RE: [ISN] The Code Red hype Hall of Shame

From: InfoSec News (isnat_private)
Date: Mon Aug 13 2001 - 01:13:03 PDT

  • Next message: InfoSec News: "Re: [ISN] Security Firm Blamed For Code Red Costs"

    Forwarded from: Brian McWilliams <bmcwat_private>
    
    Thomas,
    
    You fault eEye for publishing info about the .ida vulnerability, but
    fail to point out that they never released a working exploit (although
    they promised one in their advisory).
    
    You, on the other hand, provided a link in your article earlier this
    week to the .ida exploit script written by High Speed Junkie:
    
    http://www.theregister.co.uk/content/4/20841.html
    
    Isn't that hypocritical?
    
    BTW, who are these "twinkie" journalists you referred to? The tech
    reporters who are out there every day doing the journalistic
    heavy-lifting ... trying to understand and explain and put into
    context the events that readers want to know about?
    
    Or do you mean the aberrations like Meinel?
    
    Care to name names or give specifics?
    
    Brian
    
    
    At 05:15 AM 8/11/01, InfoSec News wrote:
    >Forwarded from: Thomas C. Greene <thomas.greeneat_private>
    >
    >Looks like I got the jump on you by about a day:
    >http://www.theregister.co.uk/content/4/20474.html
    >
    >fyi,
    >
    >chrz,
    >t.
    >
    >-----Original Message-----
    >From: InfoSec News [mailto:isnat_private]
    >Sent: Friday, August 10, 2001 11:40 PM
    >To: isnat_private
    >Cc: thomas.greeneat_private
    >Subject: Re: [ISN] The Code Red hype Hall of Shame
    >
    >
    >Forwarded from: Dan Verton <Dan_Vertonat_private>
    >
    >Greene Writes:
    >
    >We're still at a loss to explain how eEye Digital Security, which
    >discovered and publicized the .ida hole that Code Red and Code Red
    >Junior exploit, has managed to escape questioning by the press for its
    >part in the whole fiasco. Indeed, their role is tantamount to a
    >pharmaceutical company unintentionally releasing a disease germ.
    >
    >I throw this out as an FYI... I raised the issue as far back as July
    >20 and when I was done I felt like a mailman who had just walked into
    >a yard full of rabid dogs.
    >
    >Story is here and was one of the early ones.
    >"Security experts question release of Code Red worm's exploit data"
    >http://www.computerworld.com/storyba/0,4125,NAV47_STO62453,00.html
    >
    >Unfortunately, the commentators who comment on the commentators, don't
    >always get it either. The truth, like politics, is local. Perceptions
    >are reality and most perceptions differ greatly. Like the sys admin
    >who had to spend 30 hours cleaning up his system in the aftermath of
    >Code Red because he did'nt have the patch installed. But he was warned
    >like the rest of them. Unfortunately, he probably thought it was all
    >just more FUD. He, like hundreds of thousands of others, was wrong.
    >
    >Dan Verton
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 03:18:34 PDT