Before I begin this post, let me just say that I am all for sites like SecurityFocus and the various lists it provides. I am a strong believer in collaboration, as we all have different experiences and we can all learn from each other through discussion and trading ideas and information. That being said, I'm a little concerned at the type of information being posted to the Incidents list by some posters. I'm not picking on Matt's post, simply using it as an example. No offense is intended. My concern is that the Incidents list, in particular, is a public forum, and viewable by everyone. No background investigations are conducted, and no NDAs are signed. Such a forum makes for an excellent place for malicious individuals to troll for potential targets. After all, what are the keys that most folks hope for when they attack a target? Unpatched systems, clueless admins (no offense, Matt...really)...basically, easy targets. Maximum effect with the least effort and risk. I'm not going to pick Matt's post apart. That's not my intention. However, I find it very concerning that this type of information is being made public. Add that to things like searches of Usenet, NetCraft, and even DNS zone transfers, and I can easily see how Matt's site would be subject to all sorts of probes rather quickly. Just my $0.02... Carv __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 09:30:14 PST