lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 23 Oct 2008 21:34:26 -0400
From: Valdis.Kletnieks@...edu
To: full-disclosure@...ts.grok.org.uk
Subject: Re: DHS / US-CERT do we need them want them?

On Fri, 24 Oct 2008 00:01:23 BST, n3td3v said:
> are done. And in times of need, force people to work with each other
> even if they don't really want to. Maybe the forcing people to
> collaborate is a good thing at critical times, but you don't need a
> whole US-CERT for that, it just takes a couple of independant folks to
> do that, out there in the community when it becomes apparent when
> action with multi-vendors, governments is required.

You *do* in fact need "a whole US-CERT" to force people to collaborate. There's
a *very* short list of "a couple of independent folks" who can get things to
happen just on their own personal credibility - and they're usually already
totally overcommitted during these sorts of crises.

How many machines got patched for Dan Kaminsky's DNS issue because US-CERT said
"Patch it or else"? And then how many machines got patched because Paul Vixie
said "You really need to patch it"?

And there's always the issue that if it's just some random people, they
might all be off on vacation when things hit the fan - if it's an organized
agency, there's somebody to make sure that there's adequate coverage all
the time.  Yes, somebody needs to work the week between Christmas and
New Year's - and that implies a boss who will make sure that happens.

> white hats if another white hat doesn't agree with something. But
> people like valdis will still call me names, but he is probably a
> republican, so who cares.

You obviously haven't been paying attention.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ