lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9744.65.88.218.154.1191894069.squirrel@slashmail.org>
Date: Mon, 8 Oct 2007 21:41:09 -0400 (EDT)
From: "Steven Adair" <steven@...urityzone.org>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: If internet goes down out of hours,
 we're screwed

I think you guys are both mixing up CERT (cert.org) and US-CERT
(us-cert.gov) -- both of which have very different functions.  As
mentioned though, you probably wouldn't want to call either if your
Internet goes down.

Steven

> On Mon, 08 Oct 2007 19:55:59 BST, worried security said:
>
>> If you internet goes down out of business hours
>> , don't expect anyone to answer you from CERT.
>
> Actually, if "your internet" goes down, you should probably be calling
> your ISP, not US-CERT.  The vast majority of "down" conditions are
> networking
> issues, not security issues.   And if you're being DDoS'ed, you're *still*
> going to need to deal with your ISP because some NOC monkey is going to
> need
> to do the mitigation, and the CERT guys aren't going to be able to do
> anything
> for you with that anyhow.
>
>> Email:     <mailto:cert@...t.org> (monitored during business hours)
>
> Which is as it should be - if you look at the things that are actually
> within
> their purview, it's reasonable to expect it to *not* be a 24/7 mailbox.
> There
> are *other* venues that deal with the sort of things that happen at 2:30AM
> and
> can't wait until 8AM for resolution, and they *are* monitored 24/7.  The
> mere
> fact that you haven't been invited to participate in those venues doesn't
> mean
> they don't exist.
>
> Besides which you overlooked the most obvious point of all:
>
> If your internet is down, you can't e-mail to anybody anyhow.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ