Full Disclosure mailing list archives
Re: A funny (but real) story for XMAS
From: <proidg () comcast net>
Date: Thu, 18 Dec 2003 08:46:48 -0500
hey, great redux on CERT, but you're forgetting about all the embarrasing leaks of vuln information in advance of CERT advisories! -paul ----- Original Message ----- From: "Cael Abal" <lists () onryou com> To: <full-disclosure () lists netsys com> Sent: Tuesday, December 16, 2003 8:58 AM Subject: Re: [Full-disclosure] A funny (but real) story for XMAS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 |> "Join www.osvdb.org to make a better non-corporated vulnerability |> database since CERT sucks ! " | | CERT sucks? Humm... In my UNIX & Security college course, we're being | told CERT is a great resource for security-related information. Can | anybody else make a comment on this? Agree? Disagree? Hi Chris, Depends on which side of the fence you're on. CERT has been criticized in the past for being frugal with vulnerability information. They don't publish exploits, for one, which means k1ddi3z prefer FD. :) I remember CERT taking some flack about their Vulnerability Catalog becoming available by subscription a few years ago. Here's an article: http://linuxtoday.com/security/2001042600220SCLF Oh, and here's a link to the fees: http://www.isalliance.org/nam/index2.htm It seems that this database is what the people at http://www.osvdb.org are up in arms over. Interesting idea, their database is a little barren at the moment though. Additionally, one of CERT's security analysts was arrested for pedophilia-related crimes a few months ago. Folks who don't like CERT gloated for weeks. http://www.pittsburghlive.com/x/tribune-review/news/s_160861.html Realistically, CERT is a valuable resource, regardless. C PS: I have no interest in getting into a flamewar over CERT, disclosure, or pedophilia. Thanks in advance. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQE/3w97R2vQ2HfQHfsRAtuOAJ98J3iOL7EwwI4h2x1ECodzGwtshwCcCMX3 dIufrfrWfNbrdBix4/XYKDE= =E/La -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- A funny (but real) story for XMAS Tri Huynh (Dec 15)
- Re: A funny (but real) story for XMAS Christopher Parker (Dec 16)
- Re: A funny (but real) story for XMAS Cael Abal (Dec 16)
- Re: A funny (but real) story for XMAS proidg (Dec 18)
- Re: A funny (but real) story for XMAS Exibar (Dec 16)
- Re: A funny (but real) story for XMAS Gregory A. Gilliss (Dec 16)
- Re: A funny (but real) story for XMAS Ron DuFresne (Dec 16)
- RE: A funny (but real) story for XMAS Chris DeVoney (Dec 17)
- Re: A funny (but real) story for XMAS Cael Abal (Dec 16)
- Re: A funny (but real) story for XMAS Valdis . Kletnieks (Dec 18)
- RE: A funny (but real) story for XMAS Bill Royds (Dec 18)
- Re: A funny (but real) story for XMAS Christopher Parker (Dec 16)
- Re: A funny (but real) story for XMAS Ron DuFresne (Dec 16)
- <Possible follow-ups>
- Re: A funny (but real) story for XMAS Jeffrey . Stebelton (Dec 16)
- Re: A funny (but real) story for XMAS KF (Dec 16)
- Re: A funny (but real) story for XMAS madsaxon (Dec 16)