[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040913043113.46947.qmail@web53402.mail.yahoo.com>
From: vxdude2003 at yahoo.com (VX Dude)
Subject: win2kup2date.exe ?
Personally I think this thread is starting to get off
topic. But I'd like to address a topic that got
brushed aside by this penis contest.
Viruses/Malware/Rogue Code on Full-Disclosure
I know this gets addressed every 2 months (you can
calibrate your NTP server by it). But it's an issue
that should have some actual discussion on, and not
just waved off with a few remarks.
Since most of the people reading this knows what
Full-disclosure is, I wont pretend that you don't.
How many times have we (the admins, the incident
responce guys, and the help desk techs) had to respond
to a virus outbreak without any help from antivirus
companies? Even when we pay them thousands of dollars
in support contracts, the best information we get is
"the diffinitions will be posted at so and so time".
Wouldn't it be nice for once if one admin see's
malware, and alerts everyone else? So we know what
subject line and attachments to block? Isn't this the
spirit of FD?
The "only trust the established antivirus
corporations" line of thinking is (to me) just like
saying "only vendors should release information about
bugs". Am I alone in this thinking?
Shouldn't it become a standard FD practice to send the
list a copy of new malware that the "AV professionals"
haven't told us about? How much of your security
budget could be saved if you weren't in the blind
about the viruses already hitting your networks.
Could FD style virus information be of help for those
first critical hours?
I have a sad feeling that I am alone about this. If I
am, then I really pity you guys.
Stinny FranCisco, CISSP
Internet Sniper
eDefense Inc.
--- Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
> Bugtraq Security Systems wrote:
>
> > Nick,
> > You're a moron, and a fake moron at that. ...
>
> Lessee -- "fake" means "not".
>
> So, in case it is not already obvious to you, your
> statement thus
> reduces to an outright contradiction.
>
> What a surprise.
>
> NOT!
>
> I wonder who is the real moron here then?
>
> > ... If you had the clue god gave the
> > average scriptkiddie, ...
>
> Fortunately, I have much more than that, as you have
> already, so
> adroitly, proved.
>
> Go crawl back under your rock...
>
> > ... you'd kill yourself in shame at your own
> postings.
>
> Following your example, perhaps?
>
> > Cheers,
> > BUGTRAQ Security Systems
> > "If Nick FitzGerald had a brain cell for every bug
> we tracked, ...
>
> Again, I am rather fortunate to weigh in
> considerably on the upside of
> that equation...
>
> > ... he'd be
> > smart and not an arrogant no-nothing like he is
> now."
>
> ...so I should be considerbaly "smart" and
> considerably "not an
> arrogant no-nothing" [sic], yet you then turn around
> and contradict
> yourself again.
>
> Fool -- if you're going to call folk names, at least
> decide what those
> names will be before hitting send on a screw-up of a
> message such as
> your last attempt...
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html
>
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
Powered by blists - more mailing lists