Re: [Full-Disclosure] [OT] Re: Quick Question

From: hellNbak (hellnbak@nmrc.org)
Date: 03/18/03

  • Next message: Nicob: "Re: [Full-Disclosure] Administrivia: Pressured to delete archive entry"
    From: hellNbak <hellnbak@nmrc.org>
    To: Georgi Guninski <guninski@guninski.com>
    Date: Mon, 17 Mar 2003 19:45:32 -0600 (CST)
    

    > [sorry for the flame war, but this more of the faq]

    I wasn't aware that this was a flame war. Some are mature enough to
    debate a subject without resorting to such silly things.

    > I support my words that I don't do security work for the money.
    > Of course I have to do something for living.
    > Once again money is not sufficient incentive.

    Care to actually back this argument up? It is clear that you, like most
    of us (there is nothing really wrong with it in my opinion) are a security
    consultant. You take what you enjoy and what you seem to be good at and
    make a living from it. There is nothing wrong with that as long as you
    are honest about it. Perhaps that is the problem.

    > The IETF just said "NO" to this.

    Yes, and they did so based on some valid reasons but that does not take
    away from the need for a standard.

    > RFP can do whatever he wants with his 0days and I don't care.
    > But his writings do not apply to me.
    > btw, have not seen interesting stuff from RFP recently (don't have anything
    > against him).

    So you are saying that by being responsible or even having a standard
    somehow prohibits research? Wow, if that is truly the case I can see why
    you are so against a structured reporting policy.

    > From the above url:
    > "There is no industry consensus on what constitutes best pratices for
    > vulnerability disclosure"
    > So what?

    And your point is? You are right, there isn't a standard. But that
    doesn't mean that there shouldn't be one.

    > Have you read this:
    > http://lists.netsys.com/pipermail/full-disclosure/2002-August/000822.html
    > Free Hacker Manifest
    > People seem to support this, you know.

    Yes, some do. Again, highlighting the need for an accepted standard.

    > Also, if you use your 3l33t s34rching skills, you can find that in 98-99
    > microsoft publicly thanked me for the exactly the same behavior.

    Judging by your opening lines, I think it is you Georgi who owns the 31337
    s34rching skillz......

    -- 
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    "I don't intend to offend, I offend with my intent"
    hellNbak@nmrc.org
    http://www.nmrc.org/~hellnbak
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: Nicob: "Re: [Full-Disclosure] Administrivia: Pressured to delete archive entry"