lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 23 Mar 2011 13:33:04 -0700
From: coderman <coderman@...il.com>
To: imipak <imipak@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Materials regarding Cyber-war

On Wed, Mar 23, 2011 at 12:22 PM, imipak <imipak@...il.com> wrote:
>...
> *cough*
>
> http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/

re: """The IP address of the initial attack was recorded and has been
determined to be assigned to an ISP in Iran. A web survey revealed one
of the certificates deployed on another IP address assigned to an
Iranian ISP. The server in question stopped responding to requests
shortly after the certificate was revoked....
While the involvement of two IP addresses assigned to Iranian ISPs is
suggestive of an origin, this may be the result of an attacker
attempting to lay a false trail."""

iran is pretty incompetent in most information technology respects.
odds strongly favor pwn hops through their unmonitored, unmaintained,
unhardened, sloppy conglomerations of servers and switches...*


and,
i suppose we can add RSA to the thread:
  http://www.schneier.com/blog/archives/2011/03/rsa_security_in.html

although any time someone blames ADVANCED persistent threat i like to
recall fondly the Aleatory threat,
  https://media.blackhat.com/bh-us-10/presentations/Waisman/BlackHat-USA-2010-Waisman-APT-slides.pdf
if you've been lazy on infosec, opsec for a while without calamity by
sheer luck, this is definitely the year your luck will run out. lazy
== pwned


* like all generalizations this is false.
   , in whole yet frequently true in parts. ;)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ