UK ISP threatens security researcher

• Previous message (by thread): UK ISP threatens security researcher
• Next message (by thread): UK ISP threatens security researcher
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 20 Apr 2007, Gadi Evron wrote:

> 
> On Fri, 20 Apr 2007, Simon Lyall wrote:
> > 
> > On Thu, 19 Apr 2007, Gadi Evron wrote:
> > > Looking at the lack of security response and seriousness from this
> > > ISP, I personally, in hindsight (although it was impossible to see
> > > back then) would not waste time with reporting issues to them, now.
> > 
> > These days there is almost never any reason to report a security issue
> > unless you are a professional security researcher who is looking for
> > publicity/work. [1]
> 
> Now, that is off-topic to NANOG.
Just because you disagree with someone's opinion, doesn't make it
offtopic.

> One comment: just because they are not reported does not mean they are
> not used. Proved beyond doubt this past year with all the 0day attacks
> and targeted attacks going on.
I'm not sure if Simon's comment was tongue-in-cheek.

I think if you are referring to "public disclosure", yes, I think there's 
little point of doing this, unless you are seeking attention. Of course, 
reporting a problem to vendor privately always makes sense.

I'm not sure the debate on public disclosure vs private falls under NANOG 
AUP.

-alex

• Previous message (by thread): UK ISP threatens security researcher
• Next message (by thread): UK ISP threatens security researcher
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]