[ On Thu, July 31, 1997 at 09:15:03 (-0700), Michael Dillon wrote: ]
Subject: Re: how to protect name servers against cache corruption
At 3:54 AM -0400 7/31/97, Alexander O. Yuriev wrote:
a. not talk publicly about this lest the cracker community learn too much
Sure. Now how do you propose to make sure that only good guys know about bad things? Mathematically it is impossible. It is a set theory
I don't propose to "make sure" that only good guys know, I just suggest that it is better to not spread the info publicly when you don't know who is listening in. Why make the bad guys job easier?
The bad guys already know. They're often the ones who discover the problems in the first place and even if they aren't you can be sure they'll find out once the "experts" do.. All that happens when people try and restrict information about incidents is that the number of people focusing on the solution is reduced, often drasically to below the critical mass necessary to solve the problem once and for all. The only minor gain that can be had from controlling this information is that egos are less bruised and the truely amateur crackers may not learn of various faults. This is really only useful for those barn-door sized problems where any joe could wander through and wreak havoc even without looking. Now from an operations point of view it may be best to not give away too many details before the experts get a look and definitely don't reveal the impact of a given attack on your organization unless you already have a good handle on it. However this group in particular should be making wide and frequent use of this list and others like it to notify each other (and the experts) of things they should be looking out for and precautions that should be taken. Please do reduce the exposure some of these old myths get though and debunk them as fully as possible. -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>