MLUG: Mizzou Linux Users GroupHome | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact
MLUG: RE: [MLUG - DISCUSSION] IMPORTANToavoiioi (fwd)
RE: [MLUG - DISCUSSION] IMPORTANToavoiioi (fwd)
Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Point is, that venerability is not going to be held in confidence by
laws and rules because rule and law breakers break them by definition.
We are just fortunate to have good people interested in researching and
finding these things before other people do.

Shannon Spurling
WAN Engineer -Specialist

MOREnet, Network Services, Core Network
3212 LeMone Industrial Blvd.
Columbia, MO 65201

Main:(573) 884-7200   Fax:(573)884-6673

EMAIL:PROTECTED
EMAIL:PROTECTED


-----Original Message-----
From: EMAIL:PROTECTED
[mailto:EMAIL:PROTECTED] On Behalf Of Robb III,
George B.
Sent: Wednesday, November 19, 2003 3:03 PM
To: MLUG Off-Topic Discussion
Subject: Re: [MLUG - DISCUSSION] IMPORTANToavoiioi (fwd)

I highly doubt the DoD has any WMD databases on the net...   In their
opinion 
the only secure net is no net...  (thus the reason for two workstations
at 
each desk one on net one off net)


On Wednesday 19 November 2003 14:46, Spurling, Shannon wrote:
> Better than, friend of a friend tells a friend about the venerability
> who then gets drunk and tells an acquaintance who then writes a virus
> and takes control of the DOD nuclear missile network. :-)
> Thing is, it's going to be found and get out sooner or later. The
> trouble is, corporations would like to sit on it, and not have it
> released, but that's not going to work practicly.
>
> Shannon Spurling
> WAN Engineer -Specialist
>
> MOREnet, Network Services, Core Network
> 3212 LeMone Industrial Blvd.
> Columbia, MO 65201
>
> Main:(573) 884-7200   Fax:(573)884-6673
>
> EMAIL:PROTECTED
> EMAIL:PROTECTED
>
>
> -----Original Message-----
> From: EMAIL:PROTECTED
> [mailto:EMAIL:PROTECTED] On Behalf Of Mike Miller
> Sent: Wednesday, November 19, 2003 2:36 PM
> To: MLUG Off-Topic Discussion
> Subject: RE: [MLUG - DISCUSSION] IMPORTANToavoiioi (fwd)
>
> On Wed, 19 Nov 2003, Jerry Gamblin wrote:
> > This is usually how a vulnerability turns into a hack:
> >
> > 1. Security researcher Finds hole in product X
> > 2. Security researcher sends the maker of company X a letter
informing
>
> them of the whole
>
> > 3. Security researcher waits 2 week (industry standard) to give
>
> company X time to fix the problem.
>
> > 4. Security researcher sends email to BugTraq Etc, explaining the
bug
>
> and how it works.
>
> > 5. Someone usually produces Prof of Concept code and post it back to
>
> the list with in 48 hours.
>
> > 6. Someone else usually takes the POC code and turns it into a
>
> functioning virus\worm.
>
> > 7. Hackers then use the vulnerability that they had nothing to do in
>
> discovering against unsuspecting computer users.
>
>
> Assuming the above is correct, maybe step three is a poor standard.
If
> posting the code is indeed the *cause* of later attacks, as Jerry is
> suggesting, how is the posting on BugTraq supposed to help us?  The
same
> for the person who performs the 'service' in Step 5.  Is that meant to
> help us?
>
> It seems to me that people are eager to show off their computing
skills.
> They might also want to embarrass a big, powerful corporation.  They
are
> not helping us - they are harming us.  The corporation and the users
of
> the software should have a more time to get things repaired before the
> virus/worm is released on us.
>
> If the vulnerability is never posted, would we be worse off?
>
> Mike
> _______________________________________________
> discussion mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/discussion
>
>
> _______________________________________________
> discussion mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/discussion

_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion


_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion
Questions? Comments? Feel free to contact MLUG.
DMCA and other copyright information.