nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: UK ISP threatens security researcher

From: alex () pilosoft com
Date: Fri, 20 Apr 2007 10:31:52 -0400 (EDT)

On Fri, 20 Apr 2007, Gadi Evron wrote:



On Fri, 20 Apr 2007, Simon Lyall wrote:


On Thu, 19 Apr 2007, Gadi Evron wrote:

Looking at the lack of security response and seriousness from this
ISP, I personally, in hindsight (although it was impossible to see
back then) would not waste time with reporting issues to them, now.


These days there is almost never any reason to report a security issue
unless you are a professional security researcher who is looking for
publicity/work. [1]


Now, that is off-topic to NANOG.

Just because you disagree with someone's opinion, doesn't make it
offtopic.


One comment: just because they are not reported does not mean they are
not used. Proved beyond doubt this past year with all the 0day attacks
and targeted attacks going on.

I'm not sure if Simon's comment was tongue-in-cheek.

I think if you are referring to "public disclosure", yes, I think there's 
little point of doing this, unless you are seeking attention. Of course, 
reporting a problem to vendor privately always makes sense.

I'm not sure the debate on public disclosure vs private falls under NANOG 
AUP.

-alex
Previous By Date Next
Previous By Thread Next

Current thread: