Security Basics mailing list archives
RE: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure
From: "Murda" <murdamcloud () bigpond com>
Date: Tue, 6 Jul 2010 09:29:23 +1000
So this seems to boil down to the two arguments(in my mind at least): "The action of disclosing vulnerabilities may increase the risk of a breach but may increase the likelihood of the vendor fixing the hole," Versus: "The inaction of not disclosing the vulnerability may decrease the risk of a breach but does not increase the likelihood of a vendor fixing the hole," Does that sound right? Anyone who has the ability to quantify those arguments in a meaningful manner wins the right to tell me how the stock market will fluctuate in the next six months... Perhaps the thread name could (just as justifiably?) be "Cyber Attacks "escalating" after irresponsible MS not fixing hole". Personally, I think that a huge fist of economics may at some point render some of these points moot. Companies may well not be able to afford to care about holes...especially when those companies are reliant on over-leveraged financial systems. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Al MailingList Sent: Sunday, July 04, 2010 9:26 AM To: andrew.wallace Cc: security-basics () securityfocus com Subject: Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure "Irresponsible"? Perhaps you should read this post: http://seclists.org/dailydave/2010/q2/58 I lose faith daily in the security industry. Al On Thu, Jul 1, 2010 at 11:57 PM, andrew.wallace <andrew.wallace () rocketmail com> wrote:
Rik Ferguson, senior security researcher at Trend Micro, said: "It's
certainly very serious and is now being actively exploited by what appears to be several different groups as you can see form the multiple payloads being delivered."
http://news.bbc.co.uk/1/hi/technology/10473495.stm Andrew http://sites.google.com/site/n3td3v/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1
------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure andrew.wallace (Jul 02)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure Al MailingList (Jul 05)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure andrew.wallace (Jul 05)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure Al MailingList (Jul 05)
- RE: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure Murda (Jul 06)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure John Morrison (Jul 06)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure murdamcloud (Jul 07)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure Jeffrey Walton (Jul 06)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure Jacky Jack (Jul 07)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure fyne_ugo (Jul 07)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure iamherevivek (Jul 07)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure Ansgar Wiechers (Jul 07)
- RE: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure Murda (Jul 13)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure andrew.wallace (Jul 05)
- Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure Al MailingList (Jul 05)