lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4FD55C38.19617.930EB9A2@nick.virus-l.demon.co.uk>
Date: Mon, 11 Jun 2012 14:47:20 +1200
From: "Nick FitzGerald" <nick@...us-l.demon.co.uk>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Obama Order Sped Up Wave of Cyberattacks
	Against Iran

Laurelai wrote:

> ... really i ask a
> simple question on how to avoid state sponsored malware that runs
> exclusively on windows platforms and not a single one of you said
> anything about using an alternate OS, some of you insisted in fact we
> should just lie down and take it. You aren't security experts you are
> scam artists. Makes me wonder if you are paid to act this way or if you
> all really just didnt consider it. Either answer is pretty chilling.

I was trying to keep right out of this one, but...

OK -- that was not actually quite what you asked, but as you have now 
asked it this way, I'll reply to this version of your question.

The "state-sponsored malware" you're talking about arose as part of a 
plan to execute a (more-or-less) targeted attack.  That meant that it 
had to target the OS of the intended victim(s).

Not much use writing a brilliant attack against IIS 7 when the target's 
webserver runs Apache 2.2.21 on some BSD.

"Not running Windows", as a general policy to adopt in order to prevent 
yourself or your organization from potentially feeling the unintended 
side-effects of some state-sponsored malware "going feral", will likely 
be about as useful as "not running Windows" as a general policy to 
avoid malware (under the assumption that likely targets of state-
sponsored malware will sample target platforms in roughly the same way 
that the rest of the population will).

As changing the whole of your IT infrastructure, recovering the value 
of the training, experience, etc of your staff in using that 
infrastructure, etc, etc, is something that most organizations either 
have not consdered, or have considered and (mostly) rejected, you will 
have to show us a major additional increase in risk that state-
sponsored malware brings to the table before the ROI of changing IT 
infrastructure starts to stack up economically.

Just tacking the adjective "state-sponsored" in front of the term does 
not do that (well, except, perhaps, for a few folk at the really mal-
adjusted ends of some or other psychiatric spectra).



Regards,

Nick FitzGerald


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ