lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Jan 2012 12:03:22 -0500
From: Benjamin Kreuter <ben.kreuter@...il.com>
To: Paul Schmehl <pschmehl_lists@...rr.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Rate Stratfor's Incident Response

On Fri, 13 Jan 2012 10:37:31 -0600
Paul Schmehl <pschmehl_lists@...rr.com> wrote:

> --On January 12, 2012 3:16:19 PM -0500 Benjamin Kreuter 
> <ben.kreuter@...il.com> wrote:
>
> > The law is not going to stop the really bad people
> > from attacking your system, nor is it going to stop them from
> > profiting from whatever access they gain; sending law enforcement
> > after someone who reports problems to you accomplishes little and
> > only discourages people who might try to help you.
> >
> 
> Assuming everyone's motives are as pure as the driven snow is a bit
> naive, don't you think?

Are there lingering doubts about the motives of someone who is
reporting a vulnerability to you?  They could have just profited from
their discovery and never bothered to tell you.  In any case, what have
you accomplished by sending the cops after *someone who is helping you*?

-- Ben

> -- 
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


-- 
Benjamin R Kreuter
UVA Computer Science
brk7bx@...ginia.edu

--

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists