mailing list archives
Re: Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994
From: pwh () bradley bradley edu (Pete Hartman)
Date: Mon, 28 Nov 94 18:56:06 -0600
My key concern is that people on the net, and on these lists in
particular, spout opinion as proven fact.
And just exactly WHERE is it that your opinion has become proven fact
as opposed to the rest of us poor sods? You don't sound like you're
including yourself in this sweeping criticism.
This perpetuates folklore,
just as knocking on wood or avoiding black cats. We have no general
evidence to prove in any real way that full disclosre helps/hurts more
people than it hurts/helps. We have no evidence that full disclosure
hastens/delays release of a fix. And we have no evidence that the
majority of "black hats" know and use all of these flaws before they
are publicly announced (although there is some partial evidence to the
What evidence? Seems to me that the contrary evidence is that that is
contrary to your stance.
8lgm published scripts about rdist and /bin/mail and suddenly vendors
were scrambling to patch them, despite the fact that these utilities
have been around almost as long as BSD itself, and should have been
So what evidence do you have that there are bugs that have been fixed
that weren't widely distributed first?
If we are going to improve the way we handle security, we have to
start by examining what we really know and not what we have
When many local experiences are pooled, and all appear to be similar, doesn't
that seem to indicate a trend? Something statistically more significant than
my own personal anecdote?
The pooling of experiences seems to indicate to me that knowledge is
power, and if you deny those who NEED the power sufficient knowledge,
they will be incapable of protecting themselves effectively from those
who DO have the power.
Whether there's an organized "black hat" network or not is irrelevant.
One black hat telling another is more organized than we white hats can
be if we're treated like goddamn mushrooms.
Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Casper Dik (Nov 29)
STOP! Aleph One (Nov 29)
Re: Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Pete Hartman (Nov 29)
Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Gene Spafford (Nov 29)
Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 RAS () CACDVAX CACD ROCKWELL COM (Nov 29)