Home page logo

nanog logo nanog mailing list archives

Re: Did Sean Gorman's maps show the cascading vulnerability in Ohio?
From: "Mr. James W. Laferriere" <babydr () baby-dragons com>
Date: Mon, 18 Aug 2003 09:25:29 -0400 (EDT)

        Hello Scott ,

On Mon, 18 Aug 2003, Scott McGrath wrote:
A measured response is needed.  Obviosly we do not want the
vulnerabilities disclosed to bored teenagers looking for "excitement".
We need controlled access to this data so that those of us who need the
data to fix vulnerabilities can gain access to it but access is denied to
people without a legitimate need for the data.
        And my statement would be ,  And who is that authority ?
        The government ?  The Utilities ?  The ... ?

The "Dig Safe" program might be a good model for controlling access to
Sean's work.   This would not preclude further scholarship on Sean's work
but it would keep the data out of the hands of the 31337 crowd.
        Huh ?,  Try this on for size ,  "Hello ,  I am joe's contracting
        service & I have a building permit(I do) and I need to dig at ..."
        If I remeber correctly the "Dig Safe" program will give me the
        info without so much as a check on the permit or my company name .

        But ,  Something (may) need to be put in place .  I for one am not
        a great fan of any group of "X" that has a vested interest in
        keeping the information out of the public hands as being the ones
        to administer or setup or even give suggestions to a body who'd be
        involved in setting up such a commitee/org./...

        I'd really like to see a "Public" forum be used to take
        suggestions from the PUBLIC (ie: you & I & that neighbor you hate
        so well) for the guide lines as to who &/or when such info s/b
        released .  Not the Gov. or the Util Alone .

On Sun, 17 Aug 2003, Sean Donelan wrote:
So, the US Government wants to classify Sean Gorman's student project.
The question is did Mr. Gorman's maps divulge the vulnerability in the
East Coast power grid that resulted in the blackouts this week?
Would it be better to know about these vulnerabilities, and do something
about them; or is it better to keep them secret until they fail in a
catastrophic way?
                Twyl ,  JimL
       | James   W.   Laferriere | System    Techniques | Give me VMS     |
       | Network        Engineer |     P.O. Box 854     |  Give me Linux  |
       | babydr () baby-dragons com | Coudersport PA 16915 |   only  on  AXP |

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]