On 1/24/10 7:48 AM, Damian Menscher wrote:
On Sat, Jan 23, 2010 at 9:20 PM, Gadi Evron wrote:
On 1/24/10 6:37 AM, Damian Menscher wrote:
So... you're taking incomplete information hyped up by "tech"
reporters operating based on leaks from people tangential to an
investigation as fact, and dec
> When did this become slashdot?
about 1996
randy
On Sat, Jan 23, 2010 at 9:20 PM, Gadi Evron wrote:
> On 1/24/10 6:37 AM, Damian Menscher wrote:
>>
>> So... you're taking incomplete information hyped up by "tech"
>> reporters operating based on leaks from people tangential to an
>> investigation as fact, and deciding that if Google doesn't tell
On 1/24/10 7:20 AM, Gadi Evron wrote:
On 1/24/10 6:37 AM, Damian Menscher wrote:
So... you're taking incomplete information hyped up by "tech"
reporters operating based on leaks from people tangential to an
investigation as fact, and deciding that if Google doesn't tell you
the details of an ong
On 1/24/10 6:37 AM, Damian Menscher wrote:
So... you're taking incomplete information hyped up by "tech"
reporters operating based on leaks from people tangential to an
investigation as fact, and deciding that if Google doesn't tell you
the details of an ongoing criminal investigation that you'll
On Thu, Jan 21, 2010 at 7:52 PM, Gadi Evron wrote:
> I just wrote a blog on the subject called "the fog of cyberwar":
> http://darkreading.com/blog/archives/2010/01/fog_of_cyberwar.html
>
> In short:
> While we are all talking of Google's morals and US/China diplomacy, there
> are some questions t
> From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Fri Jan 22 21:16:53
> 201G
> Subject: Re: Anyone see a game changer here?
> From: Steven Bellovin
> Date: Fri, 22 Jan 2010 22:16:03 -0500
> To: Bruce Williams
> Cc: nanog@nanog.org
>
>
> On Jan 22, 2010, at
On 1/23/10 6:08 AM, Steven Bellovin wrote:
I think that that's wishful thinking. IE has fewer security problems because Microsoft
has put a tremendous amount of effort -- and often fought its own developers -- in a
disciplined software development environment with careful, structured security
On Jan 22, 2010, at 10:37 PM, William Pitcock wrote:
> On Fri, 2010-01-22 at 22:16 -0500, Steven Bellovin wrote:
>> On Jan 22, 2010, at 12:26 AM, Bruce Williams wrote:
>>
>>> The problem with IE is the same problem as Windows, the basic design
>>> is fundementally insecure and "timely updates" c
When did this become slashdot?
Sent via BlackBerry from T-Mobile
On 1/22/10 8:37 PM, William Pitcock wrote:
On Fri, 2010-01-22 at 22:16 -0500, Steven Bellovin wrote:
On Jan 22, 2010, at 12:26 AM, Bruce Williams wrote:
The problem with IE is the same problem as Windows, the basic design
is fundementally insecure and "timely updates" can't fix that.
You do
On Fri, 2010-01-22 at 22:16 -0500, Steven Bellovin wrote:
> On Jan 22, 2010, at 12:26 AM, Bruce Williams wrote:
>
> > The problem with IE is the same problem as Windows, the basic design
> > is fundementally insecure and "timely updates" can't fix that.
>
> You do realize, of course, that IE is r
On Jan 22, 2010, at 12:26 AM, Bruce Williams wrote:
> The problem with IE is the same problem as Windows, the basic design
> is fundementally insecure and "timely updates" can't fix that.
You do realize, of course, that IE is recording less than half the security
flaw rate of Firefox? (See
ht
On Fri, 22 Jan 2010 05:52:11 +0200, Gadi Evron said:
> 1. Did Google hack a Taiwanese server to investigate the breach? If so,
> good for them.
No, *not* good. If *you* had a server that got compromised, and used to launch
attacks on 500 sites, would you want to try to deal with 500 return str
On Thu, 2010-01-21 at 23:19 -0600, James Hess wrote:
> On Thu, Jan 21, 2010 at 9:52 PM, Gadi Evron wrote:
>
> It is not as if there are a wealth of alternatives. There are still
> many cases, where IE or MSHTML components are a pre-requisite, to
> access a certain product that is important
The problem with IE is the same problem as Windows, the basic design
is fundementally insecure and "timely updates" can't fix that.
Bruce
On Thu, Jan 21, 2010 at 9:19 PM, James Hess wrote:
> On Thu, Jan 21, 2010 at 9:52 PM, Gadi Evron wrote:
>> On 1/15/10 5:52 PM, Steven Bellovin wrote:
> ..> 2
On Thu, Jan 21, 2010 at 9:52 PM, Gadi Evron wrote:
> On 1/15/10 5:52 PM, Steven Bellovin wrote:
..> 2. Is Microsoft, while usually timely and responsible, completely
> irresponsible in wanting to patch this only in February? While they patched
> it sooner (which couldn't have been easy), their ove
On 1/15/10 5:52 PM, Steven Bellovin wrote:
The "difference" this week is motive.
In the 1980s-1990s, we had joy-hacking.
In the 2000s, we had profit-motivated hacking by criminals.
We now have (and have had for a few years) what appears to be nation-state
hacking. The differences are in targ
> -Original Message-
> From: andrew.wallace
> It appears this is just western propaganda because:
>
> One analyst said Friday that he is not sure the attacks point to the
> Chinese government. Rob Knake, a cybersecurity expert with the Council
> on Foreign Relations, said his analysis o
>Personally I was amused at people adding cement to USB ports to mitigate
>against the "removable media threat". The issue I see is people forget
>that floppies posed the same threat back in the day.
Do you mean the "AutoRun" threat, since this sort of thing is usually done by
people who (a) ru
> On Fri, Jan 15, 2010 at 2:07 PM, Bruce Williams
> wrote:
> > Mark Rasch, former head of the Department of Justice computer crime
> > unit, called the attacks cyberwarfare, and said it was clearly an
> > escalation of a digital conflict between China and the U.S.
> >
> > As if the old threat mo
On Fri, Jan 15, 2010 at 2:07 PM, Bruce Williams
wrote:
> Mark Rasch, former head of the Department of Justice computer crime
> unit, called the attacks “cyberwarfare,” and said it was clearly an
> escalation of a digital conflict between China and the U.S.
>
> As if the old threat models weren't b
That's the translation the Chinese Government has inserted into the Google
Translation service. ;)
-Original Message-
From: Fred Baker [mailto:f...@cisco.com]
Sent: Friday, January 15, 2010 4:28 PM
To: tv...@eyeconomics.com
Cc: NANOG
Subject: Re: Anyone see a game changer here?
On Jan 15, 2010, at 4:34 PM, tv...@eyeconomics.com wrote:
On Jan 16, 2010, at 12:15 AM, Fred Baker wrote:
On Jan 15, 2010, at 3:05 PM, Bruce Williams wrote:
Can you prove you are not Chinese and my computer is not hacked?
Fred is your real name, isn't it? You are Fred, aren't you?
You.
On Jan 16, 2010, at 12:15 AM, Fred Baker wrote:
On Jan 15, 2010, at 3:05 PM, Bruce Williams wrote:
Can you prove you are not Chinese and my computer is not hacked?
Fred is your real name, isn't it? You are Fred, aren't you?
You. Says so on my business card...
看的也不見!
TV
On Jan 15, 2010, at 3:05 PM, Bruce Williams wrote:
Can you prove you are not Chinese and my computer is not hacked?
Fred is your real name, isn't it? You are Fred, aren't you?
You. Says so on my business card...
<>
> To my understanding they believe that people that live in China are relevant
> (which is why they brought it up in the context), but they are very
> carefully saying that they don't know the exact perpetrators.
>
> http://www.ipinc.net/IPv4.GIF
>
>
>
Uh, Fred the link is to an image that has not
On 1/15/10 10:15 PM, Fred Baker wrote:
On Jan 15, 2010, at 8:13 AM, Gadi Evron wrote:
1. Unlike GhostNet, which showed an interesting attack but jumped to
conclusions without evidence that it was China behind them -- based on
Ethos alone I'd like to think that when Google says China did it, th
On Jan 15, 2010, at 8:13 AM, Gadi Evron wrote:
1. Unlike GhostNet, which showed an interesting attack but jumped to
conclusions without evidence that it was China behind them -- based
on Ethos alone I'd like to think that when Google says China did it,
they know. Although being a commercia
On 1/15/10 5:23 PM, Sachs, Marcus Hans (Marc) wrote:
The botnet concept is one of the old rules. The way the APT works and
what it is used for is the new game.
Perhaps for talking about, but it is far from new. Come on Marc.
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevro
On 1/15/10 5:52 PM, Steven Bellovin wrote:
On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
Does anyone really believe that the use of targeted 0-day exploits to gain
unauthorized access to information hasn't been at least considered if not us
> We now have (and have had for a few years) what appears to be nation-state
> hacking. The differences are in targets and resources available to the
> attacker.
Agreed, and given that is more easy to aggregate bits of information
from different sources to put together the puzzle it makes more
On Fri, Jan 15, 2010 at 10:20:33AM -0500, Marshall Eubanks wrote:
>Where are these quotes coming from ?
That particular one:
http://redtape.msnbc.com/2010/01/gregory-fayer-opened-an-e-mail-on-monday-night-that-looked-like-it-was-from-a-fellow-lawyer-at-gipson-hoffman-pancione-inst.html
On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
>
> On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
>
>> Does anyone really believe that the use of targeted 0-day exploits to gain
>> unauthorized access to information hasn't been at least considered if not
>> used by spies working for other [
On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
> Does anyone really believe that the use of targeted 0-day exploits to gain
> unauthorized access to information hasn't been at least considered if not
> used by spies working for other [than China] countries?
I think only those not paying attent
On Fri, 15 Jan 2010, Bruce Williams wrote:
"The alleged attacks from China are troubling on many fronts. On
Thursday, security firm McAfee released a report saying the program
used to target U.S. firms involved a so-called "zero day"
vulnerability -- one that was to this point unknown to the se
On Jan 15, 2010, at 9:21 AM, Gadi Evron wrote:
> On 1/15/10 4:07 PM, Bruce Williams wrote:
>> As if the old threat models weren't bad enough...
>
> The old threat models were simply not up to date.
Precisely correct. This has been going on for quite some time; some people
simply weren't payin
Evron
To: Sachs, Marcus Hans (Marc)
Cc: nanog@nanog.org
Sent: Fri Jan 15 10:20:00 2010
Subject: Re: Anyone see a game changer here?
On 1/15/10 4:32 PM, Sachs, Marcus Hans (Marc) wrote:
> The APT is the new game. Old rules, new game.
I don't see why it's new just because suddenly peopl
Where are these quotes coming from ?
Marshall
On Jan 15, 2010, at 9:07 AM, Bruce Williams wrote:
Part of the discussion of recent attacks by targeted email to
individuals crafted to deceive that particular individual based on
intelligence gathered for this use by governments.
"The alleged att
On 1/15/10 4:32 PM, Sachs, Marcus Hans (Marc) wrote:
The APT is the new game. Old rules, new game.
I don't see why it's new just because suddenly people know what's going
on around them. A bit like with botnets before 2004.
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://ge
Subject: Re: Anyone see a game changer here?
On 1/15/10 4:07 PM, Bruce Williams wrote:
> As if the old threat models weren't bad enough...
The old threat models were simply not up to date.
Gadi.
>
>
> Bruce
>
>
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
On 1/15/10 4:07 PM, Bruce Williams wrote:
As if the old threat models weren't bad enough...
The old threat models were simply not up to date.
Gadi.
Bruce
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
42 matches
Mail list logo