Full Disclosure mailing list archives

Re: MS04-025 - Ignorance is truly bliss....

From: Ferguson () netsys com, Ann <annfer () duck wafel com>
Date: Thu, 5 Aug 2004 17:48:50 -0400 (EDT)

On Thursday, 5 August 2004, hellNbak wrote:

The paper slowly went sideways and turned into a large rant low on
technical information but relevant about MS04-025, CERT, and other
random things [...]


Despite of what you would like to think, your rants are not relevant in any 
way. I do not say this because I want to insult you - heck, I happen to 
respect you - but simply because that's the way it is.

The Internet is no longer a world of hippie hacker idealists, but quite simply 
a global market. Because of lack of centralized authority overseeing it 
(wasn't that what you fought for?), it is a wild style economy, often driven 
by shoddy practices and cutting corners where customers won't notice, or
marketing on the verge of deceit. This is how we do big business - honesty,
altruism, and respect for ideals were never its strong sides, unless you
could get a tax break doing those.

But then, were the Internet and IT security still merely a hobby of a bunch
of enthusiasts, you wouldn't be getting your paycheck, would you? You
benefit from these changes, with all their side effects. You tell your
customers to buy products, not to distrust the system, to uncloak treasons,
or banish false prophets. You tell them what they want to hear, then cash 
the check so that you can afford to write rants about how the world should 
be. The problem with socialist utopias where all do their jobs best, and get
exactly what they deserve, is that they all seem to fail quite miserably
(how odd). Unjust exploitation, trickery to claim undeserved credibility or
recognition, commercialization of everything you can capitalize on - that's 
what makes a country (or an industry) great.

What do you hope to achieve, or how do you believe your opinion is being
relevant or novel, if you come to this audience, and state that CERT is no 
longer credible, and is a bunch of crooks who live off selling advance 
vulnerability warnings? Or that Microsoft is not exactly particularly devoted 
to improving security of their products and protecting their customers?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

MS04-025 - Ignorance is truly bliss.... hellNbak (Aug 05)
- Re: MS04-025 - Ignorance is truly bliss.... Ferguson (Aug 06)
  - Re: MS04-025 - Ignorance is truly bliss.... hellNbak (Aug 06)
    - Re: Re: MS04-025 - Ignorance is truly bliss.... George Capehart (Aug 06)
    - perhaps outsourcing needs a closer look by some companies;; Ron DuFresne (Aug 06)
  - Re: Re: MS04-025 - Ignorance is truly bliss.... Georgi Guninski (Aug 06)
    - Re: Re: MS04-025 - Ignorance is truly bliss.... hellNbak (Aug 06)
  - Re: Re: MS04-025 - Ignorance is truly bliss.... Barry Fitzgerald (Aug 06)