tag:blogger.com,1999:blog-4088979.post8386300002629809008..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Web-Centric Short-Term Incident ContainmentRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-4088979.post-18171396044912658062009-06-16T07:00:37.712-04:002009-06-16T07:00:37.712-04:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-66345214980637116212007-06-22T13:31:00.000-04:002007-06-22T13:31:00.000-04:00Dan,I prefer to spend my time doing something othe...Dan,<BR/><BR/>I prefer to spend my time doing something other than recompiling. :)Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-82144959447549761662007-06-22T11:56:00.000-04:002007-06-22T11:56:00.000-04:00Not using Gentoo? Is there a security reason or i...Not using Gentoo? Is there a security reason or is it personal preference? <BR/><BR/>While not offering an OpenBSD level of security, for a linux distro they offer decent security with their hardened kernel.DanPhilpotthttps://www.blogger.com/profile/05604476378903988024noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-69252142509610277392007-06-19T15:30:00.000-04:002007-06-19T15:30:00.000-04:00malware over ssl is a real threat.but this stuff s...malware over ssl is a real threat.<BR/><BR/>but this stuff sounds like bluecoat. i'm confused. how is palo alto networks different? they provide malware signatures?<BR/><BR/>it's a good idea. but what about encrypted javascript? i know that jose nazario and others have done some research in this area - but i haven't seen enterprise-ready automation.<BR/><BR/>are we worried only about iframes and javascript? no. there's java, actionscript, and many other applications to worry about. i don't see how a firewall can stop these kinds of attacks with any hard metric on assurance.<BR/><BR/>can't users/malware circumvent these proxies as well? i know that ssh over ssl will work, as will ssl over ssl or anything else similar.<BR/><BR/>real covert channels are going to do "call home through call home" soon. imagine the threat of a botnet (or even browser-only botnets like attackapi) that uses command and control that is self-similar (1) to Windows Update, Mac OS X System Update, or yum traffic? gray-area already has http cookie covert channel proof-of-concept code.<BR/><BR/>firewall vendors are years behind, and i don't think that they will be able to catch up. i guess it's nice to see someone try, but hopefully the next firewall/ips/utm innovation will try even harder.<BR/><BR/>(1) http://en.wikipedia.org/wiki/Self-similar#Examplesdrehttps://www.blogger.com/profile/17414510788948258195noreply@blogger.com