On 03/26/2011 01:12 PM, Gunnar Peterson wrote: > Advanced = goes through firewall > Persistent = tried more than once > Threat = people trying to get into valuable stuff > > Nothing new to sc-l readers, but a Reasonably good marketing term esp by > infosec standards (yay we get to scare business people with something other > than an auditor's clipboard!); really its all just the collective sound of > infrastructure security people coming to grips with the fact that their > firewall isn't a wall at all, but rather a series of holes.
Uh..., doesn't *most* of malware go through firewalls now days? So how is that "advanced"? In reality, "advanced" a used with APT means that malware that was clever enough to evade our normal AV defenses and socially engineer its way past the common sense of those humans who wanted to see the "dancing pigs". In short, APT is spin-doctoring for getting caught with ones pants down. -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." -- Nathaniel Borenstein, co-creator of MIME _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________