Information Security News mailing list archives

RE: The Code Red hype Hall of Shame

From: InfoSec News <isn () c4i org>
Date: Mon, 13 Aug 2001 03:20:59 -0500 (CDT)

Forwarded from: Marc Maiffret <marc () eeye com>

Wow. Two writers fighting over who wrote an inaccurate story first.
What fun.

Since neither Tommy nor Danny have any technical understanding of
CodeRed nor the .ida exploit (yet write about it and point fingers
anyway) they both might want to go look at the thread called "Can we
afford full disclosure of security holes?" that was on Bugtraq just
recently. You will actually see knowledgeable people who understand
the topic rather than two writers just looking to meet their weekly
quota of articles.

http://www.securityfocus.com/templates/archive.pike?list=1

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Web Application Firewall


| -----Original Message-----
| From: owner-isn () attrition org [mailto:owner-isn () attrition org]On Behalf
| Of InfoSec News
| Sent: Friday, August 10, 2001 11:40 PM
| To: isn () attrition org
| Cc: thomas.greene () theregister co uk
| Subject: Re: [ISN] The Code Red hype Hall of Shame
|
|
| Forwarded from: Dan Verton <Dan_Verton () computerworld com>
|
| Greene Writes:
|
| We're still at a loss to explain how eEye Digital Security, which
| discovered and publicized the .ida hole that Code Red and Code Red
| Junior exploit, has managed to escape questioning by the press for its
| part in the whole fiasco. Indeed, their role is tantamount to a
| pharmaceutical company unintentionally releasing a disease germ.
|
| I throw this out as an FYI... I raised the issue as far back as July
| 20 and when I was done I felt like a mailman who had just walked into
| a yard full of rabid dogs.
|
| Story is here and was one of the early ones.
| "Security experts question release of Code Red worm's exploit data"
| http://www.computerworld.com/storyba/0,4125,NAV47_STO62453,00.html
|
| Unfortunately, the commentators who comment on the commentators, don't
| always get it either. The truth, like politics, is local. Perceptions
| are reality and most perceptions differ greatly. Like the sys admin
| who had to spend 30 hours cleaning up his system in the aftermath of
| Code Red because he did'nt have the patch installed. But he was warned
| like the rest of them. Unfortunately, he probably thought it was all
| just more FUD. He, like hundreds of thousands of others, was wrong.
|
| Dan Verton



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

Current thread:

The Code Red hype Hall of Shame InfoSec News (Aug 10)
- <Possible follow-ups>
- Re: The Code Red hype Hall of Shame InfoSec News (Aug 11)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 11)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 13)
- FW: The Code Red hype Hall of Shame InfoSec News (Aug 13)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 13)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 14)
- Re: FW: The Code Red hype Hall of Shame InfoSec News (Aug 14)
- RE: The Code Red hype Hall of Shame InfoSec News (Aug 14)
- Re: FW: The Code Red hype Hall of Shame InfoSec News (Aug 14)