Full Disclosure mailing list archives

Re: A funny (but real) story for XMAS

From: <proidg () comcast net>
Date: Thu, 18 Dec 2003 08:46:48 -0500

hey, great redux on CERT, but you're forgetting about all the embarrasing
leaks of vuln information in advance of CERT advisories!

-paul
----- Original Message ----- 
From: "Cael Abal" <lists () onryou com>
To: <full-disclosure () lists netsys com>
Sent: Tuesday, December 16, 2003 8:58 AM
Subject: Re: [Full-disclosure] A funny (but real) story for XMAS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

|> "Join www.osvdb.org to make a better non-corporated vulnerability
|> database since CERT sucks ! "
|
| CERT sucks? Humm... In my UNIX & Security college course, we're being
| told CERT is a great resource for security-related information. Can
| anybody else make a comment on this? Agree? Disagree?

Hi Chris,

Depends on which side of the fence you're on.  CERT has been criticized
in the past for being frugal with vulnerability information.  They don't
publish exploits, for one, which means k1ddi3z prefer FD.  :)

I remember CERT taking some flack about their Vulnerability Catalog
becoming available by subscription a few years ago.  Here's an article:

http://linuxtoday.com/security/2001042600220SCLF

Oh, and here's a link to the fees:

http://www.isalliance.org/nam/index2.htm

It seems that this database is what the people at http://www.osvdb.org
are up in arms over.  Interesting idea, their database is a little
barren at the moment though.

Additionally, one of CERT's security analysts was arrested for
pedophilia-related crimes a few months ago.  Folks who don't like CERT
gloated for weeks.

http://www.pittsburghlive.com/x/tribune-review/news/s_160861.html

Realistically, CERT is a valuable resource, regardless.

C

PS:  I have no interest in getting into a flamewar over CERT,
disclosure, or pedophilia.  Thanks in advance.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQE/3w97R2vQ2HfQHfsRAtuOAJ98J3iOL7EwwI4h2x1ECodzGwtshwCcCMX3
dIufrfrWfNbrdBix4/XYKDE=
=E/La
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

A funny (but real) story for XMAS Tri Huynh (Dec 15)
- Re: A funny (but real) story for XMAS Christopher Parker (Dec 16)
  - Re: A funny (but real) story for XMAS Cael Abal (Dec 16)
    - Re: A funny (but real) story for XMAS proidg (Dec 18)
  - Re: A funny (but real) story for XMAS Exibar (Dec 16)
  - Re: A funny (but real) story for XMAS Gregory A. Gilliss (Dec 16)
    - Re: A funny (but real) story for XMAS Ron DuFresne (Dec 16)
    - RE: A funny (but real) story for XMAS Chris DeVoney (Dec 17)
  - Re: A funny (but real) story for XMAS Valdis . Kletnieks (Dec 18)
    - RE: A funny (but real) story for XMAS Bill Royds (Dec 18)
- Re: A funny (but real) story for XMAS Ron DuFresne (Dec 16)
- <Possible follow-ups>
- Re: A funny (but real) story for XMAS Jeffrey . Stebelton (Dec 16)
  - Re: A funny (but real) story for XMAS KF (Dec 16)
- Re: A funny (but real) story for XMAS madsaxon (Dec 16)

(Thread continues...)