lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CERTAnnouncement-28Jan04.1__21780.8664929636$1075308925@cert.org>
Date: Wed, 28 Jan 2004 08:48:15 -0500
From: CERT Advisory <cert-advisory@...t.org>
To: cert-advisory@...t.org
Subject: Changes to CERT Advisories [INFO#04.20510]


-----BEGIN PGP SIGNED MESSAGE-----

Dear Friends,

As many of you are aware, a few months ago the CERT Coordination Center
(CERT/CC) announced a new partnership with the Department of Homeland
Security's National Cyber Security Division (NCSD) to form a response
system for our nation and the Internet infrastructure. While this new
partnership, known as US-CERT, has been low key, we have been working
aggressively to upgrade our capabilities.

We are pleased to announce significant changes to CERT Advisories that
will not only maintain the accuracy and fairness that are the hallmarks of
CERT Advisories, but will also provide more information about more topics
than before. Beginning January 28, 2004, CERT Advisories will become a
core component of US-CERT's Technical Cyber Security Alerts. Significant
changes behind the scenes will allow us to provide additional content, in
a more timely fashion, to a larger audience.

US-CERT alerts will include not only the content historically produced by
CERT/CC staff, but will also integrate additional content contributed by
other organizations from both the public and private sectors. We will
maintain the same high quality control standards, edit content for
security and privacy, and work to ensure technical accuracy as well as
timeliness.

In addition, US-CERT is pleased to announce the availability of three new
products:

1. For non-technical professionals, small office and home office users,
   individuals, and others who prefer less technical descriptions of
   problems, we will be producing a non-technical version of Technical
   Cyber Security Alerts when appropriate. This version, known as a Cyber
   Security Alert, will allow us to provide more appropriate advice to
   both technical and non-technical readers.

2. Also for non-technical professionals, small office and home office
   users, individuals and others, US-CERT is pleased to announce Cyber
   Security Tips. Tips will be produced every other week and will be short
   documents that provide background and education, for home users and
   others, that can help prevent problems from occurring in the first
   place.

3. Finally, for technical professionals, we are pleased to announce Cyber
   Security Bulletins. Bulletins will be produced every other week and
   will summarize notable information from the past two weeks, including
   topics covered in Cyber Security Alerts and other sources.

If you are a subscriber to this list, you will automatically receive the
technical version of US-CERT alerts (the Technical Cyber Security Alert)
through this list. No action is necessary on your part. If you are not a
subscriber to the CERT Advisory mailing list and wish to receive these
alerts, you must subscribe to the new US-CERT mailing list.

If you are interested in receiving any of the other three document types,
you must subscribe to those mailing lists separately. Please visit
http://www.us-cert.gov/cas/index.html for further information.

We appreciate your continued support in securing the Internet and the
worldwide information infrastructure. We have included a set of
anticipated questions and their answers below.

- ----------------------------
Frequently Asked Questions about the convergence of CERT Advisories and
US-CERT alerts

Q: You mentioned "significant changes behind the scenes." What are you
   referring to?

A: Some of these changes include new laboratory and testing facilities,
   enhanced communications networks, and access to additional technical
   expertise. Most importantly, the new changes include the formation of
   strong partnerships with US-CERT across industry and government to take
   advantage of the tremendous wealth of information and expertise that
   exist. The original descriptions of CERT/CC, laid out more than 15
   years ago, our operating history, and the National Strategy to Secure
   Cyberspace envisioned just such partnerships.

Q: Why are you making these changes to CERT Advisories?

A: We have taken great care to be accurate, fair, and honest about the
   security risks you face, and we feel a tremendous professional
   obligation to bring you the best, most trustworthy advice we can to
   help you protect your systems. We believe that these changes are
   necessary to ensure that we can provide you with the best information
   possible to protect your systems against the evolving threats we face.

Q: Does this mean government is taking over the CERT/CC?

A: No. The CERT/CC has always received the vast majority of its funding
   from the US Government, and US-CERT alerts will continue to be produced
   using the same philosophies as we have in the past, but with more
   timely content from more sources and for more topics.

Q: Who will have access to the mailing lists?

A: The CERT Advisory mailing list will remain in the exclusive possession
   of Carnegie Mellon University, where the CERT/CC is located, and will
   not be disclosed to others. The new US-CERT mailing list will be
   similarly managed with strict security controls in place and will not
   be used for any purpose other than sending alerts and other messages,
   and list maintenance.

Q: Why are you continuing to operate both lists?

A: We are operating both lists for a period of time to preserve the
   privacy expectations of the subscribers to the CERT Advisory mailing
   list and to allow network administrators sufficient time to make
   appropriate adjustments to filters and redistribution engines.

Q: What content will be sent to the lists?

A: Each list will receive identical content through March 2004. During
   this time, subscribers to the CERT Advisory mailing list will receive
   US-CERT Technical Cyber Security Alerts from
   cert-advisory@...t.org. After that, these mailings will be received
   from us-cert.gov.

Q: What will happen to the CERT Advisory mailing list?

A: No new subscriptions will be accepted after January 28, 2004, and the
   list will eventually be discontinued. We will run both lists for a
   period of time, but operating both lists over the long term creates
   confusion and management complexity. Subscribers to the CERT Advisory
   mailing list will be advised well in advance of the termination date
   for that list.

Q: How will US-CERT alerts be signed?

A: They will be signed with the US-CERT key, available online at
   http://www.us-cert.gov/pgp/encryptmail.html.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQCVAwUBQBexv5Z2NNT/dVAVAQHPXwP+JevZyKrvbMaTR1NeJU275cpFe/00UI/i
IYiaZn+E89TfjvRh3wD3UADtFJp5ecZshASQKjmKkKkl6RO3BEoUDUukgCsf1MnJ
Et4Xch6uU2Jv6GIMefI5rcJq3MQBe1A1GUBS2WkiWE3q5X64nVgbFyqklIe0EjJ7
oEEXhQBSBMQ=
=bdgP
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ