Pardon the comments and mini-rant. In partial defense, as a security director for a net company, I worked with NIPC since their inception in 1998 - while they had some really good techhie folks there, many have sinced moved on to Cisco and other IT industry vendors. There's not much meat left there, and it's been woefully understaffed since its beginnings - even the April GAO report on NIPC said so. NIPC is a noble idea on paper, but was designed as one of several White House pet projects designed as knee-jerk reactions to the sensationalized nature of information security and the new term of critical infrastructure protection. Look what web vandals were able to get the USG to build and fund - an entirely new organization!!! (How's that for a kiddie's ego trip?) Recall that NIPC is the same entity that ran a one-line virus advisory for I-LOVE-YA that simply read "A new virus has been detected in thie Philippenes" ..... they updated it 4 hours later to say that it was a VBS event and that more info would be provided as it became available. I got better info on the radio driving into work then from NIPC....From what I've seen, their advisories and alerts are redundant to any number of free listservs, vendor, and the time-delayed CERT advisories. Chances are when NIPC reports something, it's been common knowledge for a while. No great secret there. You want cracker-jack computer crime investigations, check out USAF OSI and NASA ... they wrote the book on computer crime investigations and analysis. You want cracker-jack security information on exploits and vulnerabilities, check out BUGTRAQ, INCIDENTS, and such....it's free, useful, and interactive. (yeah, yeah, I plugged the list....) We now return to your regularly-scheduled Code Red analysis. Rick Forno infowarrior.org / incidentresponse.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 20:54:16 PDT