[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NSP-SEC

On 03/20/2010 07:37 PM, William Pitcock wrote:
> On Sat, 2010-03-20 at 20:30 +0200, Hank Nussbacher wrote:
>    
>> On Fri, 19 Mar 2010, William Pitcock wrote:
>>
>>      
>>> On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
>>>        
>>>> An ongoing area of work is to build better closed,
>>>> trusted communities without leaks.
>>>>          
>>> Have you ever considered that public transparency might not be a bad
>>> thing?  This seems to be the plight of many security people, that they
>>> have to be 100% secretive in everything they do, which is total
>>> bullshit.
>>>
>>> Just saying.
>>>        
>> How exactly would being transparent for the following help Internet
>> security:
>>
>> "I am seeing a new malware infection vector via port 91714 coming from the
>> IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page
>> http://www.trythisoutnow.com/.  In addition, it has credit card and pswd
>> stealing capabilities and sends the details to a maildrop at
>> trythisoutnow at gmail.com"
>>
>> The only upside of being transparent is alerting the miscreant to change
>> the vector and maildrop.
>>      
> That is not what I mean and you know it.
>
> What I mean is: why can't anyone contribute valuable information to the
> security community?  It is next to impossible to meet so-called 'trusted
> people' if you're new to the game, which is counter-productive.
>
>    

I totally agree with William.

Best Regards,

Guillaume FORTAINE