?????? Huh? So and old advisory that says a particular exploit is of little or no risk, which is then changed to high when further explored is good? I do a search and find that one first and say, "hey, no big deal! I won't worry about it." Meanwhile my server is wide open, because of an old advisory which was incorrect???
How is an old advisory better than a new current one? Please explain, I don't understand. Thanks.
-Jordan
I keep seeing this point made. I don't think it's valid. For example, every time Georgi Guninski finds a vulnerability, he lets MS know. MS and Georgi generally post an announcement and fix within a short time frame of one another. Georgi posts his findings, and generally even has an example. So, the indepth advisories are still there. Maybe not from the source, but Georgi's advisories live on. Same with rainforestpuppy, same with many other folks who find vulnerabilities. Give me something better. This argument is invalid.
-Jordan
Huh? This is not an attack on any model. The independant advisories can still be posted by the exploit finder. The fact that a vendor wants to centralize their security information so that it is current is bad? How? I would much rather know I am viewing the most current advisory than one that is a month or even a week out of date. I have to go to their website to download the patch anyway. What's the problem???
Jordan
Preach it brother. I think you have hit the nail on the head.
Part of the problem is on us though. We bent over and took it for all those years, making employers think it was acceptable...
Wow! So your libraries should be carrying Playboy, Playgirl, Penthouse, and any other porn mag. They should also have copies of any hate literature published, The Anarcists Cookbook, and any liturature the general populous might find offensive.
If libraries choose to spend their resources on things I find offensive, I should have the option of not putting my tax dollars towards those purchases. In the same way that I will not contribute my charitable donations to causes I don't beleive in, or find offensive.
I realize, that my offensive threshold might be significantly lower, or higher, than someone elses. This is why the majority of us live in a democracy. I beleive censorship is a community decision. As such, that community has the right to subject their morals on you, should you choose to use a service they provide with their tax dollars.
For those that don't agree with this, DOWN WITH SLASHDOT RATINGS! They are a form of sensorship. You likely won't see this post, because your threshold is set to more than 1. These comments likely won't make it to your browser window. That is sensorship imposed by slashdot readers. I am hoping you see the correlation here.
Should my community not provide some means of sensorship on their library computer internet connections, I likely would not take my child there, or at least keep them away from that area of the library. I don't think my child needs to see some of the things that are likely to be displayed on these terminals.
I don't understand all of this talk about entrapment. If you have a "Beware of Dog" sign on your door and a burglar breaks into YOUR house, and gets attacked by your pitbull, how is that entrapment? You didn't ask him to break in! You warned him.
Your analogy is no good. As system administrators, we are not asking for people to break into our systems. They come and deliberately try to break in.
Now, entrapment would be if you started publishing the IP of the honeypot on IRC and Usenet. The same way that putting adds in the paper that your house has no security and you don't have a dog.
Slashdot Mirror
?????? Huh? So and old advisory that says a particular exploit is of little or no risk, which is then changed to high when further explored is good? I do a search and find that one first and say, "hey, no big deal! I won't worry about it." Meanwhile my server is wide open, because of an old advisory which was incorrect??? How is an old advisory better than a new current one? Please explain, I don't understand. Thanks. -Jordan
I keep seeing this point made. I don't think it's valid. For example, every time Georgi Guninski finds a vulnerability, he lets MS know. MS and Georgi generally post an announcement and fix within a short time frame of one another. Georgi posts his findings, and generally even has an example. So, the indepth advisories are still there. Maybe not from the source, but Georgi's advisories live on. Same with rainforestpuppy, same with many other folks who find vulnerabilities. Give me something better. This argument is invalid. -Jordan
Yep. And they could continue publishing the advisories to Bugtraq and NTbugtraq and just delete all SP's and patches. What's the difference? Same end.
Huh? This is not an attack on any model. The independant advisories can still be posted by the exploit finder. The fact that a vendor wants to centralize their security information so that it is current is bad? How? I would much rather know I am viewing the most current advisory than one that is a month or even a week out of date. I have to go to their website to download the patch anyway. What's the problem??? Jordan
Here's a fix. Apply it. Trust us. We can't tell you what it fixes because then we might be aiding and abbetting a hacker.
This article scares the hell out of me.
Preach it brother. I think you have hit the nail on the head. Part of the problem is on us though. We bent over and took it for all those years, making employers think it was acceptable...
Wow! So your libraries should be carrying Playboy, Playgirl, Penthouse, and any other porn mag. They should also have copies of any hate literature published, The Anarcists Cookbook, and any liturature the general populous might find offensive. If libraries choose to spend their resources on things I find offensive, I should have the option of not putting my tax dollars towards those purchases. In the same way that I will not contribute my charitable donations to causes I don't beleive in, or find offensive. I realize, that my offensive threshold might be significantly lower, or higher, than someone elses. This is why the majority of us live in a democracy. I beleive censorship is a community decision. As such, that community has the right to subject their morals on you, should you choose to use a service they provide with their tax dollars. For those that don't agree with this, DOWN WITH SLASHDOT RATINGS! They are a form of sensorship. You likely won't see this post, because your threshold is set to more than 1. These comments likely won't make it to your browser window. That is sensorship imposed by slashdot readers. I am hoping you see the correlation here. Should my community not provide some means of sensorship on their library computer internet connections, I likely would not take my child there, or at least keep them away from that area of the library. I don't think my child needs to see some of the things that are likely to be displayed on these terminals.
How do you open souce something? What is open souce?
Your analogy is no good. As system administrators, we are not asking for people to break into our systems. They come and deliberately try to break in.
Now, entrapment would be if you started publishing the IP of the honeypot on IRC and Usenet. The same way that putting adds in the paper that your house has no security and you don't have a dog.