On Fri, 20 Apr 2007, Gadi Evron wrote:
On Fri, 20 Apr 2007, Simon Lyall wrote:
On Thu, 19 Apr 2007, Gadi Evron wrote:
Looking at the lack of security response and seriousness from this ISP, I personally, in hindsight (although it was impossible to see back then) would not waste time with reporting issues to them, now.
These days there is almost never any reason to report a security issue unless you are a professional security researcher who is looking for publicity/work. [1]
Now, that is off-topic to NANOG.
Just because you disagree with someone's opinion, doesn't make it offtopic.
One comment: just because they are not reported does not mean they are not used. Proved beyond doubt this past year with all the 0day attacks and targeted attacks going on. I'm not sure if Simon's comment was tongue-in-cheek.
I think if you are referring to "public disclosure", yes, I think there's little point of doing this, unless you are seeking attention. Of course, reporting a problem to vendor privately always makes sense. I'm not sure the debate on public disclosure vs private falls under NANOG AUP. -alex