Security Incidents mailing list archives
Posting to Incidents list, was: Re: Help with Nimda.E?
From: H C <keydet89 () yahoo com>
Date: Thu, 1 Nov 2001 09:18:36 -0800 (PST)
Before I begin this post, let me just say that I am all for sites like SecurityFocus and the various lists it provides. I am a strong believer in collaboration, as we all have different experiences and we can all learn from each other through discussion and trading ideas and information. That being said, I'm a little concerned at the type of information being posted to the Incidents list by some posters. I'm not picking on Matt's post, simply using it as an example. No offense is intended. My concern is that the Incidents list, in particular, is a public forum, and viewable by everyone. No background investigations are conducted, and no NDAs are signed. Such a forum makes for an excellent place for malicious individuals to troll for potential targets. After all, what are the keys that most folks hope for when they attack a target? Unpatched systems, clueless admins (no offense, Matt...really)...basically, easy targets. Maximum effect with the least effort and risk. I'm not going to pick Matt's post apart. That's not my intention. However, I find it very concerning that this type of information is being made public. Add that to things like searches of Usenet, NetCraft, and even DNS zone transfers, and I can easily see how Matt's site would be subject to all sorts of probes rather quickly. Just my $0.02... Carv __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Help with Nimda.E? Zlatko Ignjatovic (Nov 01)
- Posting to Incidents list, was: Re: Help with Nimda.E? H C (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? Dan Ellis (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? cambria (Nov 01)
- RE: Posting to Incidents list, was: Re: Help with Nimda.E? Steve (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? Dan Ellis (Nov 01)
- Posting to Incidents list, was: Re: Help with Nimda.E? H C (Nov 01)
- <Possible follow-ups>
- FW: Help with Nimda.E? Matt Beck (Nov 01)