Re: A funny (but real) story for XMAS

[Ron DuFresne <dufresne () winternet com>]

of course, CERT, like many federal sites realted to net sec issues, NIPC,
local infrgard chapters, the new homeland sec dept, all will know after
all the sources below have first fed on the info and rumors for a week or
too prior.  So, if CERT truely sucks, it sucks slowly...

Thanks,

Ron DuFresne

On Tue, 16 Dec 2003, Gregory A. Gilliss wrote:

> Chris,
>
> CERT does not "suck" anymore than Microsoft "sucks" or Bush "sucks".
> CERT is a resource, albeit not a timely one. Consider - Saddam is captured.
> Who knows first? The people who actually capture him. Who knows next? The
> people whom the first group tells. Who knows next? Probably Fox News (they
> seem to have a jump on other networks) followed closely by CNN, UP, AP,
> the networks, etc. When does the story show up in the newspaper? Two days
> later (since the story broke after the Sunday paper went to press). Does
> that mean that the newspaper "sucks"? No, it still is an excellent resource,
> albeit not very timely. In the security community, time matters very much.
> If I just finished writing the new latest and greatest exploit for Windows,
> only I know about it. CERT has no clue, and won't have a clue until the
> exploit gets share/used/distributed/observed/confirmed. By then, you and
> your customers may be the unlucky recipients of the exploit's effects. CERT
> may then present a terrific accurate writeup, but that does no good for the
> people who are affected.
>
> So what are the "best" resources? Number one is the hacker community. if
> you are a hacker, and you write and share exploits, then you are in the
> group that has the most clue. Next would be the hacker community's friends
> and family (or whomever they share information with). Next is probably
> communities like FD, where either hackers or hacker community F&F (or else
> people who are affected by the exploits) hang out. Continue up the food chain
> as illustrated and you will see that he people who *only* get their info
> from CERT/CIAC/SANS/whatever are considered to have less clue because they
> are that much more removed from the center of the action. The best resource
> is to be one of the hackers^H^H^H^H^H^H^Hsecurity researchers =;^)
>
> G
>
> On or about 2003.12.16 05:03:58 +0000, Christopher Parker (cparker () member fsf org) said:
>
> > > "Join www.osvdb.org to make a better non-corporated vulnerability database
> > > since CERT sucks ! "
> >
> > CERT sucks? Humm... In my UNIX & Security college course, we're being
> > told CERT is a great resource for security-related information. Can
> > anybody else make a comment on this? Agree? Disagree?
> >
> > Thanks.
>
> --
> Gregory A. Gilliss, CISSP                              E-mail: greg () gilliss com
> Computer Security                             WWW: http://www.gilliss.com/greg/
> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html