lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 24 Oct 2008 10:51:38 -0400
From: Valdis.Kletnieks@...edu
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Time to patch Windows boxes with MS08-067

On Fri, 24 Oct 2008 09:12:36 BST, n3td3v said:

> - why tell the bad guys you're frightened about them.

Umm... perhaps because the bad guys already have frikking exploits and
sharks with laser beams on their heads, and are using this in the wild, so
it doesn't matter that we tell them?

> - why frighten the good guys, and be frightened?

Because *most* people with more than 3 neurons like to be *told* to watch
out because there's frikking sharks with laser beams on their heads.

> - why rate threats to the public domain? why not keep it to yourself,
> it changes nothing apart from create a fear, and then all you have to
> fear is fear its self, when nothing may actually happen to you.

Actually, it changes a *LOT*.  It doesn't create a fear, it also makes
people patch their systems and deploy anti-shark devices.

> i don't even think we should be rating vulnerabilities either, they
> should all be one of the same, we shouldn't rate terrorism threats or
> hacker threat vulnerabilities or security incidents.

There's a 20% possibility of light showers somewhere in Great Britain
this afternoon.

There's a massive thunderstorm cell headed your way, with a 95% chance that
your street will be hit with 2-inch-diameter hail in the next 15 minutes. Seek
shelter immediately.

For those who don't live in areas where hail happens, here's a good video:
http://digg.com/lbv.php?id=8500112&ord=1

You rate those the same in terms of threat level to you?

There's a shark with laser beams on its head somewhere near Glasgow,
and it might be hungry.

There's a shark with laser beams on its head behind your couch, and
it hasn't eaten in two weeks.

You rate those the same in terms of threat level to you?

> is it not obvious to each individual how important something is, and
> allow then to give it their own rate privately, and not have a rate of
> fear that we should all adhere to.

Remember that the average user/admin is almost as clueless about security
as you are, and needs everything spelled out for them.



Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ