Secure Coding mailing list archives
Re: informIT: Modern Malware
From: Rafal Los <rafal () ishackingyou com>
Date: Sun, 27 Mar 2011 12:48:55 -0500
Gary, Haroon, et al, The comment "welcome to the real world" from a friend a while back comes to mind. I think the reality of what we, as security types, "do" versus the perception that we "sell" to those who don't understand in order to get funding clashes heavily. Sadly we give up a piece of our souls to get funded...so while I want to poke myself in the eye every time someone says "APT"...I realize it's the CxO buzzword for the next few years that will help me get real work done. Let's accept that, and move on. Rafał Łoś InfoSec Specialist & Blogger Voice|Text: (765) 247-2325 Twitter: @RafalLos Blog: - http://preachsecurity.blogspot.com ________________________ On 2011-03-26 21:13:31 GMT Gary McGraw <gem () cigital com> wrote:
Agreed. Now all you need to do is convince the people who need to solve the problem that you have a pointer for them to use without a label?? The market (probably because of the marketing types) is discussing and wanting solutions for "the APT problem." To see how embedded this language is in the current discourse, look no further than the RSA SecureID problem "explanation" that is being proffered in lieu of a real technical explanation of what happened. Welcome to commercial security. gem On 3/26/11 9:52 AM, "Haroon Meer" <haroon () thinkst com> wrote:Heya Gary (all) On Sat, Mar 26, 2011 at 3:32 PM, Gary McGraw <gem () cigital com> wrote:I agree that the APT term is overused by the marketing types. In this case you can translate it as malware that infects a server or an ad network and is "served up" to unwitting victims in a drive by download.>Malware distributors look for good distribution channels, and the ad-server provides one. While it is a Threat, it's no more Advanced than we have seen before. It isn't more "Persistant" than Stoned [1] was on a disk.What would you call it haroon?In truth, i would avoid giving it a new name. Drive by download: Yes. APT: No /mh [1] http://en.wikipedia.org/wiki/Stoned_(computer_virus) -- Haroon Meer | Thinkst Applied Research http://thinkst.com/pgp/haroon.txt Tel: +27 83 786 6637_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Re: informIT: Modern Malware, (continued)
- Re: informIT: Modern Malware Haroon Meer (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 26)
- Re: informIT: Modern Malware Gunnar Peterson (Mar 26)
- Re: informIT: Modern Malware John Wilander (Mar 26)
- Re: informIT: Modern Malware Kevin W. Wall (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 27)
- Re: informIT: Modern Malware Arian J. Evans (Mar 26)
- Re: informIT: Modern Malware AK (Mar 26)