[Dailydave] That sloshing sound.

Dave Aitel dave at immunityinc.com
Fri Mar 1 14:42:13 EST 2013


So this week was RSA. I can only stay a couple days at RSA, but I have
to admit it is really valuable if you want to spend 5 minutes with
various executives building ideas for partnerships. And on the surface
you can tell who's got money to throw around by the simple size of their
booth, like bower bird buildings
<http://www.youtube.com/watch?v=GPbWJPsBPdA> but with more...endpoint
protection.

RSA SYMANTEC

Above: The Symantec Scientology-like brainwashing center had to have
cost at least 500K to put together, but asking anyone how Symantec's
Reputation technology worked was futile.

I talked to another hacker wandering the floor and we were both in
dismay at the giant sloshing sound of the money around technologies we
both knew self evidently didn't work. And until this morning while my
arm was being bent in unnatural directions I couldn't figure out the
ingredient MISSING from RSA. See, it is a truism in man-wrestling that
for every attack there is an escape, and for every escape, a
counter-attack. This is, of course, also trivially true in information
security. And if you spend all your time among fellow hackers, you'll
have a shared understanding of these things in a way that makes it
boring to talk about.

But it's this essential grasp on basic strategy that's missing at RSA.
At one point I was sitting in the W bar drinking with a friend, and next
to us sat the VP of Engineering for FireEye, a company that is doing
hugely well (GIANT BOOTH) selling a 150000 appliance that runs every
email you have through a set of vulnerable, instrumented, VMs, and then
if an exploit triggers, it blocks the email. So, being curious hackers,
we asked him what VM hypervisor he used. And he wouldn't say.

And that right there - that's the problem. People think the problem with
AV is signatures, but signatures alone are not it. It's that endpoint
protection in general: heuristics, signatures, etc. only work in cases
where the attacker can't get access to the software. They failed not at
technology, but at strategy.

Everything making tons of money at RSA is the exact same. Name one VP of
Engineering at RSA who would be comfortable with their defensive
technology working after being used by the attacking community. FireEye,
as the obvious example, only works because attackers haven't spent the
150K to buy one. When they do, it's game over. The RSA Conference is a
massive celebration of security through obscurity, and that's it.

RSA KEYNOTE

Above: RSA Keynote song of "We are the champions"

-dave






-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130301/de3d03cb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RSA_SYMANTEC.jpg
Type: image/jpeg
Size: 30612 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130301/de3d03cb/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RSA KEYNOTE SMALL.jpg
Type: image/jpeg
Size: 39814 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130301/de3d03cb/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 268 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130301/de3d03cb/attachment-0001.sig>


More information about the Dailydave mailing list