[124033] in North American Network Operators' Group
Re: NSP-SEC
daemon@ATHENA.MIT.EDU (Guillaume FORTAINE)
Sat Mar 20 15:57:27 2010
Date: Sat, 20 Mar 2010 20:56:39 +0100
From: Guillaume FORTAINE <gfortaine@live.com>
To: nanog@nanog.org
In-Reply-To: <1269110278.1220.147.camel@petrie>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 03/20/2010 07:37 PM, William Pitcock wrote:
> On Sat, 2010-03-20 at 20:30 +0200, Hank Nussbacher wrote:
>
>> On Fri, 19 Mar 2010, William Pitcock wrote:
>>
>>
>>> On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
>>>
>>>> An ongoing area of work is to build better closed,
>>>> trusted communities without leaks.
>>>>
>>> Have you ever considered that public transparency might not be a bad
>>> thing? This seems to be the plight of many security people, that they
>>> have to be 100% secretive in everything they do, which is total
>>> bullshit.
>>>
>>> Just saying.
>>>
>> How exactly would being transparent for the following help Internet
>> security:
>>
>> "I am seeing a new malware infection vector via port 91714 coming from the
>> IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page
>> http://www.trythisoutnow.com/. In addition, it has credit card and pswd
>> stealing capabilities and sends the details to a maildrop at
>> trythisoutnow@gmail.com"
>>
>> The only upside of being transparent is alerting the miscreant to change
>> the vector and maildrop.
>>
> That is not what I mean and you know it.
>
> What I mean is: why can't anyone contribute valuable information to the
> security community? It is next to impossible to meet so-called 'trusted
> people' if you're new to the game, which is counter-productive.
>
>
I totally agree with William.
Best Regards,
Guillaume FORTAINE
