On Fri, 15 Jan 2010, Bruce Williams wrote:
"The alleged attacks from China are troubling on many fronts. On Thursday, security firm McAfee released a report saying the program used to target U.S. firms involved a so-called "zero day" vulnerability -- one that was to this point unknown to the security community, and thus indefensible by anti-virus software. The flaw ... "These highly customized attacks known as advanced persistent threats were primarily seen by governments and the mere mention of them strikes fear in any cyberwarrior, wrote McAfee's George Kurtz in a
He makes it sound like nobody's ever discovered 0-day sploits in use in the wild / had 0-day sploits used against them. The term 0-day has been around for quite some time for a reason. I don't see anything new here other than the insinuation that the Chinese government might have been behind their use. Does anyone really believe that the use of targeted 0-day exploits to gain unauthorized access to information hasn't been at least considered if not used by spies working for other [than China] countries? ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________