Bugtraq mailing list archives
Re: Hysterical first technical alert from US-CERT
From: Valdis.Kletnieks () vt edu
Date: Wed, 04 Feb 2004 12:11:02 -0500
On Wed, 04 Feb 2004 09:41:39 EST, Larry Seltzer said:
The advisory specifically says that MyDoom.B is spreading rapidly, and that was never the case. It didn't say that it *could* spread rapidly. Maybe you think misinforming in order to induce caution is a good idea, but I expect nothing but the truth from an agency like this.
And I posted a heads-up to our local staff about Dumaru a lot quicker than I did for MyDoom, because from where *I* was, I saw a *huge* initial spike of Dumaru. If I had waited, I would have realized that Dumaru had fizzled. On the other hand, if I had waited that long and it took off like MyDoom, we'd have been screwed. As I said - would you rather they delayed 12 or 18 hours to identify *for sure* how fast it was spreading? Read Nick Weaver's work on Warhol Worms at http://www.cs.berkeley.edu/~nweaver/warhol.html and then ask yourself how much time they should wait and verify before releasing. Unless you have *proof* that they already *knew* it was a snoozer when they hit send, or you have *specific* recommendations on how they can do better, let it slide. Or alternatively, what would *YOU* do if your boss at Ziff Davis told you that there were cases where your article *had* to be on the web server *within an hour* of you getting the first hint of the story, or real damage might happen? Oh, and you don't know which stories those are, and which ones you can afford to wait 2 or 3 hours and do follow-ups on first. Oh, and Ziff Davis also said that if you screwed up and got a fact wrong, you'd hear about it from all your readers. If you got a lead that a massive DDoS was coming in 90 minutes, what would you do?
Attachment:
_bin
Description:
Current thread:
- Re: getting rid of outbreaks and spam (junk), (continued)
- Re: getting rid of outbreaks and spam (junk) James Riden (Feb 04)
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] der Mouse (Feb 05)
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Georg Schwarz (Feb 06)
- Re: RFC: virus handling Sascha Wilde (Feb 02)
- Re: RFC: virus handling Pavel Levshin (Feb 02)
- Re: RFC: virus handling David F. Skoll (Feb 03)
- Re: RFC: virus handling Jeremy Mates (Feb 02)
- Hysterical first technical alert from US-CERT Larry Seltzer (Feb 03)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 04)
- RE: Hysterical first technical alert from US-CERT Larry Seltzer (Feb 05)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 04)
- Re: Hysterical first technical alert from US-CERT Stephen Samuel (Feb 06)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 06)
- Re: Hysterical first technical alert from US-CERT Shawn McMahon (Feb 10)
- Hysterical first technical alert from US-CERT Larry Seltzer (Feb 03)
- Re: Hysterical first technical alert from US-CERT Philip Rowlands (Feb 05)
- Re: Hysterical first technical alert from US-CERT Andreas Marx (Feb 06)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling Ben Wheeler (Feb 04)
- Re: RFC: virus handling Shawn McMahon (Feb 07)