Re: Call to arms - INFORMATION ANARCHY
From: Greg Lara (greg@HIGHWIRE.NET)Date: 11/03/01
- Previous message: Lester, Don: "URLScan for IIS"
- In reply to: Russ: "Call to arms - INFORMATION ANARCHY"
- Next in thread: Gregory S. Youngblood: "Re: Call to arms - INFORMATION ANARCHY"
- Next in thread: Livengood, Edward: "Re: Call to arms - INFORMATION ANARCHY"
- Reply: Gregory S. Youngblood: "Re: Call to arms - INFORMATION ANARCHY"
- Reply: Larry Sheldon: "Re: Call to arms - INFORMATION ANARCHY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <HBEPJLHBJAACEJGCEMKHIEMDDAAA.greg@highwire.net> Date: Fri, 2 Nov 2001 18:36:44 -0500 From: Greg Lara <greg@HIGHWIRE.NET> Subject: Re: Call to arms - INFORMATION ANARCHY To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I have to throw in a word of support for Russ's comments on this subject. As
a "systems administrator," I have far too little time to devote to studying
all the detailed code related to a particular vulnerability. I appreciate
knowing that there are independent security researchers out there doing
that - and hopefully working with the vendors responsibly. But how does it
help me or my clients when the fully disclosed code winds up in the hands of
a script kiddie who turns it around and distributes code that blows my web
servers out of the water?
I am as afraid of the defensive and paranoid posturing of the security
research community as I am of the supposed threats from the vendors. I did
not hear any threat that "the full disclosure community needs to be crushed
so that things can go back to business as usual" in Scott Culp's words.
Instead I heard this: "This is not a call to stop discussing
vulnerabilities. Instead, it is a call for security professionals to draw a
line beyond which we recognize that we are simply putting other people at
risk."
It's time for everyone to take a step back and remember why we do what we
do, to remember what the desired end-result of all this work is: greater
security for our systems, and ultimately, for the people who depend on
them. This isn't about territory, or professional pride, or the bottom line,
or intelligence.
So please, as you pull your wagons into a circle, don't forget to look at
the bigger picture.
Greg Lara
Renaissance Computer Resources
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
ntivirus.com/smex2000_rebate
- Previous message: Lester, Don: "URLScan for IIS"
- In reply to: Russ: "Call to arms - INFORMATION ANARCHY"
- Next in thread: Gregory S. Youngblood: "Re: Call to arms - INFORMATION ANARCHY"
- Next in thread: Livengood, Edward: "Re: Call to arms - INFORMATION ANARCHY"
- Reply: Gregory S. Youngblood: "Re: Call to arms - INFORMATION ANARCHY"
- Reply: Larry Sheldon: "Re: Call to arms - INFORMATION ANARCHY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
