| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTi=VPR4Cpd5MXb_s=HfHfbnFjt+5tEvGNewpb2a2@mail.gmail.com> Date: Tue, 22 Feb 2011 18:04:24 -0800 From: Michal Zalewski <lcamtuf@...edump.cx> To: jf <jf@...co.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: What the f*** is going on? > all apologies, that was not my intent in the least-- referencing the public portion of the aurora stuff, which is part of the myth I thought you were referencing. Sure. The moment the discussion strays toward these topics, I am obviously not at liberty to discuss them freely. In general, I simply think that framing the problems that the industry is facing in terms of dealing with a new, sophisticated adversary is kind of meaningless and destructive, even if the risk is fundamentally true. The idea that AV + IDS + a prepackaged PCI / SOX / BS7799 audit was a legitimate response to the threats faced 5-10 years ago is about as misguided as the notion that $2M botnet monitoring or an IV drip of 0-day vulns will do the trick this time around. (Even if you need offensive capabilities - and most parties don't - nurturing a free market of 0-days sold to the highest bidder for exorbitant fees does not seem like a particularly good long-term plan.) /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists