lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b6ee9310810240112h1df54c1eq7ce74cf460768e7f@mail.gmail.com>
Date: Fri, 24 Oct 2008 09:12:36 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Time to patch Windows boxes with MS08-067

On Fri, Oct 24, 2008 at 8:41 AM, Juha-Matti Laurio
<juha-matti.laurio@...ti.fi> wrote:
> SANS ISC InfoCon meter is Yellow now
> http://isc.sans.org/infocon.html

- why tell the bad guys you're frightened about them.

- why frighten the good guys, and be frightened?

- why rate threats to the public domain? why not keep it to yourself,
it changes nothing apart from create a fear, and then all you have to
fear is fear its self, when nothing may actually happen to you.

i don't even think we should be rating vulnerabilities either, they
should all be one of the same, we shouldn't rate terrorism threats or
hacker threat vulnerabilities or security incidents.

is it not obvious to each individual how important something is, and
allow then to give it their own rate privately, and not have a rate of
fear that we should all adhere to.

there should be no public threat levels, keep them in side your
organisation, don't outward show fear or fright, because then you've
given in before you've even started.

keep threat levels private, don't rate anything, not even microsoft
patches on patch tuesday. all threats should be one of the same.

everyone. not just sans, stop rating everything, treat everything one
of the same thing. even if you have a threat level inside your
organisation, don't outward face it publically.

hackers, dont rate your vulnerabilities, vendors dont rate
vulnerabilities, everyone don't rate anything publically.

what do rates and threat levels do for us? would we be less off
without them, would anything change if everyone suddenly stopped
rating things publically?

the world would be a better place without rates and threat levels,
everything would be a lot calmer and laid back, there would be more
peace.

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ