[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Blackout responsibility?

To: John Sec <john_sec_lists@hotmail.com>
Subject: Re: [Full-Disclosure] Blackout responsibility?
From: -SIMON- <simon@snosoft.com>
Date: Mon, 18 Aug 2003 11:15:56 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John,
    Unfortunatley ignorance is bliss and at the same time it is our 
number one vulnerability. The power plant "company officials" will keep 
the real incident a secret as that is in their best interest and our 
best interest.  It is obvious that IF someone is directly responsible 
for this incident then they already know the secret. Disclosure of the 
incident should not happen until the "compay officials" make sure that 
it can not happen again and is patched or repaired. Once the fix is in 
place, disclosure could happen without posing any further risk to our 
country... but will probably not happen for various political and 
business reasons. Don't forget, we live in a capaitalist world and it 
hurts less to say we had a system failure than to say we got hacked.

This just goes to show, a good security audit and plan will almost 
always cost less than a compromise.

- -simon



John Sec wrote:

> ....and if blaster actually *did* have something to do with the 
> blackout, what are the chances that the company officials will give 
> the real reason?  i mean, they would be lucky that a relatively benign 
> worm got to their systems.  it could have been far worse.
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online  
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/QO2wf3Elv1PhzXgRAvwRAJ4sAPjhbIKfQpbUPPszOZ6Rykp6bACdEQvK
1RTYoRNM2obdqpTnqcrEByw=
=IBcN
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Blackout responsibility?
  - From: "John Sec" <john_sec_lists@hotmail.com>

Prev by Date: Re: [Full-Disclosure] FTPServer Denial Of Service Vulnerability
Next by Date: RE: [Full-Disclosure] [UPDATE] ping floods
Prev by thread: [Full-Disclosure] Blackout responsibility?
Next by thread: RE: [Full-Disclosure] Blackout responsibility?
Index(es):
- Date
- Thread