On Wed, Mar 23, 2011 at 12:22 PM, imipak <imi...@gmail.com> wrote: >... > *cough* > > http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/
re: """The IP address of the initial attack was recorded and has been determined to be assigned to an ISP in Iran. A web survey revealed one of the certificates deployed on another IP address assigned to an Iranian ISP. The server in question stopped responding to requests shortly after the certificate was revoked.... While the involvement of two IP addresses assigned to Iranian ISPs is suggestive of an origin, this may be the result of an attacker attempting to lay a false trail.""" iran is pretty incompetent in most information technology respects. odds strongly favor pwn hops through their unmonitored, unmaintained, unhardened, sloppy conglomerations of servers and switches...* and, i suppose we can add RSA to the thread: http://www.schneier.com/blog/archives/2011/03/rsa_security_in.html although any time someone blames ADVANCED persistent threat i like to recall fondly the Aleatory threat, https://media.blackhat.com/bh-us-10/presentations/Waisman/BlackHat-USA-2010-Waisman-APT-slides.pdf if you've been lazy on infosec, opsec for a while without calamity by sheer luck, this is definitely the year your luck will run out. lazy == pwned * like all generalizations this is false. , in whole yet frequently true in parts. ;) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/