> its old news . surprises are for those who do not read history , the ones who
> doomed to make the same mistakes . all respect to Dave , i do not think
> exploits are that important .
It is cool when it works and that is the objective.
Exploits were important in light of stuxnet and the complexities therein. If
anything , exploits are extremely important. High value exploits can be the
diplomatic tool to pressure many things on an international scale.
> its "the stupidity" that's important . its not vulns that are essential to
> find and turn into exploits, its commercial , its going on for many years on
> different forms yet same idea .
> its the stupidity we should root out . that's hard , really . putting a bunch
> of 0days is not .
I guess I would say it a bit differently (still a similar message).
- Vulnerabilities always exist , in human form and in code. With a
dedicated adversary they are looking for a vulnerability to exploit.
- Assumptions are the mother of all mess ups.
- Input validation and Ego are vulnerability classes that are being
exploited in both of the topics being explored.... so I guess I may be missing
your point or fixated on the wrong lines in this email...
BTW, there are a few good examples of human and 'cyber' / supply chain
compromise in "Gideon's Spies: The Secret History of the Mossad" - Gordon
Thomas.
| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850 | | o. 866.267.8851
"Moments of sorrow are moments of sobriety"
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
