Re: Security through obscurity, etc.

[jason () dickory sdsu edu (Jason Matthews)]

On Tue, 29 Nov 1994, That Whispering Wolf... wrote:

> Why doesn't 8lgm, instead of posting exploit scripts, post DETAILED 
> KNOWLEDGE of the bug, including source snippets if they can, so that 
> those of us that are capable can diagnose our own systems, work around
> bugs (etc), while the average joe-on-the-street doesn't just have a plug-
> and-go attack on a system. Any hacker with the ability to turn bug details
> into an exploit script probably already knows about the bugs anyhow.
>
> Well, this is just my $.02. I think if 8lgm continues they way they're
> going (with things like their SCO 'login' problem -- Which basically said "There's a bug, no fix and no workaround, 
> so nyah"), I'd rather just see them 
> go away. I echo Pat's comments (I think that was Pat) about only needing
> one CERT.

I would rather have 8lgm then CERT. 

Jason