about disclosure of nimda logs
From: lorenzo (lorenzo@digitalmind.it)Date: 05/08/02
- Previous message: brossini@csc.com.au: "RE: Publishing Nimda Logs"
- Next in thread: leon: "RE: about disclosure of nimda logs"
- Reply: leon: "RE: about disclosure of nimda logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: lorenzo <lorenzo@digitalmind.it> To: vuln-dev@securityfocus.com Date: 08 May 2002 20:01:16 +0200
I agree with the fact that on those mailing lists there is a full
disclosure of vulnerabilities; but let us not forget that there is
usually a period of time left to the vendors to fix them.
So, why not allow a period of time after which the logs will be made
public?
The question is: can the owner of the machine be contacted?
If yes, then allow him 2 weeks.
If not, let's say 3 weeks.
I'm saying '3 weeks' because sometimes people don't want to leave
contact information, or their contact e-mail are too spammed - so it's
not necessarily their fault if they cannot be contacted.
But after 3 weeks I assume that every script kiddie in the world will
have the machine's address, so publishing it won't affect too much the
bandwidth.
Opinions?
--lorenzo lorenzo@digitalmind.it
- Previous message: brossini@csc.com.au: "RE: Publishing Nimda Logs"
- Next in thread: leon: "RE: about disclosure of nimda logs"
- Reply: leon: "RE: about disclosure of nimda logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
