UK ISP threatens security researcher
alex at pilosoft.com
alex at pilosoft.com
Fri Apr 20 14:31:52 UTC 2007
On Fri, 20 Apr 2007, Gadi Evron wrote:
>
> On Fri, 20 Apr 2007, Simon Lyall wrote:
> >
> > On Thu, 19 Apr 2007, Gadi Evron wrote:
> > > Looking at the lack of security response and seriousness from this
> > > ISP, I personally, in hindsight (although it was impossible to see
> > > back then) would not waste time with reporting issues to them, now.
> >
> > These days there is almost never any reason to report a security issue
> > unless you are a professional security researcher who is looking for
> > publicity/work. [1]
>
> Now, that is off-topic to NANOG.
Just because you disagree with someone's opinion, doesn't make it
offtopic.
> One comment: just because they are not reported does not mean they are
> not used. Proved beyond doubt this past year with all the 0day attacks
> and targeted attacks going on.
I'm not sure if Simon's comment was tongue-in-cheek.
I think if you are referring to "public disclosure", yes, I think there's
little point of doing this, unless you are seeking attention. Of course,
reporting a problem to vendor privately always makes sense.
I'm not sure the debate on public disclosure vs private falls under NANOG
AUP.
-alex
More information about the NANOG
mailing list