[Dailydave] We live in predictable times

Dave Aitel dave at immunityinc.com
Mon Nov 6 15:14:44 UTC 2017

Direct Prezi Link: http://prezi.com/oca976u3y3sw/

The whole point of a CTO in any of the security companies we all live in
is that you have a phased array radar constantly pointing at the future.
For what it's worth, the screenshot below is from the T2 Keynote a
couple weeks ago, pointing pretty clearly at Twitter as a strategic
target (in several ways). The video of the talk is not out yet, but if
you annoy the T2 staff they'll publish it, since the rest of the talk is
expert-level trolling. :)

One thing that will shock you as you watch movies with your kids is how
important TV was in tying societies together. Everyone experienced
everything all at the same time - there was one clockbeat! Now every
part of us is a multi-clock CPU, and it's not just the fringes of
society that are out of sync, but everyone is, and people are blaming it
on Facebook and Twitter and other social media, but frankly that's just
how human society works now and we should adapt and evolve, maybe?

Here's the thing: Whenever I come up for air from policy world it is
like being sent into the future, since policy-world has its eyes locked
firmly in the rear-view mirror, by their own admission. As far as our
world is concerned, anything pre-Internet is pre-history. If your
history is not searchable, does it even exist?

To be more specific: Maintenance of thousands of rootkits on hundreds of
networks is a particular choice that offense teams can make. It has
massive implications for tooling, methodology, operational tempo,
personnel choices, research investments, predicted success rates, and
anticipated countermeasures. This is not the language policy world talks
in yet, of course. But to put it in VEP terms: You don't need "silver
bullet" exploits as much if you are already spread everywhere like a
giant pacific octopus. But if the meta changes and octopus is on the
menu in Beijing, than you suddenly will have massive need. How
predictable this is depends on many factors. :)

Commercially this is important too: if you're in the business of
designing, buying or using Microsoft ATP (or similar) you have to ask:
what does the future look like? If the future is rootkits, this stuff
might work as well as any corewars technique. If it's worms, it might
not. So what's your bet?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20171106/781ed02c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ibdgckahnlfoheaj.png
Type: image/png
Size: 112422 bytes
Desc: not available
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20171106/781ed02c/attachment-0001.png>

More information about the Dailydave mailing list