Hello Scott , On Mon, 18 Aug 2003, Scott McGrath wrote:
A measured response is needed. Obviosly we do not want the vulnerabilities disclosed to bored teenagers looking for "excitement". We need controlled access to this data so that those of us who need the data to fix vulnerabilities can gain access to it but access is denied to people without a legitimate need for the data. And my statement would be , And who is that authority ? The government ? The Utilities ? The ... ?
The "Dig Safe" program might be a good model for controlling access to Sean's work. This would not preclude further scholarship on Sean's work but it would keep the data out of the hands of the 31337 crowd. Huh ?, Try this on for size , "Hello , I am joe's contracting service & I have a building permit(I do) and I need to dig at ..." If I remeber correctly the "Dig Safe" program will give me the info without so much as a check on the permit or my company name .
But , Something (may) need to be put in place . I for one am not a great fan of any group of "X" that has a vested interest in keeping the information out of the public hands as being the ones to administer or setup or even give suggestions to a body who'd be involved in setting up such a commitee/org./... I'd really like to see a "Public" forum be used to take suggestions from the PUBLIC (ie: you & I & that neighbor you hate so well) for the guide lines as to who &/or when such info s/b released . Not the Gov. or the Util Alone .
On Sun, 17 Aug 2003, Sean Donelan wrote:
So, the US Government wants to classify Sean Gorman's student project. The question is did Mr. Gorman's maps divulge the vulnerability in the East Coast power grid that resulted in the blackouts this week? Would it be better to know about these vulnerabilities, and do something about them; or is it better to keep them secret until they fail in a catastrophic way? Twyl , JimL -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network Engineer | P.O. Box 854 | Give me Linux | | babydr@baby-dragons.com | Coudersport PA 16915 | only on AXP | +------------------------------------------------------------------+