Dailydave mailing list archives
Re: The monetization of information insecurity
From: Andreas Lindh <andreas.lindh () isecure se>
Date: Tue, 9 Sep 2014 15:31:39 +0000
Hi all, I won't claim to have a definite answer, but here is one concrete example of something that I believe should definitely be avoided. Back in 2001, a whole bunch of people in the antivirus industry signed a petition against teaching how to create computer viruses. The reasoning behind this was, and I quote: "It is not necessary and it is not useful to write computer viruses to learn how to protect against them." https://web.archive.org/web/20080511145453/http:/www.avien.org/publicletter.htm Let's not make this mistake again. Instead, let's have people who know how to attack help design our defenses. Just my 2 cents. Andreas 8 sep 2014 kl. 16:22 skrev "dave aitel" <dave () immunityinc com<mailto:dave () immunityinc com>>: So I'm heading to a conference shortly and I was going to promote them in this email but they're apparently not a public conference. I'm on a panel called "Identification of Emerging and Evolving Threats" with some non-US Government people who seem pretty nice. Anyways, now that I've guaranteed myself an exciting visit from security services, I wanted to point out the one question everyone should be asking when they go to any conference and a new technology of any kind is proposed as any kind of forward movement for defense. And that is this: "How can we avoid making the mistake of Anti-Virus" ever again? Because much like the Internet has been hamstrung at birth by the parasitic growth of the advertising industry, the information security community has been devastated for almost its entire existence by the dominance of anti-virus companies and products which demonstrably haven't worked for almost their entire reign, and in theory never could have scaled. They are broken by design. And because they sucked all the money and research and people from the defensive community, no actual defenses were ever created for IT that had a hope of working. So the only question any team of government executives working on defense needs to be thinking about is "How is this different from Anti-Virus in the long term? How can we avoid making that mistake ever again?" Because until you know how that mistake was made, and can avoid it for the next generation, "Emerging and Evolving" threats will always be beyond your power to stop. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com<mailto:Dailydave () lists immunityinc com> https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The monetization of information insecurity dave aitel (Sep 08)
- Re: The monetization of information insecurity Brad Spengler (Sep 09)
- Re: The monetization of information insecurity J. Oquendo (Sep 09)
- Re: The monetization of information insecurity Dennis Groves (Sep 10)
- Re: The monetization of information insecurity Michal Zalewski (Sep 10)
- Re: The monetization of information insecurity Dominique Brezinski (Sep 11)
- Re: The monetization of information insecurity Parity (Sep 12)
- Re: The monetization of information insecurity Brad Spengler (Sep 09)
- Re: The monetization of information insecurity John Strand (Sep 10)