Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Posting to Incidents list, was: Re: Help with Nimda.E?

Re: Posting to Incidents list, was: Re: Help with Nimda.E?

From: Dan Ellis <ellisd_at_mitre.org>
Date: Thu, 01 Nov 2001 13:17:01 -0500

        This discussion is perfectly analogous to the debate on full disclosure
of vulnerabilities of any kind. Do you have any new arguments to
present one way or the other?

Cheers,
Dan

H C wrote:
[snip]
> My concern is that the Incidents list, in particular,
> is a public forum, and viewable by everyone. No
> background investigations are conducted, and no NDAs
> are signed. Such a forum makes for an excellent place
> for malicious individuals to troll for potential
> targets. After all, what are the keys that most folks
> hope for when they attack a target? Unpatched
> systems, clueless admins (no offense,
> Matt...really)...basically, easy targets. Maximum
> effect with the least effort and risk.
[snip]

---------------------------
Dan Ellis
MITRE Infosec Eng/Scientist
work (703) 883-5807
fax (703) 883-1397

Received on Nov 01 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos