Re: Posting to Incidents list, was: Re: Help with Nimda.E?

From: Dan Ellis (ellisdat_private)
Date: Thu Nov 01 2001 - 10:17:01 PST

Next message: Boyan Krosnov: "RE: Strange kernel happenings"

Previous message: Ryan Russell: "Re: Strange kernel happenings"
In reply to: H C: "Posting to Incidents list, was: Re: Help with Nimda.E?"
Next in thread: cambriaat_private: "Re: Posting to Incidents list, was: Re: Help with Nimda.E?"
Reply: cambriaat_private: "Re: Posting to Incidents list, was: Re: Help with Nimda.E?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

	This discussion is perfectly analogous to the debate on full disclosure
of vulnerabilities of any kind.  Do you have any new arguments to
present one way or the other?

Cheers,
Dan

H C wrote:
[snip]
> My concern is that the Incidents list, in particular,
> is a public forum, and viewable by everyone.  No
> background investigations are conducted, and no NDAs
> are signed.  Such a forum makes for an excellent place
> for malicious individuals to troll for potential
> targets.  After all, what are the keys that most folks
> hope for when they attack a target?  Unpatched
> systems, clueless admins (no offense,
> Matt...really)...basically, easy targets.  Maximum
> effect with the least effort and risk.
[snip]

---------------------------
Dan Ellis
MITRE Infosec Eng/Scientist
work (703) 883-5807
fax  (703) 883-1397

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Next message: Boyan Krosnov: "RE: Strange kernel happenings"
Previous message: Ryan Russell: "Re: Strange kernel happenings"
In reply to: H C: "Posting to Incidents list, was: Re: Help with Nimda.E?"
Next in thread: cambriaat_private: "Re: Posting to Incidents list, was: Re: Help with Nimda.E?"
Reply: cambriaat_private: "Re: Posting to Incidents list, was: Re: Help with Nimda.E?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 10:24:02 PST