| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lists at ktabic.co.uk (ktabic) Subject: Scandal: IT Security firm hires... On Mon, 2004-09-20 at 14:57 -0400, Glenn_Everhart@...kone.com wrote: > Think of this not so much as criminal vs. noncriminal but in warfare > terms. Security defenders have to design fortifications to keep out > attackers. If it is warfare, it isn't warfare in the sense you are putting forward. There are no pitched battles, one side isn't anything like an army. The closest to two armys fighting it out in a modern traditional sense is asynchronus warfare. Or guerilla warfare. But it's closest is more of a police action. > > If I am trying to build field fortifications and my forces have captured > one of the enemy's designers of attacks, I might very reasonably want to > pick his brain to help me get better defensive designs. This really is where this anology falls down. After all, they have now managed to 'capture' him after his attacks. Which means that they can study the results with out him (especially in is case, since they can, if nessercary perform their own attacks with sasser in a sandbox as well as deconstructing sasser at thier leisure). Also they haven't managed to capture the attack designer. He's still at large, working for eEye. That seriously reduces the possible benefits of making use of his knowledge.
Powered by blists - more mailing lists