Re: Hacker opsec case study

I think Dave's point was related to how far they got once they had
their foot in the door on one workstation. I have a lot of experience
related to assessing the risks associated with workstation compromise
through client-side/data-driven exploits and first-hand experience
seeing how far a skilled adversary can get. Dave seems to be saying
this serves as a good case study to that affect, which I would agree
with.

Dom

On 4/19/07, Pete Herzog <lists@xxxxxxxxxx> wrote:
> I think this says more about the poor defensive technique of "patching" and
> reliance upon it than about the 0day itself.
>
> -pete.
>
>
> Dave Aitel wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > http://news.yahoo.com/s/ap/20070419/ap_on_hi_te/hackers_state_department
> >
> > This is a great article from the perspective of "How long in the State
> > dept. does one Word 0day buy you."
> >
> > It's like a hacker opsec case study.
> >
> > - -dave
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (GNU/Linux)
> >
> > iD8DBQFGJwA5tehAhL0gheoRAvbmAJ9YSgtu9fBKuJqoCkbrBWSeEbtIngCdEn/R
> > YL/rw3zpGJS5FCY3h2/zW4A=
> > =ydkC
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave@xxxxxxxxxxxxxxxxxxxxx
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
> >
> >
> _______________________________________________
> Dailydave mailing list
> Dailydave@xxxxxxxxxxxxxxxxxxxxx
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>