Re: Posting to Incidents list, was: Re: Help with Nimda.E?

From: cambriaat_private
Date: Thu Nov 01 2001 - 13:28:55 PST

Next message: Steve: "RE: Posting to Incidents list, was: Re: Help with Nimda.E?"

Previous message: Boyan Krosnov: "RE: Strange kernel happenings"
In reply to: Dan Ellis: "Re: Posting to Incidents list, was: Re: Help with Nimda.E?"
Next in thread: Steve: "RE: Posting to Incidents list, was: Re: Help with Nimda.E?"
Reply: Steve: "RE: Posting to Incidents list, was: Re: Help with Nimda.E?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The way I interpreted HC's post, he was not referring to the perennial full-disclosure debate.  He was pointing out the risks of disclosing one's *own* potential vulnerabilities in a public forum.

I think it's a valid point and one that inexperienced people may not fully consider before posting.

You certainly do not want to post a message to this forum from the affected system saying "I just discovered that my port 5678 gives a root shell to anyone - what should I do".

For this reason many people post from email accounts that cannot easily be correlated to the system they are discussing.  Also, logs showing actual IP addresses are often "sanitized".  That is, the actual IP address of the potentially vulnerable system is replaced with something like "x.x.x.x".

I think HC's message was a call for good judgment on the part of those who post here - a sensible recommendation that one not expose exploitable details of one's own system to a potentially malicious audience.

Best regards,

Greg McCann

On 11/1/2001 at 1:17 PM Dan Ellis wrote:

>This discussion is perfectly analogous to the debate on full disclosure
>of vulnerabilities of any kind.  Do you have any new arguments to
>present one way or the other?
>
>Cheers,
>Dan
>
>H C wrote:
>[snip]
>> My concern is that the Incidents list, in particular,
>> is a public forum, and viewable by everyone.  No
>> background investigations are conducted, and no NDAs
>> are signed.  Such a forum makes for an excellent place
>> for malicious individuals to troll for potential
>> targets.  After all, what are the keys that most folks
>> hope for when they attack a target?  Unpatched
>> systems, clueless admins (no offense,
>> Matt...really)...basically, easy targets.  Maximum
>> effect with the least effort and risk.
>[snip]

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Steve: "RE: Posting to Incidents list, was: Re: Help with Nimda.E?"
Previous message: Boyan Krosnov: "RE: Strange kernel happenings"
In reply to: Dan Ellis: "Re: Posting to Incidents list, was: Re: Help with Nimda.E?"
Next in thread: Steve: "RE: Posting to Incidents list, was: Re: Help with Nimda.E?"
Reply: Steve: "RE: Posting to Incidents list, was: Re: Help with Nimda.E?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 18:46:00 PST