[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Time to patch Windows boxes with MS08-067

To: n3td3v <xploitable@xxxxxxxxx>
Subject: Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
From: Valdis.Kletnieks@xxxxxx
Date: Fri, 24 Oct 2008 10:51:38 -0400

On Fri, 24 Oct 2008 09:12:36 BST, n3td3v said:

> - why tell the bad guys you're frightened about them.

Umm... perhaps because the bad guys already have frikking exploits and
sharks with laser beams on their heads, and are using this in the wild, so
it doesn't matter that we tell them?

> - why frighten the good guys, and be frightened?

Because *most* people with more than 3 neurons like to be *told* to watch
out because there's frikking sharks with laser beams on their heads.

> - why rate threats to the public domain? why not keep it to yourself,
> it changes nothing apart from create a fear, and then all you have to
> fear is fear its self, when nothing may actually happen to you.

Actually, it changes a *LOT*.  It doesn't create a fear, it also makes
people patch their systems and deploy anti-shark devices.

> i don't even think we should be rating vulnerabilities either, they
> should all be one of the same, we shouldn't rate terrorism threats or
> hacker threat vulnerabilities or security incidents.

There's a 20% possibility of light showers somewhere in Great Britain
this afternoon.

There's a massive thunderstorm cell headed your way, with a 95% chance that
your street will be hit with 2-inch-diameter hail in the next 15 minutes. Seek
shelter immediately.

For those who don't live in areas where hail happens, here's a good video:
http://digg.com/lbv.php?id=8500112&ord=1

You rate those the same in terms of threat level to you?

There's a shark with laser beams on its head somewhere near Glasgow,
and it might be hungry.

There's a shark with laser beams on its head behind your couch, and
it hasn't eaten in two weeks.

You rate those the same in terms of threat level to you?

> is it not obvious to each individual how important something is, and
> allow then to give it their own rate privately, and not have a rate of
> fear that we should all adhere to.

Remember that the average user/admin is almost as clueless about security
as you are, and needs everything spelled out for them.

Attachment: pgppcGcfrKGPH.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
  - From: n3td3v

References:
- Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
  - From: Juha-Matti Laurio
- Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
  - From: n3td3v

Prev by Date: Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
Next by Date: Re: [Full-disclosure] ureleet
Previous by thread: Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
Next by thread: Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
Index(es):
- Date
- Thread