Text 6066, 287 rader
Skriven 2005-07-15 08:42:08 av Rich (1:379/45)
Kommentar till text 6064 av Geo (1:379/45)
Ärende: Re: eeye's irresponsible self-serving behavior
======================================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_0076_01C58919.163532A0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Such bullshit. It's not just that you are paranoid, you are being =
silly. Please post the detailed instructions for anyone to break into = your
home and kill your wife and family. You shouldn't keep this = information
exclusive to you. Others may find this useful to protect = themselves. If it
puts your family at risk, so what. "Information" = like this should be free
for all.
As for the eeye press release to which you refer, it sure does =
provide detailed instructions. It may be that you don't recognize the =
terminology but it is there, specific, and detailed.
Rich
"Geo" <georger@nls.net> wrote in message news:42d7d349$1@w3.nls.net...
Most of the security companies are privately owned so immune to =
Sarbanes-Oxley but I don't see what that has to do with the value of =
knowledge about security exploits.=20
By making exploit details public knowledge, the information anarchy =
club can't keep new competition from starting up, they can't use the =
discoveries made by others as if it were their property. Anyone who = wants the
information can get it free of charge. At best the IA club can = only offer to
aggregate and rate the exploit information as a service to = their customers.
It takes the exclusiveness out of the IA club. You don't realize it =
but this but there were open databases of exploit information that = everyone
had contributed to, these used to be a great resource but the = IA club managed
to get all the details removed from them, details that = folks like me and
others had contributed so that we could easily find = critical information
about software we were evaluating. That technical = information is now the
private stock of the IA club. That action pissed = off eeye and lots of others
so now many places post the details on their = own websites.
And contrary to Rich, eeye does not give step by step instructions, =
see http://www.eeye.com/html/research/advisories/AD20050208.html and = tell me
how easily you could take that information and cook up a working = exploit.
Geo.
"Randy" <dev@null.org> wrote in message news:42d72baa@w3.nls.net...
Why do you think Sarbanes-Oxley was passed?=20
"Geo" <georger@nls.net> wrote in message =
news:42d70ed8@w3.nls.net...
the guys at eeye believe making exploits public knowledge lowers =
the value thus the cost that security companies can charge customers for = that
knowledge.
Geo.
"Rich" <@> wrote in message news:42d6d8ee$1@w3.nls.net...
No. I consider this irresponsible. For all we know folks =
at eeye do too but greed trumps responsibility.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d6befe@w3.nls.net...
So you consider this responsible behavior?
Geo.
"Rich" <@> wrote in message news:42d6a0c1$1@w3.nls.net...
Where do you get this taboo nonsense? Look at =
http://www.eeye.com/html/research/advisories/AD20040615A.html and =
http://www.eeye.com/html/research/advisories/AD20040615B.html. These = are
among the simplest but by far not the only. eeye appears to try to = provide
instructions to exploit in all of these. If you are going to be = in denial
about this behavior of theirs then no wonder you are in denial = about the
damage they cause.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d696e9$1@w3.nls.net...
But instead he want's evidence that the exploits eeye has =
discovered over
the past year or so are dangerous, and since exploit code =
is now taboo that
becomes quite difficult to prove doesn't it?
Geo.
------=_NextPart_000_0076_01C58919.163532A0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> Such bullshit. It's =
not just=20
that you are paranoid, you are being silly. Please post the = detailed=20
instructions for anyone to break into your home and kill your wife and=20
family. You shouldn't keep this information exclusive to = you.
Others=20
may find this useful to protect themselves. If it puts your family =
at=20
risk, so what. "Information" like this should be free for=20
all.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> As for the eeye press =
release to which=20
you refer, it sure does provide detailed instructions. It may be = that
you=20
don't recognize the terminology but it is there, specific, and=20
detailed.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:42d7d349$1@w3.nls.net">news:42d7d349$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2>Most of the security companies are =
privately=20
owned so immune to Sarbanes-Oxley but I don't see what that has =
to do=20
with the value of knowledge about security exploits. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>By making exploit details public =
knowledge, the=20
information anarchy club can't keep new competition from starting =
up,=20
they can't use the discoveries made by others as if it were their =
property.=20
Anyone who wants the information can get it free of charge. At best =
the IA=20
club can only offer to aggregate and rate the exploit information as a =
service=20
to their customers.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>It takes the exclusiveness out of the =
IA club.=20
You don't realize it but this but there were open databases of exploit =
information that everyone had contributed to, these used to be a great =
resource but the IA club managed to get all the details removed from =
them,=20
details that folks like me and others had contributed so that we could =
easily=20
find critical information about software we were evaluating. That =
technical=20
information is now the private stock of the IA club. That action =
pissed off=20
eeye and lots of others so now many places post the details on their =
own=20
websites.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>And contrary to Rich, eeye does not =
give step by=20
step instructions, see <A=20
=
href=3D"http://www.eeye.com/html/research/advisories/AD20050208.html">htt=
p://www.eeye.com/html/research/advisories/AD20050208.html</A> and=20
tell me how easily you could take that information and cook up a =
working=20
exploit.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Randy" <<A =
href=3D"mailto:dev@null.org">dev@null.org</A>> wrote in=20
message <A=20
=
href=3D"news:42d72baa@w3.nls.net">news:42d72baa@w3.nls.net</A>...</DIV>
<DIV><FONT size=3D2>Why do you think Sarbanes-Oxley was passed? =
</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42d70ed8@w3.nls.net">news:42d70ed8@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>the guys at eeye believe making =
exploits=20
public knowledge lowers the value thus the cost that security =
companies=20
can charge customers for that knowledge.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d6d8ee$1@w3.nls.net">news:42d6d8ee$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> No. I =
consider this=20
irresponsible. For all we know folks at eeye do too =
but=20
greed trumps responsibility.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote =
in message=20
<A=20
=
href=3D"news:42d6befe@w3.nls.net">news:42d6befe@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>So you consider this =
responsible=20
behavior?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d6a0c1$1@w3.nls.net">news:42d6a0c1$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> Where do you =
get this=20
taboo nonsense? Look at <A=20
=
href=3D"http://www.eeye.com/html/research/advisories/AD20040615A.html">ht=
tp://www.eeye.com/html/research/advisories/AD20040615A.html</A>=20
and <A=20
=
href=3D"http://www.eeye.com/html/research/advisories/AD20040615B.html">ht=
tp://www.eeye.com/html/research/advisories/AD20040615B.html</A>. =20
These are among the simplest but by far not the only. =
eeye=20
appears to try to provide instructions to exploit in all of=20
these. If you are going to be in denial about this =
behavior of=20
theirs then no wonder you are in denial about the damage =
they=20
cause.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> =
wrote in=20
message <A=20
=
href=3D"news:42d696e9$1@w3.nls.net">news:42d696e9$1@w3.nls.net</A>...</DI=
V><BR><BR>But=20
instead he want's evidence that the exploits eeye has =
discovered=20
over<BR>the past year or so are dangerous, and since =
exploit code=20
is now taboo that<BR>becomes quite difficult to prove =
doesn't=20
=
it?<BR><BR><BR>Geo.<BR><BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCK=
QUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0076_01C58919.163532A0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|