nanog mailing list archives
Re: NSP-SEC
From: William Pitcock <nenolod () systeminplace net>
Date: Sat, 20 Mar 2010 13:37:58 -0500
On Sat, 2010-03-20 at 20:30 +0200, Hank Nussbacher wrote:
On Fri, 19 Mar 2010, William Pitcock wrote:On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:An ongoing area of work is to build better closed, trusted communities without leaks.Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. Just saying.How exactly would being transparent for the following help Internet security: "I am seeing a new malware infection vector via port 91714 coming from the IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page http://www.trythisoutnow.com/. In addition, it has credit card and pswd stealing capabilities and sends the details to a maildrop at trythisoutnow () gmail com" The only upside of being transparent is alerting the miscreant to change the vector and maildrop.
That is not what I mean and you know it. What I mean is: why can't anyone contribute valuable information to the security community? It is next to impossible to meet so-called 'trusted people' if you're new to the game, which is counter-productive. If you're a 15 year old kid and you just discovered a way to own the latest IOS, for example, how do you know who to tell about it? William
Current thread:
- Re: NSP-SEC, (continued)
- Re: NSP-SEC Michael Dillon (Mar 19)
- Re: NSP-SEC John Kristoff (Mar 19)
- Re: NSP-SEC William Pitcock (Mar 19)
- Re: NSP-SEC - should read Integrity bmanning (Mar 19)
- RE: NSP-SEC - should read Integrity Green, Tim R (Mar 19)
- Re: NSP-SEC - should read Integrity Patrick W. Gilmore (Mar 19)
- Re: NSP-SEC - should read Integrity Guillaume FORTAINE (Mar 19)
- Re: NSP-SEC William Pitcock (Mar 19)
- Open Security (was Re:[a string that stops delivery here]) Larry Sheldon (Mar 19)
- Re: NSP-SEC Justin M. Streiner (Mar 19)
- Re: NSP-SEC Hank Nussbacher (Mar 20)
- Re: NSP-SEC William Pitcock (Mar 20)
- Re: NSP-SEC Justin M. Streiner (Mar 20)
- Re: NSP-SEC Hank Nussbacher (Mar 20)
- Re: NSP-SEC Guillaume FORTAINE (Mar 20)
- Re: NSP-SEC Gadi Evron (Mar 20)
- Re: NSP-SEC Valdis . Kletnieks (Mar 22)
- Re: NSP-SEC Guillaume FORTAINE (Mar 22)
- Re: NSP-SEC Randy Bush (Mar 22)
- Re: NSP-SEC Andrew D Kirch (Mar 22)
- Re: NSP-SEC Valdis . Kletnieks (Mar 22)
- Re: NSP-SEC Guillaume FORTAINE (Mar 23)