> What parts don't you understand? Let's delve! OK, I'll bite...
So, I am just not entirely sure what is there to argue over, and why it's worth arguing over in the first place. I don't know for sure if "cyber" activities are a significant part of the nation-level espionage and warfare activities, and very few people (on this list and elsewhere) honestly do. Plus, when people who may be in the know speak on this topic, it's often difficult to distill just the facts. But in any case, it always seemed reasonable to assume that such activities are taking place to some extent. I am not sure why this would be relevant, though: the use of these tools by nation states, under any military doctrine and goals, should not change your threat model appreciably. Even if you are a government agency, it's probably not your primary threat, and not a particularly unique one: http://lcamtuf.blogspot.com/2011/02/give-me-give-me-p-give-me-t.html The real tragedy of infosec is that we simply don't have the tools to secure large and complex organizations particularly well - not against governments, but against bored kids with an agenda. Security vendors are partly to blame for perpetuating a myth that a secure organization can be built on top of the commercial AV or IDS tools that said vendors happen offer. It does not come as a surprise that this model does not work well, and "the world of cyber" has very little to do with it. /mz _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
