Re: Funny note here on a worm

[Gadi Evron <ge () linuxbox org>]

This disturbs me.

Jason wrote:
> Kyle Quest wrote:
> > The idea to release this advisory obviously came
> > from the marketing guys from Sourcefire.
>
> * They are marketing gals actually.
>
> I fail to see how you can come to that conclusion. What do you know
> about the situation? It may very well be a marketing driven decision or
> it could be that there is information you do not have access to driving
> the decision. How can you state your position without a clue either way?

So far I agree.

> Here are some of the questions I asked myself when I saw it.

And here you started going off-track..

> If there is reliable information that a worm is being developed, do you
> sit on that and wait for the world to have to deal with it?

We all know it will show up, posting such claims without said
information is skiddie like. "I have a dozen exploits but can't release
them".
These kind of things would cause panic, generally speaking (not this
incident).

> Do you publish that there is reliable information so people can at least
> ensure they have things in place?

If they don't have things in place already, they are in deep shit. You
can release whatever you like, some of us just question what you
released. No one says it is bad, just that some of us find it funny.

> Do you take that information and distribute it to the proper people in
> an attempt to prevent the release of the worm?

Did you? You have the information, all I can do is scream "they say a
worm (wow!) will come out". LEO's would laugh my ass out of their office.

> Did you receive that information from the proper people that are
> attempting to prevent the spread of a worm?

No, he got it from the web site, your web site which you have nothing to
do with, naturally.

> Was the release of that worm prevented?

How should I know? If it was, isn't it silly to make such claims?
Another will show up anyway.

> There is a metric ton of information you cannot begin to consider in
> making your assertion. Thanks for being a sheeple.

Well, "you" are the one who created the situation.. I'd think a
clarification might be in order, if anything?

> Do you think they would have released a rule that required a lot of
> tuning to use effectively if there was not good cause?

Well now, such a rule would *potentially* alert said Bad Guy and he
would d*potentially* now release his worm circumventing your rule, Woohoo.

> > The snort.org
> > website became a marketing and a sales tool for Sourcefire.

[blah blah political snipage]

> I can tell you that I do not know how I would handle information
> relating to the active development of a worm. I would likely keep it to
> myself and wait for the rest of the world to find out. *That* is a sales
> and marketing tool in my mind.

Which of the 2000 coming out every month? :)

> I am employed by Sourcefire however I speak for myself and not my
> employer. I was not involved in the release so I know nothing more about
> the advisory than you do. It is likely that I may not be given the
> answers either depending on the origin of the information and the nature
> of the disclosure.

I am currently employed by the Israeli Government, but my position on
Gov't policy on whatever will be quoted publically while I say I am
employed there - and it will be MY OWN. Yeah right.

Well, maybe.. I doubt SF's marketing are silly enough to send you here.

Give me a break.

Buddy, all some of us say is that the statement is funny, not that SF is
funny.. don't take us in that direction.

        Gadi.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave