| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Oct 2007 13:20:40 -0400
From: Valdis.Kletnieks@...edu
To: worried security <worriedsecurity@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DHS need to get on top of this right now
On Wed, 24 Oct 2007 17:32:04 BST, worried security said:
> The DHS need to ban ISP's from talking about infrastructure security in
> public places. it should be classified information don't you all think?
Please note a few things:
1) The level of detail actually discussed on NANOG comes nowhere *close*
to giving "the bad guys" anything *useful*.
2) Somebody at GMU already did a grad-school thesis about this subject,
at a level of detail that *was* worrysome for many. The fact that with
that amount of hints, you should be able to Google up the student's name
and the date of the thesis, should tell you something about barn doors.
3) If in fact you classified the information, then you'd hit a *very* big
snag - you then need to treat it as classified information, with all the
attendant details. Background checks for all of your NOC staff *over and
above* what you already do, you can't give the information to your customers,
and so on.
Though it *does* keep the phone from ringing off the hook if you can't
tell your customers your NOC phone number because it's classified....
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists