Re: FW: The Code Red hype Hall of Shame

[InfoSec News <isn () c4i org>]

Forwarded from: Aj Effin Reznor <aj () reznor com>

"InfoSec News was known to say....."
 
> Forwarded from: Thomas C. Greene <tcgreene () bellatlantic net>
>
> i don't think it's at all hypocritical.  as i've said repeatedly,
> i'm in favor of full disclosure.  but there's a difference between
> disclosure and a media blitz.

And you *do* represent the media, correct?

The same media that feeds on the "digital pearl harbour", which never
occurs.

The y2k shams, which were little more than just that.

The media.  Yeah.  We *believe* you.  Baaaaaaaaaaa <--- sheep noises,
be creative :)
 
> to compare my highspeed junkie article with what eEye did with the
> .ida hole, i would have had to: 1) post it on every security-oriented
> mailing list i know; 2) send a press release to every tech journalist
> in the business; and 3) mention my handy-dandy highspeed junkie code
> cleaner, yours for only a couple of thousand bucks.  the most
> important issue here is the fact that i have no conflict of interest
> when i link to an exploit.  i'm not selling solutions to it.

(1a) you may as well fault Security Focus then, for the moderators
allowing Marc's posts to go through.

(1b) you may as well also fault eEye for reverse engineering the bug,
and posting it to lists hosted by Security Focus.  After all, showing
how one bug works only tells other malicious coders how and where
their own script can compromise hosts.

(1c) as per (1b), fault Security Focus for co-releasing eEye's reverse
engineering.

Ridiculous?  Hell yes.  But, this is what you are basically saying,
had you followed through on your own thoughts.

(2) If journalists didn't feed on press releases then they would have
no value.  Point (2) of yours would be moot if the journalists
themselves were not part of the problem.

(3) Other than SecureIIS, which as I have stated in a previous post,
is the only package I know of that would have stopped an attack which
had no known signature, you MUST be referring to eEye's
CodeRedScanner. http://www.eeye.com/html/Research/Tools/codered.html
Cuz, that's, uh, free.  I don't see MS or *anyone* else putting out a
*free* tool for testing a server's integrity.

Your conflict of interest seems to be more of a moral splitting of
hairs, than an alleged economic one.
 
> as for the twinkies, i prefer not to name names.  they're a
> 'type'.  they think company flacks are a legitimate news source.
> (well they can be, so long as you're questioning them about their
> competitors, lol).  they're gullibile, and ambitious, and
> well-groomed, and they don't expect people to lie to them.  they
> went to schools like my alma mater (Williams), but they imagined
> their professors were all wonderful people, and cherish their
> diplomas.  they can read and digest difficult text, and re-cap it
> on command; they've learned to follow complex instructions, meet
> deadlines with pluck, and go about things in a 'professional'
> manner -- that is, without reluctance, personal flair or (Heaven
> forbid) independent moral reasoning. They lack imagination,
> talent, and most of all, courage.  And they make me sick.

Imagination and "literary license" are not excuses for shoddy
reporting, finger pointing, and utterly overlooking the large
implications of the concepts supported by journos.  Damn near every
journo I've met, save about 5, would appear qualify as the twinkies
you describe.


-aj.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.