[Dailydave] The uncomfortable whitehat truth
Dave Aitel
dave.aitel at gmail.com
Mon Oct 19 09:00:51 EDT 2015
I'm not sure how to explain this intuition, but clearly
security at everything.com is pretty owned. It's a high priority target that
is by definition poorly defended. So when people submit bugs to Microsoft
or Adobe or really any commercial company, they are sending a signal to
various APTs which may or may not act on that signal, depending on their
particular OPSEC guidelines.
Obviously in some cases this is institutionalized - Governments (and not
just "friendly" ones) can and do ask for a heads up on various
vulnerability pipelines.
So on one hand, if you're doing statistical analysis you will say "There is
a huge overlap in the kinds of bugs we are finding and the kinds of bugs
our adversary has! We are making a difference!"
And on the other hand, maybe they are reading your mail, and killing the
ones you happen to find, like a farmer culling the herd of a sick sheep.
[image: Screenshot 2015-10-19 at 08.49.33.png]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20151019/0cd185f8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2015-10-19 at 08.49.33.png
Type: image/png
Size: 47737 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20151019/0cd185f8/attachment-0001.png>
More information about the Dailydave
mailing list