Information Security News mailing list archives
Re: FW: The Code Red hype Hall of Shame
From: InfoSec News <isn () c4i org>
Date: Tue, 14 Aug 2001 05:01:48 -0500 (CDT)
Forwarded from: Aj Effin Reznor <aj () reznor com> "InfoSec News was known to say....."
Forwarded from: Thomas C. Greene <tcgreene () bellatlantic net> i don't think it's at all hypocritical. as i've said repeatedly, i'm in favor of full disclosure. but there's a difference between disclosure and a media blitz.
And you *do* represent the media, correct? The same media that feeds on the "digital pearl harbour", which never occurs. The y2k shams, which were little more than just that. The media. Yeah. We *believe* you. Baaaaaaaaaaa <--- sheep noises, be creative :)
to compare my highspeed junkie article with what eEye did with the .ida hole, i would have had to: 1) post it on every security-oriented mailing list i know; 2) send a press release to every tech journalist in the business; and 3) mention my handy-dandy highspeed junkie code cleaner, yours for only a couple of thousand bucks. the most important issue here is the fact that i have no conflict of interest when i link to an exploit. i'm not selling solutions to it.
(1a) you may as well fault Security Focus then, for the moderators allowing Marc's posts to go through. (1b) you may as well also fault eEye for reverse engineering the bug, and posting it to lists hosted by Security Focus. After all, showing how one bug works only tells other malicious coders how and where their own script can compromise hosts. (1c) as per (1b), fault Security Focus for co-releasing eEye's reverse engineering. Ridiculous? Hell yes. But, this is what you are basically saying, had you followed through on your own thoughts. (2) If journalists didn't feed on press releases then they would have no value. Point (2) of yours would be moot if the journalists themselves were not part of the problem. (3) Other than SecureIIS, which as I have stated in a previous post, is the only package I know of that would have stopped an attack which had no known signature, you MUST be referring to eEye's CodeRedScanner. http://www.eeye.com/html/Research/Tools/codered.html Cuz, that's, uh, free. I don't see MS or *anyone* else putting out a *free* tool for testing a server's integrity. Your conflict of interest seems to be more of a moral splitting of hairs, than an alleged economic one.
as for the twinkies, i prefer not to name names. they're a 'type'. they think company flacks are a legitimate news source. (well they can be, so long as you're questioning them about their competitors, lol). they're gullibile, and ambitious, and well-groomed, and they don't expect people to lie to them. they went to schools like my alma mater (Williams), but they imagined their professors were all wonderful people, and cherish their diplomas. they can read and digest difficult text, and re-cap it on command; they've learned to follow complex instructions, meet deadlines with pluck, and go about things in a 'professional' manner -- that is, without reluctance, personal flair or (Heaven forbid) independent moral reasoning. They lack imagination, talent, and most of all, courage. And they make me sick.
Imagination and "literary license" are not excuses for shoddy reporting, finger pointing, and utterly overlooking the large implications of the concepts supported by journos. Damn near every journo I've met, save about 5, would appear qualify as the twinkies you describe. -aj. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- The Code Red hype Hall of Shame InfoSec News (Aug 10)
- <Possible follow-ups>
- Re: The Code Red hype Hall of Shame InfoSec News (Aug 11)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 11)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 13)
- FW: The Code Red hype Hall of Shame InfoSec News (Aug 13)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 13)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 14)
- Re: FW: The Code Red hype Hall of Shame InfoSec News (Aug 14)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 14)
- Re: FW: The Code Red hype Hall of Shame InfoSec News (Aug 14)