Information Security News mailing list archives
FW: The Code Red hype Hall of Shame
From: InfoSec News <isn () c4i org>
Date: Mon, 13 Aug 2001 03:19:43 -0500 (CDT)
Forwarded from: Thomas C. Greene <tcgreene () bellatlantic net> i don't think it's at all hypocritical. as i've said repeatedly, i'm in favor of full disclosure. but there's a difference between disclosure and a media blitz. to compare my highspeed junkie article with what eEye did with the .ida hole, i would have had to: 1) post it on every security-oriented mailing list i know; 2) send a press release to every tech journalist in the business; and 3) mention my handy-dandy highspeed junkie code cleaner, yours for only a couple of thousand bucks. the most important issue here is the fact that i have no conflict of interest when i link to an exploit. i'm not selling solutions to it. as for the twinkies, i prefer not to name names. they're a 'type'. they think company flacks are a legitimate news source. (well they can be, so long as you're questioning them about their competitors, lol). they're gullibile, and ambitious, and well-groomed, and they don't expect people to lie to them. they went to schools like my alma mater (Williams), but they imagined their professors were all wonderful people, and cherish their diplomas. they can read and digest difficult text, and re-cap it on command; they've learned to follow complex instructions, meet deadlines with pluck, and go about things in a 'professional' manner -- that is, without reluctance, personal flair or (Heaven forbid) independent moral reasoning. They lack imagination, talent, and most of all, courage. And they make me sick. chrz, t. -----Original Message----- From: Brian McWilliams [mailto:bmcw () mediaone net] Sent: Saturday, August 11, 2001 6:46 AM To: InfoSec News Cc: thomas.greene () theregister co uk Subject: RE: [ISN] The Code Red hype Hall of Shame Thomas, You fault eEye for publishing info about the .ida vulnerability, but fail to point out that they never released a working exploit (although they promised one in their advisory). You, on the other hand, provided a link in your article earlier this week to the .ida exploit script written by High Speed Junkie: http://www.theregister.co.uk/content/4/20841.html Isn't that hypocritical? BTW, who are these "twinkie" journalists you referred to? The tech reporters who are out there every day doing the journalistic heavy-lifting ... trying to understand and explain and put into context the events that readers want to know about? Or do you mean the aberrations like Meinel? Care to name names or give specifics? Brian At 05:15 AM 8/11/01, InfoSec News wrote:
Forwarded from: Thomas C. Greene <thomas.greene () theregister co uk> Looks like I got the jump on you by about a day: http://www.theregister.co.uk/content/4/20474.html fyi, chrz, t. -----Original Message----- From: InfoSec News [mailto:isn () c4i org] Sent: Friday, August 10, 2001 11:40 PM To: isn () attrition org Cc: thomas.greene () theregister co uk Subject: Re: [ISN] The Code Red hype Hall of Shame Forwarded from: Dan Verton <Dan_Verton () computerworld com> Greene Writes: We're still at a loss to explain how eEye Digital Security, which discovered and publicized the .ida hole that Code Red and Code Red Junior exploit, has managed to escape questioning by the press for its part in the whole fiasco. Indeed, their role is tantamount to a pharmaceutical company unintentionally releasing a disease germ. I throw this out as an FYI... I raised the issue as far back as July 20 and when I was done I felt like a mailman who had just walked into a yard full of rabid dogs. Story is here and was one of the early ones. "Security experts question release of Code Red worm's exploit data" http://www.computerworld.com/storyba/0,4125,NAV47_STO62453,00.html Unfortunately, the commentators who comment on the commentators, don't always get it either. The truth, like politics, is local. Perceptions are reality and most perceptions differ greatly. Like the sys admin who had to spend 30 hours cleaning up his system in the aftermath of Code Red because he did'nt have the patch installed. But he was warned like the rest of them. Unfortunately, he probably thought it was all just more FUD. He, like hundreds of thousands of others, was wrong. Dan Verton
- ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- The Code Red hype Hall of Shame InfoSec News (Aug 10)
- <Possible follow-ups>
- Re: The Code Red hype Hall of Shame InfoSec News (Aug 11)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 11)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 13)
- FW: The Code Red hype Hall of Shame InfoSec News (Aug 13)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 13)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 14)
- Re: FW: The Code Red hype Hall of Shame InfoSec News (Aug 14)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 14)
- Re: FW: The Code Red hype Hall of Shame InfoSec News (Aug 14)