Home page logo

fulldisclosure logo Full Disclosure mailing list archives

[Full-Disclosure] RE: Full-disclosure digest, Vol 1 #433 - 4 msgs
From: "Steve W. Manzuik" <steve () entrenchtech com>
Date: Sat, 7 Dec 2002 00:33:05 +0900

You seem to have missed the diagram for your proposed 
solution. Without it your post appears like just another 
rant, which surely it can't possibly be?

I took the Sockz post as a rant but as a rant that made some good points
and asked some good questions.

You make some sweeping statements, like a sys admin can only 
patch one system. I myself patch more than one system on a 
regular basis. Your statement is now null and void, since 
I've given a counter-example. Sorry about that.

You sir, are in the minority.  I have around 12 years of IT and IT
security experience and I can speak for the fact that most admins do not
patch boxes.  Not out of ignorance but out of time and resource
limitations.  Perhaps the next 10 years of my life will teach me better
but I doubt it.

I have yet, as a security consultant, do a "pen-test" that has been
unsuccessful.  What does that tell you about the state of IT today?  It
says nothing about my skills, there are far better men than me around
but it speaks volumes about the state of the industry and the so called
value in a pen-test.  Shit, instead of buying a pen-test why not
purchase this lovely bridge I have at eBay on sale.

From what I can gather you are proposing a block on the kinds 
of information that can be made public, which is on the face 
of it an excellent idea. 

I personally DON'T think that blocking the information is the answer.
Controlling it a bit better is.  But as I said in my reply to Sockz --
there is no practical way to do this so for the time being we are stuck
with what we have.

However, we live in the real world 
(or at least most of us do), where we have little control 
over what the citizens of other countries do. 

Good point.  That is what I was trying to get across.  The Sockz
solution is assuming that all people are ethical and good.  Maybe I am
cynical but I don't believe this.

country, unless you can create some kind of International law 
to prevent this. However, this law would override the 
constitutional powers of most countries so is unlikely to be 
passed. That is to say, neither the EU or the USA would 
accept any wide-ranging restrictions on the freedom of 

Ummm, actually if you take a look at some of the pending legislation in
the USA, Canada, Japan, Australia and the EU this is exactly what is
going to happen.  I myself think that this is unfortunate.  In a perfect
world the internet would police itself -- but as you said that is
relying on everyone to act in ethical good faith. 

case of the "Washington sniper" saw more journalists involved 
in the case than police, and they came very close to wrecking 
the investigation. In that case, should the journalists have 
been restricted in their reporting, and if so, how?

Of course they should have in this case.  They almost fucked up (for
lack of a better Jack Daniels induced phrase) an important
investigation.  I have a short list of journalists who I consider real
journalists.  I don't need to name them here but they are the voices of
reason in the world today.  Half the so called "journalists" involved in
the sniper case wanted nothing more than the "latest scoop" to get their
asses on TV and gain more publicity.  It is unfortunate but journalism
today has turned into nothing more than media whoring.  We are lucky to
have the few (minority) true journalists that we have today.  Hmmmm,
this sounds a lot like the security industry............

I am in complete favor of the police randomly shooting journalists that
ask stupid questions.  In fact, we should put it on pay per view.  I
know my journalist friends would never get shot.  :-)

Connecting anything to the Internet is a risky business. Like 
all things in life, it has its benefits and pitfalls.

Of course, just in this case there happens to be a few of us who want to
make the pitfalls a bit smaller.  And while you understand the risks
many others do not.  This is the problem.  Unfortunately, the problem
feeds itself in creating the snake oil we see today.

Not sure if this makes sense, nor do I care.............whiskey in the
jar oh oh oh.......  :-)

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • [Full-Disclosure] RE: Full-disclosure digest, Vol 1 #433 - 4 msgs Steve W. Manzuik (Dec 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]