*ALERT*
OWASP 4.0 evolution is underway.
http://www.owasp.org/index.php/Membership/2011Election
We are looking for industry leaders to help us continue to grow and evolve as a
global professional association.
If you missed the 2011 Summit in Portugal, see results @
http://www.owasp.org/imag
Hi everyone,
Assuming that "are we missing DEP and assorted userland exploit
mitigations" for the web is not a rhetorical question, indeed assorted
technologies based on randomized instruction sets have been researched
and I have seen PoC solutions circa 2004 (SQLi) and more recently for
XSS. [1]
On 03/26/2011 01:12 PM, Gunnar Peterson wrote:
> Advanced = goes through firewall
> Persistent = tried more than once
> Threat = people trying to get into valuable stuff
>
> Nothing new to sc-l readers, but a Reasonably good marketing term esp by
> infosec standards (yay we get to scare business
Excellent response, Ivan. Malware is a business, not a programming mistake,
which Gary's article mentions then sidesteps.
This is the "Secure Coding" list so I can understand the myopia.
As for "Long Term Solutions and Wishful Thinking" in the article:
It is clear that current solutions are not
A positive side effect of many vendors being US-based is that the US market
takes most of the buzzword marketing hit. :)
On a more serious note, I think there really are APTs out there, state-driven
and all. The problem is when organizations use the term to get away with
sub-standard security o
Advanced = goes through firewall
Persistent = tried more than once
Threat = people trying to get into valuable stuff
Nothing new to sc-l readers, but a Reasonably good marketing term esp by
infosec standards (yay we get to scare business people with something other
than an auditor's clipboard!);
Agreed.
Now all you need to do is convince the people who need to solve the
problem that you have a pointer for them to use without a label?? The
market (probably because of the marketing types) is discussing and wanting
solutions for "the APT problem." To see how embedded this language is in
t
Heya Gary (all)
On Sat, Mar 26, 2011 at 3:32 PM, Gary McGraw wrote:
> I agree that the APT term is overused by the marketing types. In this
> case you can translate it as malware that infects a server or an ad
> network and is "served up" to unwitting victims in a drive by download.>
Malware di
hi mh,
I agree that the APT term is overused by the marketing types. In this
case you can translate it as malware that infects a server or an ad
network and is "served up" to unwitting victims in a drive by download.
Neil, anything to add?
What would you call it haroon?
gem
On 3/26/11 8:14 AM,
Hi
On Wed, Mar 23, 2011 at 5:14 PM, Gary McGraw wrote:
> Dasient protects the server side of the APT problem
> (especially when it comes to bad ads)
Arguing over semantics and loosely defined terms is a recipe for a
circular flame-thread, but this statement seems wrong on many levels.
I know e
On 3/22/11 12:41 PM, Gary McGraw wrote:
> hi sc-l,
>
> The tie between malware (think zeus and stuxnet) and broken software
> of the sort we work hard on fixing is difficult for some parts of the
> market to fathom. I think it's simple: software riddled with bugs
> and flaws leads directly to the
11 matches
Mail list logo
