[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F108E18.3040806@oneechan.org>
Date: Fri, 13 Jan 2012 14:03:36 -0600
From: Laurelai <laurelai@...echan.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Rate Stratfor's Incident Response
On 1/13/12 1:24 PM, Paul Schmehl wrote:
> --On January 13, 2012 12:03:22 PM -0500 Benjamin Kreuter
> <ben.kreuter@...il.com> wrote:
>
>> On Fri, 13 Jan 2012 10:37:31 -0600
>> Paul Schmehl<pschmehl_lists@...rr.com> wrote:
>>
>>> --On January 12, 2012 3:16:19 PM -0500 Benjamin Kreuter
>>> <ben.kreuter@...il.com> wrote:
>>>
>>>> The law is not going to stop the really bad people
>>>> from attacking your system, nor is it going to stop them from
>>>> profiting from whatever access they gain; sending law enforcement
>>>> after someone who reports problems to you accomplishes little and
>>>> only discourages people who might try to help you.
>>>>
>>> Assuming everyone's motives are as pure as the driven snow is a bit
>>> naive, don't you think?
>> Are there lingering doubts about the motives of someone who is
>> reporting a vulnerability to you? They could have just profited from
>> their discovery and never bothered to tell you. In any case, what have
>> you accomplished by sending the cops after *someone who is helping you*?
>>
> Unless you're a complete fool, yes. You say you're helping me, but you
> broke in to my server. How do I know you didn't help yourself to a
> permanent back door?
>
> Again, it's naive to think that most people are motivated purely by a
> desire to help others, especially when they are actively intruding into
> other people's assets.
>
> YOU might say thank you, but I'll be taking the server offline, grabbing
> forensic images and rebuilding it long before I get around to saying thank
> you.
>
Well just remember they could have *not* told you and helped themselves
to a backdoor. If they wanted to door you they probably wouldn't have
told you.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists