[1404] in linux-security and linux-alert archive
[linux-security] About "tiger team" posts
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Sun Jan 26 16:11:48 1997
To: linux-security@redhat.com
Date: Sun, 26 Jan 1997 15:53:09 -0500
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
-----BEGIN PGP SIGNED MESSAGE-----
All posts regarding "tiger team" are being placed on hold until Rogier
returns from his vacation. At this moment I would like to make a comment
about it. It is clear that the majority of the readers of this mailing list
that submitted messages saying that they would like to join such a team do
not have a clear understanding what tiger teams do and how they do it.
I would like to advise everyone considering to join this effort to find out
what tiger teams are first. As these groups are paid to perform attacks by
friendly forces of specific installations it is highly unlikely that linux
tiger team makes any sense at all. In addition to that please realize that
there are tons of legal implications of disclosing any holed found during
penetration studies peformed by tiger teams. Bottom line: unless you can
afford to hire several lawers you probably do not want to be in it.
The topic of tiger teams was originally brought by Eric Allman. In his
message he is talking about a group of people that would be willing to go
through sendmail source code. If those of you who submitted your requests of
joining the group were refering to that particular activity you should
contact Eric Allman directly but please do not call yourself a tiger team!
Best wishes,
Alex
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMuvFf50afeTWLUSJAQE5TgP/cVyQV2T9bCnfpMlz11B5XcA85oKEd2BX
9gnRdLYJUEbA/mAeQ8ShZKqB6SZgJBWAaVsVzBFYa2KgbpSZlC/fyCsHdhmsA11x
VNJIePBRYYtjiKHbPYqMn+++Z4PFCi1Q+FZT6pcvwlvU0ULMH73qF9ktqvGmIc3O
oVGfRwmK30A=
=25HI
-----END PGP SIGNATURE-----