Subject: Re: perry's gripe about CERT
Date: Mon, 25 Oct 93 08:29:57 -0400
Corporate espionage would come down to a race condition.
CERT sends out a warning.
Sysadmin at a site in NYC gets the warning at 8:00am EST.
He gets the specifics, and then turns around and breaks
into his competitors site on the west coast before they've
even had breakfast.
While I would love to know security problems out of both need and
curiosity, I'm glad the information is not readily accessible.
This is where this argument falls down. You have to assume that
anyone who is actively involved in breaking into systems already
has this information. You will not be telling those people
CERT sits on this information until the vendor, who's systems are
being compromised, has a fix for all their customers. So ...
How long have the crackers had this information?
How much more damage have they done while we waited for the
vendor to make the fix?
CERT do a good job under difficult conditions.
I am just sure there are a whole host of crackers out there who
are falling over themselves laughing at us. Laughing because we
are hiding information from each other, that they have had for
ages. And the longer we hide it the longer they have to attack
Craig Bishop Information Systems Division
Email: csb @
au Geelong & District Water Board
Phone: +61 52 262506 61-67 Ryrie St Geelong
Fax: +61 52 218236 Victoria 3220 Australia