Security Incidents mailing list archives
RE: Posting to Incidents list, was: Re: Help with Nimda.E?
From: "Steve" <steve () securesolutions org>
Date: Thu, 1 Nov 2001 20:06:52 -0700
I agree with this assessment. Sometimes I get a good laugh over the posts that say things like; "my server at <insert IP address here> is vulnerable to <insert exploit of the week here>, and I don't know what to do. Anyone can read these posts, they are archived not only on SecurityFocus but on a half dozen other sites as well. I really don't think this has to do with full disclosure, trust me, I am probably one of the biggest full disclosure flag wavers around these days but more to do with common sense. I have posted an incident (not my own but a clients) to this list in the past, with a hushmail account from my home PC dialed up to a free net provider and did not sign the post. The information we all share on this list is very, very valuable, but because it is an open forum you need to be cautious as to what identifying information you leave behind. And don't take this as me saying that we need a closed forum, I am convinced that closed forums do not work.
-----Original Message----- From: cambria () owt com [mailto:cambria () owt com] Sent: Thursday, November 01, 2001 2:29 PM To: Dan Ellis; incidents () securityfocus com Cc: H C Subject: Re: Posting to Incidents list, was: Re: Help with Nimda.E? The way I interpreted HC's post, he was not referring to the perennial full-disclosure debate. He was pointing out the risks of disclosing one's *own* potential vulnerabilities in a public forum. I think it's a valid point and one that inexperienced people may not fully consider before posting. You certainly do not want to post a message to this forum from the affected system saying "I just discovered that my port 5678 gives a root shell to anyone - what should I do". For this reason many people post from email accounts that cannot easily be correlated to the system they are discussing. Also, logs showing actual IP addresses are often "sanitized". That is, the actual IP address of the potentially vulnerable system is replaced with something like "x.x.x.x". I think HC's message was a call for good judgment on the part of those who post here - a sensible recommendation that one not expose exploitable details of one's own system to a potentially malicious audience. Best regards, Greg McCann
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Help with Nimda.E? Zlatko Ignjatovic (Nov 01)
- Posting to Incidents list, was: Re: Help with Nimda.E? H C (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? Dan Ellis (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? cambria (Nov 01)
- RE: Posting to Incidents list, was: Re: Help with Nimda.E? Steve (Nov 01)
- Re: Posting to Incidents list, was: Re: Help with Nimda.E? Dan Ellis (Nov 01)
- Posting to Incidents list, was: Re: Help with Nimda.E? H C (Nov 01)
- <Possible follow-ups>
- FW: Help with Nimda.E? Matt Beck (Nov 01)