lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d8d979980810240518nfcabcf3y2a2322f0ddaf72af@mail.gmail.com>
Date: Fri, 24 Oct 2008 08:18:46 -0400
From: "Erik Harrison" <eharrison@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Time to patch Windows boxes with MS08-067

n3td3v, shut the hell up. this isnt some esoteric discussion about the
virtues of disclosure and good vs evil empowered by fear. patch your
shitty 3 box home network, stay the hell out of the way and dont be
part of the problem.

once you have *real world* experience, you'll answer a lot of these
questions yourself. until then, please keep your poorly thought out
comments and questions to yourself. better yet, today while you're in
class, bring them up to the teacher and discuss with the rest of the
devry hopefuls you associate with.

nobody wants to hear your shit today.

On Fri, Oct 24, 2008 at 4:12 AM, n3td3v <xploitable@...il.com> wrote:
> On Fri, Oct 24, 2008 at 8:41 AM, Juha-Matti Laurio
> <juha-matti.laurio@...ti.fi> wrote:
>> SANS ISC InfoCon meter is Yellow now
>> http://isc.sans.org/infocon.html
>
> - why tell the bad guys you're frightened about them.
>
> - why frighten the good guys, and be frightened?
>
> - why rate threats to the public domain? why not keep it to yourself,
> it changes nothing apart from create a fear, and then all you have to
> fear is fear its self, when nothing may actually happen to you.
>
> i don't even think we should be rating vulnerabilities either, they
> should all be one of the same, we shouldn't rate terrorism threats or
> hacker threat vulnerabilities or security incidents.
>
> is it not obvious to each individual how important something is, and
> allow then to give it their own rate privately, and not have a rate of
> fear that we should all adhere to.
>
> there should be no public threat levels, keep them in side your
> organisation, don't outward show fear or fright, because then you've
> given in before you've even started.
>
> keep threat levels private, don't rate anything, not even microsoft
> patches on patch tuesday. all threats should be one of the same.
>
> everyone. not just sans, stop rating everything, treat everything one
> of the same thing. even if you have a threat level inside your
> organisation, don't outward face it publically.
>
> hackers, dont rate your vulnerabilities, vendors dont rate
> vulnerabilities, everyone don't rate anything publically.
>
> what do rates and threat levels do for us? would we be less off
> without them, would anything change if everyone suddenly stopped
> rating things publically?
>
> the world would be a better place without rates and threat levels,
> everything would be a lot calmer and laid back, there would be more
> peace.
>
> n3td3v
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ