The way I interpreted HC's post, he was not referring to the perennial full-disclosure debate. He was pointing out the risks of disclosing one's *own* potential vulnerabilities in a public forum. I think it's a valid point and one that inexperienced people may not fully consider before posting. You certainly do not want to post a message to this forum from the affected system saying "I just discovered that my port 5678 gives a root shell to anyone - what should I do". For this reason many people post from email accounts that cannot easily be correlated to the system they are discussing. Also, logs showing actual IP addresses are often "sanitized". That is, the actual IP address of the potentially vulnerable system is replaced with something like "x.x.x.x". I think HC's message was a call for good judgment on the part of those who post here - a sensible recommendation that one not expose exploitable details of one's own system to a potentially malicious audience. Best regards, Greg McCann On 11/1/2001 at 1:17 PM Dan Ellis wrote: >This discussion is perfectly analogous to the debate on full disclosure >of vulnerabilities of any kind. Do you have any new arguments to >present one way or the other? > >Cheers, >Dan > >H C wrote: >[snip] >> My concern is that the Incidents list, in particular, >> is a public forum, and viewable by everyone. No >> background investigations are conducted, and no NDAs >> are signed. Such a forum makes for an excellent place >> for malicious individuals to troll for potential >> targets. After all, what are the keys that most folks >> hope for when they attack a target? Unpatched >> systems, clueless admins (no offense, >> Matt...really)...basically, easy targets. Maximum >> effect with the least effort and risk. >[snip] ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 18:46:00 PST