[ale] security process question

[jonathan at xcorps.net (Jonathan Rickman)]

On 25 Sep 2002, James P. Kinney III wrote:

> As you all know, I was hit by a new worm variant 2 days ago. I am trying
> to find appropriate people to send the source code to for analysis/law
> enforcement/etc.
>
> I am getting no where. If people have success with this process and can
> contact me about procedures and contacts that are interested, please
> share them. I posted a note to incidents at securityfocus.com. I have been
> deluged with requests for the source (and binaries and ...) so much so
> that I am VERY unsure of proceeding with fulfilling these requests.

I wouldn't be worried about sharing the information. Free flow of
information is what keeps us all safe. The source and binaries are already
being distributed around the net by the worm itself, so there's no harm in
saving someone the trouble of setting up a honeypot to catch it and
sharing it with them. Other posters are correct. Don't expect much help
from the authorities. The main reason for notifying the FBI, GBI, CERT,
SANS, incidents list, etc is to help generate statistics and track the
progression of the worm and it's variants. As it turns out, this was a
known variant...but it is possible that you could be the first to
discover a new variant. Getting that information into the public domain
is critical under such circumstances as it helps to alert others to the
new threat.

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.