[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200503141811.j2EIB87I015317@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Re: Know Your Enemy: Tracking Botnets
(ThorstenHolz)
On Mon, 14 Mar 2005 20:21:35 +0300, phased said:
>
> no they didnt, shit paper, nothing new, absolute crap just publicity bollocks
(I haven't actually read the paper in question yet, but still..)
Notice that often, a "nothing new" paper can still be important just due to
readability by an audience other than the technical geeks. For example, it's
been *years* since "Smashing the stack for fun and profit" made it all clear
for the bitheads among us - but would you give it to your upper management as
justification for a project? No, you'd need to find a white paper that had
"nothing new" in it, but which stated it in a way that the threat becomes clear
even to a manager. And writing something that's accessible by a *novice*
sysadmin that has maybe a year or two experience is an entirely different skill....
In fact, for some stuff like the FBI/SANS Top 20 we do every year, or the
Center for Internet Security benchmarks, if something is "new", it's almost
certainly out of scope - when I did a very early draft of what Hal Pomeranz
ended up making into the CIS Solaris benchmark, "Have I heard this point enough
times I want to gag" was one of the clearest indicators that something should
be in the guidelines...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050314/a3e49a01/attachment.bin
Powered by blists - more mailing lists