[prev in list] [next in list] [prev in thread] [next in thread]
List: dailydave
Subject: Re: [Dailydave] FireEye tech becomes Qualified Anti-Terrorism Technology
From: c hil <chris.hilgart () gmail ! com>
Date: 2015-05-04 14:50:23
Message-ID: CAFR1w_nv2ZR=KnPefL_KyxKsJJUCB3Xu-U3pZzwwp6eBM0i8CQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
So FireEye went through an unknown process and now DHS is convinced their
product is "effective" at stopping terrorists. I'm curious what the
limitations of liability are with SAFETY. For example, do the protections
still hold for customers that ignore the alerts that come from a functional
FireEye installation (a la Target
<http://www.reuters.com/article/2014/03/13/us-target-breach-idUSBREA2C14F20140313>
)?
On Fri, May 1, 2015 at 10:53 AM, Andreas Lindh <andreas@haxx.ml> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> So the DHS has certified FireEye's products as "Qualified
> Anti-Terrorism Technology", which in short means that if you get
> breached and the attack is considered an act of terrorism, it's not
> your fault. This is interesting for a couple of reasons, perhaps
> mainly because FE's products are not exactly known to be bullet proof
> (see for example https://www.youtube.com/watch?v=3vh2s9Pui0E), but
> also for the pure ridiculousness of the whole affair.
>
> http://www.csoonline.com/article/2916649/disaster-recovery/fireeye-custo
> mers-get-liability-shield-thanks-to-safety-act.html
>
>
> The way I see it, this development is likely to lead to a couple of
> things:
>
> 1. Everyone who gets breached and that has a FireEye box will cry "ACT
> OF TERRORISM", which of course is exactly what the world needs.
>
> 2. FireEye will make a *lot* of money.
>
> 3. Terrorists won't care.
>
> Thoughts?
>
> Andreas
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCgAGBQJVQ5NvAAoJEI415gQuBbe00tgQANJ22UzyZLEgHANOztT3pjYK
> p6cdwBLy7hJh/jR88mWR1EZ4rXcLi84nPKVNmxCMUALYOgGGvHffz4hWXKysze67
> u5cuXH/QAi9CtE5HyhxP4h13LMJzKxiU9tigbHIMv6rIMMxK4ox/KnBXn9CXKlkt
> edyBKPSGt+I2uKW1Pqtk8noCczq3oegJ58vTIs9CEs4ur+rC+ggdQ4rEbshdfDqs
> qcPTT9CH8Ve5ang2rrAW4nQUsSf4YUJ18YD44uXYA8yQ6WwtZJ6WRySlkoFJ8pJl
> VQMEByM0XJFsaxLu/5uCAU+y2HnDJdGvEsz44CNu07B44LX4E4jGRD+loxaiBhO3
> GCEeViSPbyzr4rSWD+h5D+rLXWqKSb9RWJOTOXC0JG0Ada96dQ31zLu2dJ0uNoTX
> udj9KCCnWXvMnnYEeGFAOiNtZidghSMxpw4WZIHMMhTwNxyzYQi74j/7TD1zh1IG
> x3OsILh+FUxACH4q+YxTGXjsQrgH7IsLsOVQyMu0KWJ1OgfqW4Wl6d+IxS+xU6eL
> fxRZuJnEOngGMQ81tWHHiDb4WpuVgrSGlCU7KHAJo6KP66Q080YZWr5ABO5++CX+
> BzBtiRO8l4nWxZrcs7lHAQyivcO4EQRCwmcPzArzDcO9jafHhGN2KRy24b+1z2v4
> m0Yz9TUlG0OXDnLVMzL2
> =mxi6
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dailydave mailing list
> Dailydave@lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
[Attachment #5 (text/html)]
<div dir="ltr">So FireEye went through an unknown process and now DHS is convinced \
their product is "effective" at stopping terrorists. I'm curious what \
the limitations of liability are with SAFETY. For example, do the protections still \
hold for customers that ignore the alerts that come from a functional FireEye \
installation (a la <a \
href="http://www.reuters.com/article/2014/03/13/us-target-breach-idUSBREA2C14F20140313">Target</a>)?</div><div \
class="gmail_extra"><br><div class="gmail_quote">On Fri, May 1, 2015 at 10:53 AM, \
Andreas Lindh <span dir="ltr"><<a href="mailto:andreas@haxx.ml" \
target="_blank">andreas@haxx.ml</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
So the DHS has certified FireEye's products as "Qualified<br>
Anti-Terrorism Technology", which in short means that if you get<br>
breached and the attack is considered an act of terrorism, it's not<br>
your fault. This is interesting for a couple of reasons, perhaps<br>
mainly because FE's products are not exactly known to be bullet proof<br>
(see for example <a href="https://www.youtube.com/watch?v=3vh2s9Pui0E" \
target="_blank">https://www.youtube.com/watch?v=3vh2s9Pui0E</a>), but<br> also for \
the pure ridiculousness of the whole affair.<br> <br>
<a href="http://www.csoonline.com/article/2916649/disaster-recovery/fireeye-custo
mers-get-liability-shield-thanks-to-safety-act.html" \
target="_blank">http://www.csoonline.com/article/2916649/disaster-recovery/fireeye-custo<br>
mers-get-liability-shield-thanks-to-safety-act.html</a><br>
<br>
<br>
The way I see it, this development is likely to lead to a couple of<br>
things:<br>
<br>
1. Everyone who gets breached and that has a FireEye box will cry "ACT<br>
OF TERRORISM", which of course is exactly what the world needs.<br>
<br>
2. FireEye will make a *lot* of money.<br>
<br>
3. Terrorists won't care.<br>
<br>
Thoughts?<br>
<br>
Andreas<br>
<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)<br>
Comment: GPGTools - <a href="http://gpgtools.org" \
target="_blank">http://gpgtools.org</a><br> <br>
iQIcBAEBCgAGBQJVQ5NvAAoJEI415gQuBbe00tgQANJ22UzyZLEgHANOztT3pjYK<br>
p6cdwBLy7hJh/jR88mWR1EZ4rXcLi84nPKVNmxCMUALYOgGGvHffz4hWXKysze67<br>
u5cuXH/QAi9CtE5HyhxP4h13LMJzKxiU9tigbHIMv6rIMMxK4ox/KnBXn9CXKlkt<br>
edyBKPSGt+I2uKW1Pqtk8noCczq3oegJ58vTIs9CEs4ur+rC+ggdQ4rEbshdfDqs<br>
qcPTT9CH8Ve5ang2rrAW4nQUsSf4YUJ18YD44uXYA8yQ6WwtZJ6WRySlkoFJ8pJl<br>
VQMEByM0XJFsaxLu/5uCAU+y2HnDJdGvEsz44CNu07B44LX4E4jGRD+loxaiBhO3<br>
GCEeViSPbyzr4rSWD+h5D+rLXWqKSb9RWJOTOXC0JG0Ada96dQ31zLu2dJ0uNoTX<br>
udj9KCCnWXvMnnYEeGFAOiNtZidghSMxpw4WZIHMMhTwNxyzYQi74j/7TD1zh1IG<br>
x3OsILh+FUxACH4q+YxTGXjsQrgH7IsLsOVQyMu0KWJ1OgfqW4Wl6d+IxS+xU6eL<br>
fxRZuJnEOngGMQ81tWHHiDb4WpuVgrSGlCU7KHAJo6KP66Q080YZWr5ABO5++CX+<br>
BzBtiRO8l4nWxZrcs7lHAQyivcO4EQRCwmcPzArzDcO9jafHhGN2KRy24b+1z2v4<br>
m0Yz9TUlG0OXDnLVMzL2<br>
=mxi6<br>
-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" \
target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br> \
</blockquote></div><br></div>
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic