Security Incidents mailing list archives
Re: Posting to Incidents list, was: Re: Help with Nimda.E?
From: cambria () owt com
Date: Thu, 01 Nov 2001 21:28:55 +0000
The way I interpreted HC's post, he was not referring to the perennial full-disclosure debate. He was pointing out the risks of disclosing one's *own* potential vulnerabilities in a public forum. I think it's a valid point and one that inexperienced people may not fully consider before posting. You certainly do not want to post a message to this forum from the affected system saying "I just discovered that my port 5678 gives a root shell to anyone - what should I do". For this reason many people post from email accounts that cannot easily be correlated to the system they are discussing. Also, logs showing actual IP addresses are often "sanitized". That is, the actual IP address of the potentially vulnerable system is replaced with something like "x.x.x.x". I think HC's message was a call for good judgment on the part of those who post here - a sensible recommendation that one not expose exploitable details of one's own system to a potentially malicious audience. Best regards, Greg McCann On 11/1/2001 at 1:17 PM Dan Ellis wrote:
This discussion is perfectly analogous to the debate on full disclosure of vulnerabilities of any kind. Do you have any new arguments to present one way or the other? Cheers, Dan H C wrote: [snip]My concern is that the Incidents list, in particular, is a public forum, and viewable by everyone. No background investigations are conducted, and no NDAs are signed. Such a forum makes for an excellent place for malicious individuals to troll for potential targets. After all, what are the keys that most folks hope for when they attack a target? Unpatched systems, clueless admins (no offense, Matt...really)...basically, easy targets. Maximum effect with the least effort and risk.[snip]
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Help with Nimda.E? Zlatko Ignjatovic (Nov 01)
- Posting to Incidents list, was: Re: Help with Nimda.E? H C (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? Dan Ellis (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? cambria (Nov 01)
- RE: Posting to Incidents list, was: Re: Help with Nimda.E? Steve (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? Dan Ellis (Nov 01)
- Posting to Incidents list, was: Re: Help with Nimda.E? H C (Nov 01)
- <Possible follow-ups>
- FW: Help with Nimda.E? Matt Beck (Nov 01)