[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NSP-SEC

Subject: NSP-SEC
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Fri, 19 Mar 2010 10:19:26 -0400
In-reply-to: Your message of "Fri, 19 Mar 2010 04:43:18 BST." <[email protected]>
References: <[email protected]>

On Fri, 19 Mar 2010 04:43:18 BST, Guillaume FORTAINE said:

> First question : Why was I able to find this mail on the Internet if it 
> should be kept secret ?

Congratulations.  You found an example of a mailing list where applying a
standard disclaimer by default *does* make sense, which then got forwarded
*by a coordination team leader at a national CERT* to an appropriate forum
so that action could be taken, but failed to take the disclaimer off the
bottom of that posting.

Double bonus points for finding a posting that discussed something *really*
sensitive, like "we've seen bots connecting to...".  You *do* realize that
there's an estimated 140,000,000 bots on the net, right, and as a result,
some operation lists have *dozens* of "bots spotted connecting to" postings
*per day*.

And you wonder why you have a hard time being taken seriously.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100319/963a0a60/attachment.bin>

Follow-Ups:
- NSP-SEC
  - From: jwbensley at gmail.com (James Bensley)

References:
- NSP-SEC
  - From: gfortaine at live.com (Guillaume FORTAINE)

Prev by Date: NSP-SEC - should read Integrity
Next by Date: Using private APNIC range in US
Previous by thread: NSP-SEC
Next by thread: NSP-SEC
Index(es):
- Date
- Thread