Evil maid targeting Android vuln that requires physical access, with objective of recording a future phone call. (Not to say there isn't anything else of value, but let's say primary objective is recording a specific future call.) Feel free to ask TAG for more examples :)
-
-
Replying to @JasonGeffner @dwizzzleMSFT
Right, here are the contrivances: Attacker only has one possible objective, and can't simply pivot to something else. Attacker only has one opportunity, can't just do it again. People don't reboot their phones (I reboot mine once a month for patches).
1 reply 0 retweets 0 likes -
Replying to @taviso @dwizzzleMSFT
I understand that you think that this example is contrived; I'm saying it's not contrived for certain targets (diplomats, etc.) and certain attackers (APTs, etc.). Glad we can respectfully disagree with each other though. Thanks for sharing your thoughts on the matter.
1 reply 0 retweets 0 likes -
Replying to @JasonGeffner @dwizzzleMSFT
Right, so because this happens to "many" people, do you have a citation? An APT that only has proximal exploits, is only interested in data that doesn't exist yet, and won't exist for at least a month, and a good reason why they cannot simply pivot to something else.
1 reply 0 retweets 0 likes -
I think I can come up with contrived scenarios to justify any mitigation, no matter how ridiculous. I think it makes sense to have realistic, non-contrived stories to justify these things, wouldn't you agree?
1 reply 0 retweets 0 likes -
Replying to @taviso @dwizzzleMSFT
I didn't say the APT _only_ has proximal exploits, nor that they're _only_ interested in data that doesn't yet exist, nor that they _can't_ pivot. Maybe they don't want to burn a remote 0-day; maybe their _primary_ objective is specific future data on this device.
1 reply 0 retweets 0 likes -
And yes, defenders and mitigation developers need to prioritize their defenses. My entire point is that non-persistence shouldn't be ignored as a defensive measure.
1 reply 0 retweets 0 likes -
I think we've come full circle now, would you agree? :)
1 reply 0 retweets 0 likes -
Replying to @JasonGeffner @dwizzzleMSFT
My entire point is that it's a buzzword and safe to ignore
No, let's stick to the scenarios, you said these apply to "many" customers, and If there's a realistic scenario I haven't considered, I want to hear it.1 reply 0 retweets 0 likes -
Replying to @taviso @dwizzzleMSFT
If you don't think that diplomats are targeted by APTs and that non-persistence isn't a defense-in-depth measure against certain attack scenarios then I encourage you to chat with your colleagues on TAG.
1 reply 0 retweets 0 likes
I think diplomats are targeted by attackers. I think you have imagined some contrived scenario that has literally never happened to justify your believe in a buzzword. You're speaking to someone who studies vulnerabilities, maybe you should listen to me?
-
-
Replying to @taviso @dwizzzleMSFT
Nobody's questioning your expertise in vulnerability discovery and exploitation. But Threat Intelligence is a different field.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.