Great Circle Associates Firewalls
(July 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: RE: RE[2]: CERT Advisories (was: Re: Dirty dogs)
From: Russ <Russ . Cooper @ RC . Toronto . on . ca>
Date: Tue, 16 Jul 1996 19:51:26 -0400
To: "'Brian Murrell'" <Brian_Murrell @ bctel . net>
Cc: "'firewalls @ GreatCircle . COM'" <firewalls @ GreatCircle . COM> 
Ok, we'll go through this one again. Please don't think I'm oblivious to
your concerns, I understand your point.

Let's assume that people would like CERT to notify everyone on their
mailing list about *serious* security holes that they are made aware of,
simultaneous to their notification of the vendor in question. Ok?

One result is that CERT now becomes the defacto group for determining
what you consider *serious*.

A second result is that CERT could possibly be held liable for not
notifying you of something they deem *not serious*. Since they get to
decide what's serious or not, and since their the ones with their butts
in a sling, they decide to just publish every breach or attempt their
notified of, regardless of whether or not its actually a hole. Now some
may consider this a good thing, but do you realize how much traffic this
is going to create, and how much hysteria it would generate? Talk about
your Denial of Service attack!!!

As for the "group of people" you were referring to, as I said before,
its impossible to separate them from every other legitimate email
address in the world. Let's imagine that I'm a Black Hat, I'm not, but
let's just imagine for a second. I work for a reputable company and I
have a responsible position, but at night, with my own equipment and
Internet connection, I like to MedDle iN thE mAdneSs... If I was any
good, who would know? Meanwhile, every day, faithfully, CERT would be
sending me the same advisories you are getting. As we all know all too
well, not everyone applies the patches or pays attention to advisories.
Sure, you might be fine now, but what of all the poor souls who only get
their Firewall logs read once a week by an overworked Admin? You're
happy and all those other people are out there screaming at CERT for
publishing the advisory.

Its a no-win situation for them, I believe.

I think its better for them to have a simple mandate, report all
reported information to the appropriate vendors as quickly as possible,
and then put the pressure on the vendors who do not promptly respond
(Microsoft, for example...;-])

Cheers,
Russ
...running MS Exchange Server 4.0 on NT 4.0, the future is here now.
>
Indexed By Date Previous: RE[2]: CERT Advisories (was: Re: Dirty dogs)
From: Brian Murrell <Brian_Murrell @ bctel . net>
Next: Re: ports 137 & 138
From: meowmyx @ morebbs . com
Indexed By Thread Previous: RE[2]: CERT Advisories (was: Re: Dirty dogs)
From: Brian Murrell <Brian_Murrell @ bctel . net>
Next: Re: CERT Advisories (was: Re: Dirty dogs)
From: Bill Husler <Bill @ Husler . xo . com>
Google
 
Search Internet Search www.greatcircle.com