Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

The uncomfortable whitehat truth

From: Dave Aitel <dave.aitel () gmail com>
Date: Mon, 19 Oct 2015 13:00:51 +0000
I'm not sure how to explain this intuition, but clearly
security () everything com is pretty owned. It's a high priority target that
is by definition poorly defended. So when people submit bugs to Microsoft
or Adobe or really any commercial company, they are sending a signal to
various APTs which may or may not act on that signal, depending on their
particular OPSEC guidelines.

Obviously in some cases this is institutionalized - Governments (and not
just "friendly" ones) can and do ask for a heads up on various
vulnerability pipelines.

So on one hand, if you're doing statistical analysis you will say "There is
a huge overlap in the kinds of bugs we are finding and the kinds of bugs
our adversary has! We are making a difference!"

And on the other hand, maybe they are reading your mail, and killing the
ones you happen to find, like a farmer culling the herd of a sick sheep.

[image: Screenshot 2015-10-19 at 08.49.33.png]


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: