> One way to actually know what is going on is to get on the 'cracker' web
> sights, bbs's, IRC's
> and fix the problems before they are released in CERT.
>CERT is certainly not a single resource to be relied upon as it is often
>several months behind the mailing lists and only selectively issues
>advisories on problems. Still, that is not grounds for sending security
>conscious admins off on a wild goose chase. If you have been so successful
>in infiltrating the things you speak of and have found information that
>has not been available through reading relevant mailing lists, I suppose you
>have numerous unpublished exploits you are protecting your systems with?
I have not sent any admins on wild goose chases. It is just that alot of the
mailing lists you mentioned also seem to hide the information. I would wish
there was a list where the people would be pre-registered like with my firewall
vendor list or the way you have a secure mailing list through ISS. So that
there are only Sysadmins/security people on the list and free sharing of
security holes could be accomplished without worrying about a cracker sitting
on the list getting information. As for numerous unpublished exploits part...
I do not have any more then anyone else does but I was able to find out and
close one or two of the past security holes prior to a CERT announcement or
being mentioned on the lists. The point I was trying to make is that WE ARE PL
AYING CATCH-UP due to a lack of timely information.