Re: What use is the NIPC? / RFF Comments

From: Richard Forno (rfornoat_private)
Date: Sun Aug 05 2001 - 16:40:58 PDT

Next message: randy: "Re: CR vs. CoreBuilder"

Previous message: Chris Freeze: "Re: CRv2 multiple scans from same source IP"
In reply to: bonkat_private: "Re: What use is the NIPC?"
Next in thread: Jay D. Dyson: "Re: What use is the NIPC?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pardon the comments and mini-rant.

In partial defense, as a security director for a net company, I worked with
NIPC since their inception in 1998 - while they had some really good techhie
folks there, many have sinced moved on to Cisco and other IT industry
vendors. There's not much meat left there, and it's been woefully
understaffed since its beginnings - even the April GAO report on NIPC said
so.

NIPC is a noble idea on paper, but was designed as one of several White
House pet projects designed as knee-jerk reactions to the sensationalized
nature of information security and the new term of critical infrastructure
protection. Look what web vandals were able to get the USG to build and fund
- an entirely new organization!!! (How's that for a kiddie's ego trip?)

Recall that NIPC is the same entity that ran a one-line virus advisory for
I-LOVE-YA that simply read "A new virus has been detected in thie
Philippenes" ..... they updated it 4 hours later to say that it was a VBS
event and that more info would be provided as it became available. I got
better info on the radio driving into work then from NIPC....From what I've
seen, their advisories and alerts are redundant to any number of free
listservs, vendor, and the time-delayed CERT advisories. Chances are when
NIPC reports something, it's been common knowledge for a while. No great
secret there.

You want cracker-jack computer crime investigations, check out USAF OSI and
NASA ... they wrote the book on computer crime investigations and analysis.
You want cracker-jack security information on exploits and vulnerabilities,
check out BUGTRAQ, INCIDENTS, and such....it's free, useful, and
interactive. (yeah, yeah, I plugged the list....)

We now return to your regularly-scheduled Code Red analysis.


Rick Forno
infowarrior.org / incidentresponse.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: randy: "Re: CR vs. CoreBuilder"
Previous message: Chris Freeze: "Re: CRv2 multiple scans from same source IP"
In reply to: bonkat_private: "Re: What use is the NIPC?"
Next in thread: Jay D. Dyson: "Re: What use is the NIPC?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 20:54:16 PDT