Re: NSP-SEC

[Guillaume FORTAINE <gfortaine () live com>]

On 03/20/2010 07:37 PM, William Pitcock wrote:
> On Sat, 2010-03-20 at 20:30 +0200, Hank Nussbacher wrote:
>    
> > On Fri, 19 Mar 2010, William Pitcock wrote:
> >
> >      
> > > On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
> > >        
> > > > An ongoing area of work is to build better closed,
> > > > trusted communities without leaks.
> > > >          
> > > Have you ever considered that public transparency might not be a bad
> > > thing?  This seems to be the plight of many security people, that they
> > > have to be 100% secretive in everything they do, which is total
> > > bullshit.
> > >
> > > Just saying.
> > >        
> > How exactly would being transparent for the following help Internet
> > security:
> >
> > "I am seeing a new malware infection vector via port 91714 coming from the
> > IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page
> > http://www.trythisoutnow.com/.  In addition, it has credit card and pswd
> > stealing capabilities and sends the details to a maildrop at
> > trythisoutnow () gmail com"
> >
> > The only upside of being transparent is alerting the miscreant to change
> > the vector and maildrop.
> >      
> That is not what I mean and you know it.
>
> What I mean is: why can't anyone contribute valuable information to the
> security community?  It is next to impossible to meet so-called 'trusted
> people' if you're new to the game, which is counter-productive.
>
>    

I totally agree with William.

Best Regards,

Guillaume FORTAINE