lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSO.4.50.0301310958350.8616-100000@ausmac.net>
From: gbayley at ausmac.net (Grant Bayley)
Subject: CERT, Full Disclosure, and Security By Obscurity

On Thu, 30 Jan 2003, Jason Coombs wrote:

> Unfortunately, CERT still holds the information security pole position in
> the minds of reporters around the world. Call major newspapers and other
> media outlets in the U.S. about vulnerabilities, exploits, or incidents and
> often times the technical news desk will ask "What does CERT have to say
> about this?"

The same roughly holds true in Australia for the mainstream media with
regards to AusCERT.

AusCERT even have the Government's Special Security Party Hat (TM).

Here's a pretty laughable example:

http://www.auscert.org.au/render.html?it=2716&cid=1
"AU-2003.002 -- AusCERT Update - "Slammer" Worm
Causing Wide Spread DDoS Effect"

This one is freely available.

So, having whet the appetite of a visitor looking at
their site, they're presented with a further taste of
undisputable 0day:

"AU-2003.001 -- AusCERT Update - Information Leakage from Padding of
Undersized Ethernet Frames - (10/1/2003)"
(http://www.auscert.org.au/render.html?it=2672&cid=1)

Bzzt.  Not elite enough.

Access Denied
------------------------------------------------------------------------
This information is only accessible to authorised AusCERT members.
If you wish to access this document.	Please Login.

It's just lucky the information was already out there.

We have our own self-appointed ivory tower here in Australia.

It is called AusCERT.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ