The good old dancing pigs rear their oinking heads...
http://en.wikipedia.org/wiki/Dancing_pigs
http://securingjava.com/
gem
On 3/26/11 2:04 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote:
On 03/26/2011 01:12 PM, Gunnar Peterson wrote:
Advanced = goes through firewall
Persistent = tried more
On 3/22/11 12:41 PM, Gary McGraw wrote:
hi sc-l,
The tie between malware (think zeus and stuxnet) and broken software
of the sort we work hard on fixing is difficult for some parts of the
market to fathom. I think it's simple: software riddled with bugs
and flaws leads directly to the
hi mh,
I agree that the APT term is overused by the marketing types. In this
case you can translate it as malware that infects a server or an ad
network and is served up to unwitting victims in a drive by download.
Neil, anything to add?
What would you call it haroon?
gem
On 3/26/11 8:14 AM,
Heya Gary (all)
On Sat, Mar 26, 2011 at 3:32 PM, Gary McGraw g...@cigital.com wrote:
I agree that the APT term is overused by the marketing types. In this
case you can translate it as malware that infects a server or an ad
network and is served up to unwitting victims in a drive by download.
Agreed.
Now all you need to do is convince the people who need to solve the
problem that you have a pointer for them to use without a label?? The
market (probably because of the marketing types) is discussing and wanting
solutions for the APT problem. To see how embedded this language is in
Advanced = goes through firewall
Persistent = tried more than once
Threat = people trying to get into valuable stuff
Nothing new to sc-l readers, but a Reasonably good marketing term esp by
infosec standards (yay we get to scare business people with something other
than an auditor's
A positive side effect of many vendors being US-based is that the US market
takes most of the buzzword marketing hit. :)
On a more serious note, I think there really are APTs out there, state-driven
and all. The problem is when organizations use the term to get away with
sub-standard security
On 03/26/2011 01:12 PM, Gunnar Peterson wrote:
Advanced = goes through firewall
Persistent = tried more than once
Threat = people trying to get into valuable stuff
Nothing new to sc-l readers, but a Reasonably good marketing term esp by
infosec standards (yay we get to scare business
Hi everyone,
Assuming that are we missing DEP and assorted userland exploit
mitigations for the web is not a rhetorical question, indeed assorted
technologies based on randomized instruction sets have been researched
and I have seen PoC solutions circa 2004 (SQLi) and more recently for
XSS. [1]
On Tue, Mar 22, 2011 at 8:41 AM, Gary McGraw g...@cigital.com wrote:
hi sc-l,
The tie between malware (think zeus and stuxnet) and broken software of the
sort we work hard on fixing is difficult for some parts of the market to
fathom. I think it's simple: software riddled with bugs and
hi andy,
If you read the article again, I think you'll find that the solutions
offered by both Invincea and Dasient work regardless of whether the
malware is installed through broken software or through social
engineering. Dasient protects the server side of the APT problem
(especially when it
On 2011-03-23 00:57, Andy Steingruebl wrote:
On Tue, Mar 22, 2011 at 8:41 AM, Gary McGrawg...@cigital.com wrote:
[...]
malware as the ATT guys sometimes think…you use it to find the kinds of bugs
that malware exploits to get a toehold on target servers. One level removed, but a
clear
On Wed, Mar 23, 2011 at 8:14 AM, Gary McGraw g...@cigital.com wrote:
I agree that clueless users who click on whatever pops up lead to many
infections even when software is is reasonable shape, but I don't see that
as a reason not to build better software. Presumably, you guys at paypal
13 matches
Mail list logo
