[123999] in North American Network Operators' Group
Re: NSP-SEC
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Mar 19 10:20:34 2010
To: Guillaume FORTAINE <gfortaine@live.com>
In-Reply-To: Your message of "Fri, 19 Mar 2010 04:43:18 BST."
<BLU0-SMTP351F9EF4908E929AAF749DC82A0@phx.gbl>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 19 Mar 2010 10:19:26 -0400
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1269008366_4396P
Content-Type: text/plain; charset=us-ascii
On Fri, 19 Mar 2010 04:43:18 BST, Guillaume FORTAINE said:
> First question : Why was I able to find this mail on the Internet if it
> should be kept secret ?
Congratulations. You found an example of a mailing list where applying a
standard disclaimer by default *does* make sense, which then got forwarded
*by a coordination team leader at a national CERT* to an appropriate forum
so that action could be taken, but failed to take the disclaimer off the
bottom of that posting.
Double bonus points for finding a posting that discussed something *really*
sensitive, like "we've seen bots connecting to...". You *do* realize that
there's an estimated 140,000,000 bots on the net, right, and as a result,
some operation lists have *dozens* of "bots spotted connecting to" postings
*per day*.
And you wonder why you have a hard time being taken seriously.
--==_Exmh_1269008366_4396P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFLo4fucC3lWbTT17ARAhZjAKDF+U4zLxziV9LIDO/FugdXhmeDqQCg3fDg
bjyG9lLenUehmDiQLAl+0cA=
=ud+P
-----END PGP SIGNATURE-----
--==_Exmh_1269008366_4396P--
