Anyone see a game changer here?

[jlewis at lewis.org (Jon Lewis)]

On Fri, 15 Jan 2010, Bruce Williams wrote:

> "The alleged attacks from China are troubling on many fronts.  On
> Thursday, security firm McAfee released a report saying the program
> used to target U.S. firms involved a so-called "zero day"
> vulnerability -- one that was to this point unknown to the security
> community, and thus indefensible by anti-virus software. The flaw
...
> "These highly customized attacks known as advanced persistent threats
> were primarily seen by governments and the mere mention of them
> strikes fear in any cyberwarrior, wrote McAfee's George Kurtz in a

He makes it sound like nobody's ever discovered 0-day sploits in use in 
the wild / had 0-day sploits used against them.  The term 0-day has been 
around for quite some time for a reason.

I don't see anything new here other than the insinuation that the Chinese 
government might have been behind their use.

Does anyone really believe that the use of targeted 0-day exploits to gain 
unauthorized access to information hasn't been at least considered if not 
used by spies working for other [than China] countries?

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________