NSP-SEC
Guillaume FORTAINE
gfortaine at live.com
Sat Mar 20 19:56:39 UTC 2010
On 03/20/2010 07:37 PM, William Pitcock wrote:
> On Sat, 2010-03-20 at 20:30 +0200, Hank Nussbacher wrote:
>
>> On Fri, 19 Mar 2010, William Pitcock wrote:
>>
>>
>>> On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
>>>
>>>> An ongoing area of work is to build better closed,
>>>> trusted communities without leaks.
>>>>
>>> Have you ever considered that public transparency might not be a bad
>>> thing? This seems to be the plight of many security people, that they
>>> have to be 100% secretive in everything they do, which is total
>>> bullshit.
>>>
>>> Just saying.
>>>
>> How exactly would being transparent for the following help Internet
>> security:
>>
>> "I am seeing a new malware infection vector via port 91714 coming from the
>> IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page
>> http://www.trythisoutnow.com/. In addition, it has credit card and pswd
>> stealing capabilities and sends the details to a maildrop at
>> trythisoutnow at gmail.com"
>>
>> The only upside of being transparent is alerting the miscreant to change
>> the vector and maildrop.
>>
> That is not what I mean and you know it.
>
> What I mean is: why can't anyone contribute valuable information to the
> security community? It is next to impossible to meet so-called 'trusted
> people' if you're new to the game, which is counter-productive.
>
>
I totally agree with William.
Best Regards,
Guillaume FORTAINE
More information about the NANOG
mailing list