Full Disclosure mailing list archives
Re: A funny (but real) story for XMAS
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 16 Dec 2003 14:26:29 -0600 (CST)
of course, CERT, like many federal sites realted to net sec issues, NIPC, local infrgard chapters, the new homeland sec dept, all will know after all the sources below have first fed on the info and rumors for a week or too prior. So, if CERT truely sucks, it sucks slowly... Thanks, Ron DuFresne On Tue, 16 Dec 2003, Gregory A. Gilliss wrote:
Chris, CERT does not "suck" anymore than Microsoft "sucks" or Bush "sucks". CERT is a resource, albeit not a timely one. Consider - Saddam is captured. Who knows first? The people who actually capture him. Who knows next? The people whom the first group tells. Who knows next? Probably Fox News (they seem to have a jump on other networks) followed closely by CNN, UP, AP, the networks, etc. When does the story show up in the newspaper? Two days later (since the story broke after the Sunday paper went to press). Does that mean that the newspaper "sucks"? No, it still is an excellent resource, albeit not very timely. In the security community, time matters very much. If I just finished writing the new latest and greatest exploit for Windows, only I know about it. CERT has no clue, and won't have a clue until the exploit gets share/used/distributed/observed/confirmed. By then, you and your customers may be the unlucky recipients of the exploit's effects. CERT may then present a terrific accurate writeup, but that does no good for the people who are affected. So what are the "best" resources? Number one is the hacker community. if you are a hacker, and you write and share exploits, then you are in the group that has the most clue. Next would be the hacker community's friends and family (or whomever they share information with). Next is probably communities like FD, where either hackers or hacker community F&F (or else people who are affected by the exploits) hang out. Continue up the food chain as illustrated and you will see that he people who *only* get their info from CERT/CIAC/SANS/whatever are considered to have less clue because they are that much more removed from the center of the action. The best resource is to be one of the hackers^H^H^H^H^H^H^Hsecurity researchers =;^) G On or about 2003.12.16 05:03:58 +0000, Christopher Parker (cparker () member fsf org) said:"Join www.osvdb.org to make a better non-corporated vulnerability database since CERT sucks ! "CERT sucks? Humm... In my UNIX & Security college course, we're being told CERT is a great resource for security-related information. Can anybody else make a comment on this? Agree? Disagree? Thanks.-- Gregory A. Gilliss, CISSP E-mail: greg () gilliss com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- A funny (but real) story for XMAS Tri Huynh (Dec 15)
- Re: A funny (but real) story for XMAS Christopher Parker (Dec 16)
- Re: A funny (but real) story for XMAS Cael Abal (Dec 16)
- Re: A funny (but real) story for XMAS proidg (Dec 18)
- Re: A funny (but real) story for XMAS Exibar (Dec 16)
- Re: A funny (but real) story for XMAS Gregory A. Gilliss (Dec 16)
- Re: A funny (but real) story for XMAS Ron DuFresne (Dec 16)
- RE: A funny (but real) story for XMAS Chris DeVoney (Dec 17)
- Re: A funny (but real) story for XMAS Cael Abal (Dec 16)
- Re: A funny (but real) story for XMAS Valdis . Kletnieks (Dec 18)
- RE: A funny (but real) story for XMAS Bill Royds (Dec 18)
- Re: A funny (but real) story for XMAS Christopher Parker (Dec 16)
- Re: A funny (but real) story for XMAS Ron DuFresne (Dec 16)
- <Possible follow-ups>
- Re: A funny (but real) story for XMAS Jeffrey . Stebelton (Dec 16)
- Re: A funny (but real) story for XMAS KF (Dec 16)
- Re: A funny (but real) story for XMAS madsaxon (Dec 16)
- Re: A funny (but real) story for XMAS Kurt Seifried (Dec 16)
- OSVDB (was [Funny Story]) Gregory A. Gilliss (Dec 16)
- Re: A funny (but real) story for XMAS Kurt Seifried (Dec 16)
- RE: A funny (but real) story for XMAS Schmehl, Paul L (Dec 16)