[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Marcus1091742374$1$22@duck.wafel.com>
Date: Thu, 5 Aug 2004 17:48:50 -0400 (EDT)
From: Ferguson@...sys.com, Ann <annfer@...k.wafel.com>
To: FULL-DISCLOSURE@...sys.com, VULNWATCH@...NWATCH.ORG,
BUGTRAQ@...urityfocus.com, hellnbak@...c.org
Subject: Re: MS04-025 - Ignorance is truly bliss....
On Thursday, 5 August 2004, hellNbak wrote:
> The paper slowly went sideways and turned into a large rant low on
> technical information but relevant about MS04-025, CERT, and other
> random things [...]
Despite of what you would like to think, your rants are not relevant in any
way. I do not say this because I want to insult you - heck, I happen to
respect you - but simply because that's the way it is.
The Internet is no longer a world of hippie hacker idealists, but quite simply
a global market. Because of lack of centralized authority overseeing it
(wasn't that what you fought for?), it is a wild style economy, often driven
by shoddy practices and cutting corners where customers won't notice, or
marketing on the verge of deceit. This is how we do big business - honesty,
altruism, and respect for ideals were never its strong sides, unless you
could get a tax break doing those.
But then, were the Internet and IT security still merely a hobby of a bunch
of enthusiasts, you wouldn't be getting your paycheck, would you? You
benefit from these changes, with all their side effects. You tell your
customers to buy products, not to distrust the system, to uncloak treasons,
or banish false prophets. You tell them what they want to hear, then cash
the check so that you can afford to write rants about how the world should
be. The problem with socialist utopias where all do their jobs best, and get
exactly what they deserve, is that they all seem to fail quite miserably
(how odd). Unjust exploitation, trickery to claim undeserved credibility or
recognition, commercialization of everything you can capitalize on - that's
what makes a country (or an industry) great.
What do you hope to achieve, or how do you believe your opinion is being
relevant or novel, if you come to this audience, and state that CERT is no
longer credible, and is a bunch of crooks who live off selling advance
vulnerability warnings? Or that Microsoft is not exactly particularly devoted
to improving security of their products and protecting their customers?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists