Re: FW: [ISN] The Code Red hype Hall of Shame

From: InfoSec News (isnat_private)
Date: Tue Aug 14 2001 - 03:01:48 PDT

  • Next message: InfoSec News: "[ISN] As Ethicists, They Don't Hack It"

    Forwarded from: Aj Effin Reznor <ajat_private>
    "InfoSec News was known to say....."
    > Forwarded from: Thomas C. Greene <tcgreeneat_private>
    > i don't think it's at all hypocritical.  as i've said repeatedly,
    > i'm in favor of full disclosure.  but there's a difference between
    > disclosure and a media blitz.
    And you *do* represent the media, correct?
    The same media that feeds on the "digital pearl harbour", which never
    The y2k shams, which were little more than just that.
    The media.  Yeah.  We *believe* you.  Baaaaaaaaaaa <--- sheep noises,
    be creative :)
    > to compare my highspeed junkie article with what eEye did with the
    > .ida hole, i would have had to: 1) post it on every security-oriented
    > mailing list i know; 2) send a press release to every tech journalist
    > in the business; and 3) mention my handy-dandy highspeed junkie code
    > cleaner, yours for only a couple of thousand bucks.  the most
    > important issue here is the fact that i have no conflict of interest
    > when i link to an exploit.  i'm not selling solutions to it.
    (1a) you may as well fault Security Focus then, for the moderators
    allowing Marc's posts to go through.
    (1b) you may as well also fault eEye for reverse engineering the bug,
    and posting it to lists hosted by Security Focus.  After all, showing
    how one bug works only tells other malicious coders how and where
    their own script can compromise hosts.
    (1c) as per (1b), fault Security Focus for co-releasing eEye's reverse
    Ridiculous?  Hell yes.  But, this is what you are basically saying,
    had you followed through on your own thoughts.
    (2) If journalists didn't feed on press releases then they would have
    no value.  Point (2) of yours would be moot if the journalists
    themselves were not part of the problem.
    (3) Other than SecureIIS, which as I have stated in a previous post,
    is the only package I know of that would have stopped an attack which
    had no known signature, you MUST be referring to eEye's
    Cuz, that's, uh, free.  I don't see MS or *anyone* else putting out a
    *free* tool for testing a server's integrity.
    Your conflict of interest seems to be more of a moral splitting of
    hairs, than an alleged economic one.
    > as for the twinkies, i prefer not to name names.  they're a
    > 'type'.  they think company flacks are a legitimate news source.
    > (well they can be, so long as you're questioning them about their
    > competitors, lol).  they're gullibile, and ambitious, and
    > well-groomed, and they don't expect people to lie to them.  they
    > went to schools like my alma mater (Williams), but they imagined
    > their professors were all wonderful people, and cherish their
    > diplomas.  they can read and digest difficult text, and re-cap it
    > on command; they've learned to follow complex instructions, meet
    > deadlines with pluck, and go about things in a 'professional'
    > manner -- that is, without reluctance, personal flair or (Heaven
    > forbid) independent moral reasoning. They lack imagination,
    > talent, and most of all, courage.  And they make me sick.
    Imagination and "literary license" are not excuses for shoddy
    reporting, finger pointing, and utterly overlooking the large
    implications of the concepts supported by journos.  Damn near every
    journo I've met, save about 5, would appear qualify as the twinkies
    you describe.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 07:53:13 PDT