[Dailydave] Who's game is it again?

Dave Aitel dave at immunityinc.com
Fri Jun 15 10:38:43 EDT 2012 

So the AV community (in my opinion
<http://partners.immunityinc.com/movies/RSA2012.mov>) often suffers from
the hilarity of underestimating their opponent. But occasionally events
overtake them and they are forced to readdress their thoughts - for
example, in Mikko's paper here
<http://www.wired.com/threatlevel/2012/06/internet-security-fail/> where
he says " Flame was a failure for the antivirus industry. We really
should have been able to do better. But we didn't. We were out of our
league, in our own game."

TheVerizon DBIR
<http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf> 
- as much as I think you can go back and forth on the quality of the
metrics here, (especially because everything talks about "records" which
are meaningless), it's still a data point, and probably the best public
one available - provides what should have been an obvious statement to
Mikko and other people building defensive technology or methodologies:
92% of breaches were discovered by a third party (and it's no
coincidence that the one company with a computer is the one doing the
telling). 85% of breaches (that were eventually discovered at all) took
weeks or more to even find out about. Mudge's talk
<http://www.youtube.com/watch?v=rDP6A5NMeA4&feature=player_detailpage#t=1654s>
is pretty funny in this regard too. . . and not that new. People keep
acting surprised that someone can test software against AV and it's a
bit weird. As Verizon says: "Perhaps we should create new breach
discovery classifications of "YouTube," "Pastebin," and "Twitter" for
the 2013 DbIR? "

I'm pretty sure if you're reading this list you've heard many of the
people on it say that they believe it's not really a "Flame" problem or
even a "Nation-State" problem. (Probably if you are on this list you are
not thinking of it as a "problem" per-se). But it is funny that  the
offensive community, composed of the "script kiddies" that get ridiculed
on a regular basis in AV-people's blogs, occasionally does things like
this <http://www.youtube.com/watch?v=GmCkewZHrSQ>.  :>

-dave






-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120615/5ef35947/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120615/5ef35947/attachment.sig>

More information about the Dailydave mailing list