Re: MS06-019 - How long before this develops into a self propagating email worm

[bkfsec <bkfsec () sdf lonestar org>]

n3td3v wrote:

> On 5/10/06, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
>
> > threat meters:
>
>
> Seriously, threat meters are a waste of time and should be scraped by 
> all.
Hey, I believe it's right to tell someone when they're wrong and give 
them credit when they're right... and although I disagree with some of 
your conclusions, I have to say that you've got a good point here.

About all that these threat meters do is drum people into action.  That 
is, deep down, a good thing, but it's something that people should be 
careful with.  Computers, and in particular computer security, is 
something that many people think is magic.  An organization that is not 
well mitigated and is not vigilant is as likely to get cracked into 
during a high threat level as it is at a low threat level... the threat 
meters do give people a false sense of security and a false sense of 
fear and really do only measure paranoia.

Now, that's not to say that they don't have a use, but like all tools if 
it's misused, the results will not necessarily be good.  Something to 
keep in mind.

         -bkfsec


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/