Am I the only person who finds this entire subject a tad depressing? :S On Wed, Mar 23, 2011 at 8:33 PM, coderman <[email protected]> wrote:
> On Wed, Mar 23, 2011 at 12:22 PM, imipak <[email protected]> wrote: > >... > > *cough* > > > > > http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/ > > re: """The IP address of the initial attack was recorded and has been > determined to be assigned to an ISP in Iran. A web survey revealed one > of the certificates deployed on another IP address assigned to an > Iranian ISP. The server in question stopped responding to requests > shortly after the certificate was revoked.... > While the involvement of two IP addresses assigned to Iranian ISPs is > suggestive of an origin, this may be the result of an attacker > attempting to lay a false trail.""" > > iran is pretty incompetent in most information technology respects. > odds strongly favor pwn hops through their unmonitored, unmaintained, > unhardened, sloppy conglomerations of servers and switches...* > > > and, > i suppose we can add RSA to the thread: > http://www.schneier.com/blog/archives/2011/03/rsa_security_in.html > > although any time someone blames ADVANCED persistent threat i like to > recall fondly the Aleatory threat, > > https://media.blackhat.com/bh-us-10/presentations/Waisman/BlackHat-USA-2010-Waisman-APT-slides.pdf > if you've been lazy on infosec, opsec for a while without calamity by > sheer luck, this is definitely the year your luck will run out. lazy > == pwned > > > * like all generalizations this is false. > , in whole yet frequently true in parts. ;) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
