[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NSP-SEC

Subject: NSP-SEC
From: hank at efes.iucc.ac.il (Hank Nussbacher)
Date: Sat, 20 Mar 2010 20:30:01 +0200 (IST)
In-reply-to: <1269006269.1220.135.camel@petrie>
References: <[email protected]> <20100319083143.553b0111@t61p> <1269006269.1220.135.camel@petrie>

On Fri, 19 Mar 2010, William Pitcock wrote:

> On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
>> An ongoing area of work is to build better closed,
>> trusted communities without leaks.
>
> Have you ever considered that public transparency might not be a bad
> thing?  This seems to be the plight of many security people, that they
> have to be 100% secretive in everything they do, which is total
> bullshit.
>
> Just saying.

How exactly would being transparent for the following help Internet 
security:

"I am seeing a new malware infection vector via port 91714 coming from the 
IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page
http://www.trythisoutnow.com/.  In addition, it has credit card and pswd 
stealing capabilities and sends the details to a maildrop at 
trythisoutnow at gmail.com"

The only upside of being transparent is alerting the miscreant to change 
the vector and maildrop.

Regards,
Hank

Follow-Ups:
- NSP-SEC
  - From: nenolod at systeminplace.net (William Pitcock)
- NSP-SEC
  - From: nanog at armorfirewall.com (George Imburgia)

References:
- NSP-SEC
  - From: gfortaine at live.com (Guillaume FORTAINE)
- NSP-SEC
  - From: jtk at cymru.com (John Kristoff)
- NSP-SEC
  - From: nenolod at systeminplace.net (William Pitcock)

Prev by Date: ISC DHCP server failover
Next by Date: NSP-SEC
Previous by thread: NSP-SEC
Next by thread: NSP-SEC
Index(es):
- Date
- Thread