[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031216194246.GA20092@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: A funny (but real) story for XMAS
Chris,
CERT does not "suck" anymore than Microsoft "sucks" or Bush "sucks".
CERT is a resource, albeit not a timely one. Consider - Saddam is captured.
Who knows first? The people who actually capture him. Who knows next? The
people whom the first group tells. Who knows next? Probably Fox News (they
seem to have a jump on other networks) followed closely by CNN, UP, AP,
the networks, etc. When does the story show up in the newspaper? Two days
later (since the story broke after the Sunday paper went to press). Does
that mean that the newspaper "sucks"? No, it still is an excellent resource,
albeit not very timely. In the security community, time matters very much.
If I just finished writing the new latest and greatest exploit for Windows,
only I know about it. CERT has no clue, and won't have a clue until the
exploit gets share/used/distributed/observed/confirmed. By then, you and
your customers may be the unlucky recipients of the exploit's effects. CERT
may then present a terrific accurate writeup, but that does no good for the
people who are affected.
So what are the "best" resources? Number one is the hacker community. if
you are a hacker, and you write and share exploits, then you are in the
group that has the most clue. Next would be the hacker community's friends
and family (or whomever they share information with). Next is probably
communities like FD, where either hackers or hacker community F&F (or else
people who are affected by the exploits) hang out. Continue up the food chain
as illustrated and you will see that he people who *only* get their info
from CERT/CIAC/SANS/whatever are considered to have less clue because they
are that much more removed from the center of the action. The best resource
is to be one of the hackers^H^H^H^H^H^H^Hsecurity researchers =;^)
G
On or about 2003.12.16 05:03:58 +0000, Christopher Parker (cparker@...ber.fsf.org) said:
> > "Join www.osvdb.org to make a better non-corporated vulnerability database
> > since CERT sucks ! "
>
> CERT sucks? Humm... In my UNIX & Security college course, we're being
> told CERT is a great resource for security-related information. Can
> anybody else make a comment on this? Agree? Disagree?
>
> Thanks.
--
Gregory A. Gilliss, CISSP E-mail: greg@...liss.com
Computer Security WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
Powered by blists - more mailing lists