Full Disclosure mailing list archives
RE: Scandal: IT Security firm hires...
From: ktabic <lists () ktabic co uk>
Date: Tue, 21 Sep 2004 09:27:31 +0000
On Mon, 2004-09-20 at 14:57 -0400, Glenn_Everhart () bankone com wrote:
Think of this not so much as criminal vs. noncriminal but in warfare terms. Security defenders have to design fortifications to keep out attackers.
If it is warfare, it isn't warfare in the sense you are putting forward. There are no pitched battles, one side isn't anything like an army. The closest to two armys fighting it out in a modern traditional sense is asynchronus warfare. Or guerilla warfare. But it's closest is more of a police action.
If I am trying to build field fortifications and my forces have captured one of the enemy's designers of attacks, I might very reasonably want to pick his brain to help me get better defensive designs.
This really is where this anology falls down. After all, they have now managed to 'capture' him after his attacks. Which means that they can study the results with out him (especially in is case, since they can, if nessercary perform their own attacks with sasser in a sandbox as well as deconstructing sasser at thier leisure). Also they haven't managed to capture the attack designer. He's still at large, working for eEye. That seriously reduces the possible benefits of making use of his knowledge. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Scandal: IT Security firm hires... Glenn_Everhart (Sep 20)
- Re: Sick of stupid analogies Stryc9 _ (Sep 20)
- Re: Sick of stupid analogies Byron Copeland (Sep 20)
- Re: Sick of stupid analogies Jeffrey Denton (Sep 20)
- RE: Scandal: IT Security firm hires... ktabic (Sep 21)
- Re: Scandal: IT Security firm hires... Charles Heselton (Sep 21)
- Re: Sick of stupid analogies Stryc9 _ (Sep 20)