Security Incidents mailing list archives
Re: Posting to Incidents list, was: Re: Help with Nimda.E?
From: Dan Ellis <ellisd () mitre org>
Date: Thu, 01 Nov 2001 13:17:01 -0500
This discussion is perfectly analogous to the debate on full disclosure
of vulnerabilities of any kind. Do you have any new arguments to
present one way or the other?
Cheers,
Dan
H C wrote:
[snip]
My concern is that the Incidents list, in particular, is a public forum, and viewable by everyone. No background investigations are conducted, and no NDAs are signed. Such a forum makes for an excellent place for malicious individuals to troll for potential targets. After all, what are the keys that most folks hope for when they attack a target? Unpatched systems, clueless admins (no offense, Matt...really)...basically, easy targets. Maximum effect with the least effort and risk.
[snip] --------------------------- Dan Ellis MITRE Infosec Eng/Scientist work (703) 883-5807 fax (703) 883-1397
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: Help with Nimda.E? Zlatko Ignjatovic (Nov 01)
- Posting to Incidents list, was: Re: Help with Nimda.E? H C (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? Dan Ellis (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? cambria (Nov 01)
- RE: Posting to Incidents list, was: Re: Help with Nimda.E? Steve (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? Dan Ellis (Nov 01)
- Posting to Incidents list, was: Re: Help with Nimda.E? H C (Nov 01)
- <Possible follow-ups>
- FW: Help with Nimda.E? Matt Beck (Nov 01)