're reading this list you've heard many of the people on it say that they believe it's not really a "Flame" problem or even a "Nation-State" problem. (Probably if you are on this list you are not thinking of it as a "problem" per-se). But it is funny that the offensive community, composed of the "script kiddies" that get ridiculed on a regular basis in AV-people's blogs, occasionally does things like this <http://www.youtube.com/watch?v=GmCkewZHrSQ>. :> -dave -- INFILTRATE - the world's best offensive information security conference. April 2013 in Miami Beach www.infiltratecon.com
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Who's game is it again? Dave Aitel (Jun 15)