Posting to Incidents list, was: Re: Help with Nimda.E?

[H C <keydet89 () yahoo com>]

Before I begin this post, let me just say that I am
all for sites like SecurityFocus and the various lists
it provides.  I am a strong believer in collaboration,
as we all have different experiences and we can all
learn from each other through discussion and trading
ideas and information.

That being said, I'm a little concerned at the type of
information being posted to the Incidents list by some
posters.  I'm not picking on Matt's post, simply using
it as an example.  No offense is intended.

My concern is that the Incidents list, in particular,
is a public forum, and viewable by everyone.  No
background investigations are conducted, and no NDAs
are signed.  Such a forum makes for an excellent place
for malicious individuals to troll for potential
targets.  After all, what are the keys that most folks
hope for when they attack a target?  Unpatched
systems, clueless admins (no offense,
Matt...really)...basically, easy targets.  Maximum
effect with the least effort and risk. 

I'm not going to pick Matt's post apart.  That's not
my intention.  However, I find it very concerning that
this type of information is being made public.  Add
that to things like searches of Usenet, NetCraft, and
even DNS zone transfers, and I can easily see how
Matt's site would be subject to all sorts of probes
rather quickly.

Just my $0.02...

Carv



__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com